Define and Apply Secure Coding Guidelines and Standards In this section of this tutorial, we'll take a look at defining and applying secure coding guidelines and standards to help you understand the different aspects of secure coding. Organizations that develop software, need to develop policies and standards regarding the development of source code to [...]
Assess Security Impact of Acquired Software When an organization combines with or purchases another organization, the acquired source code, repository access and design, and intellectual property should analyze and review to assess security. Also, the phases of the development cycle should review. There are some use cases that bear further discussion: Open source: Never [...]
Assess the Effectiveness of Software Security In this section of this tutorial, we'll take a look at assessing the effectiveness of software security . These days, one of the most important aspects of cyber security is assessing the effectiveness of application security. Once the application is ongoing and software has been programmed, the next [...]
Identify and Apply Security Controls in Development Environments Organizations must be able to take multiple levels of risk mitigation to protect the code, as well as the applications. In this section of this tutorial, we'll take a look at security controls in development to help you understand the different aspects of security controls in [...]
Understand & Integrate Security in the Software Development Life Cycle (SDLC) SDLC of course sometimes called software development methodology (SDM) also. Anyway, SDLC refers to all the steps required to develop software and systems from conception through implementation, support, and (ultimately) retirement. These days, one of the most important aspects of cyber security is [...]
Software Development Security Domain We discuss about managing the risk and security of software development in this domain. This domain represents 10 percent of the CISSP certification exam. Software and data are the foundation of information processing. So, you as a CISSP candidate must understand the principles of software security controls, software development, and software [...]
Address Personnel Safety and Security Concerns And finally we have reached the last part of this domain. In this section of this tutorial, we'll take a look personnel safety and security concerns to help you understand the different aspects of personnel safety. We discuss in this section that how to make sure that employees [...]
Implement and Manage Physical Security Physical security is yet another important aspect of the security professional’s responsibilities, and refers to securing physical assets such as land, buildings, computers, and other company property. We've discussed about important physical security concepts and technologies in detail before. If you need to refer to the contents of these [...]
Participate in Business Continuity Planning (BCP) and Exercises Business continuity focuses on a business operating with minimal or no downtime. At result, It also includes disaster recovery. We can say that business continuity is a strategy while disaster recovery is a tactic. In this section of this tutorial, we'll take a look at business [...]