Security Foundations for Software Development (SDLC) - Course Outline | Cyber Defense Institute Inc.
|
Security Foundations for Software Development (SDLC) |
 |
 |
 |
|
To date, most security activity has focused on securing infrastructure such as firewalls or network access controls. Although the base infrastructure is very important, it does not address every security concern as over 80% of all security breaches are application related. Developers must realize that on-line attackers can not only penetrate networks, but can penetrate and misuse applications. Thus, organizations need to put just as much effort into securing applications, and must design security into applications.
The purpose of this course is to assist your organization in building security into their information systems and software development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This course focuses on the information security components of the Software Development Life Cycle (SDLC). Participants will receive a toolset to incorporate security within SDLC efforts.�
Prerequisites: Participants should have a working knowledge of software development programming languages and the phases of the Software Development Life Cycle (SDLC).
Course details are provided below and are also available in PDF format.
�
REGISTER HERE
COURSE DETAILS
Course Outline:
Reality Checks
- Examples of Major Attacks/Breaches
- Facts and Figures
- Cost of Security Bugs
- Difficulties in Defending Against Attacks
- Who is being attacked?
Software Development Life Cycle (SDLC) Basics
- SDLC Overview
- Security Activities within SDLC
- Roles within SDLC and Security
- Importance of Pairing Security Activities within SDLC
- NIST and Special Publications
Security in SDLC Phase 1 � Initiation
- Major Security Activities within SDLC Phase 1
- Confidentiality, Integrity, Availability (CIA)
- Information Classification in terms of MAC and CONF
- Basic Business Impact Analysis
- Privacy Impact
- Ensuring Secure Information System Development
- Case Study 1
Security in SDLC Phase 2 -- Development/Acquisition
- Security Control Layers and Types
- Principles of Risk casino Assessment
- Security Risk Analysis
- Identifying Threats
- Linking Threats to CIA
- Determining the Risk Factor
- Selecting Security Controls to Countermeasure Risks
- Secure Coding Principles
- Updating the Status of Countermeasures
- Penetration Testing
- Case Study 2
|
Security in SDLC Phase 3 � Implementation/Assessment
- Certification Standards
- Accreditation Standards
- Certification and Accreditation Phases
- Case Study 3
Security in SDLC Phase 4 -- Operation/Maintenance
- Configuration Management, Change Control, Auditing
- Continuous Monitoring
- Recertification
- Reaccreditation
- Incident Handling
- Auditing
- Intrusion Detection and Monitoring
- Contingency Plan Testing
- Continuity of Operations Plan
Security in SDLC Phase 5 -- Disposal
- Develop Disposal/Transition Plan
- Ensure Information Presentation
- Sanitize Media
- Disposal of Hardware and Software
- Close System
Summary and Review
- Resources and Appendixes
- Online LMS Resources
- Course Length: 1 day
- Tuition: $ 799 per student
- Group discounts available
- On-site training available
- Custom content available
|
�
REGISTER HERE
|
