Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008



Similar documents
Update on the CSSLP And its Impact on the SDLC Profession. Hart Rossman, CSSLP Member, (ISC) 2 Application Security Advisory Board

Software Development: The Next Security Frontier

Information Security Principles and Practices

The Next Generation of Security Leaders

Security Transcends Technology

Access FedVTE online at: fedvte.usalearning.gov

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Information Systems Security Engineering Professional (ISSEP)

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES & GUIDELINES

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

The Value of Information Security Certifications

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance

Certification and Training

WCA WEBINAR SERIES: The Case for Cyber Security Training

Certification for Information System Security Professional (CISSP)

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

ISSECO Syllabus Public Version v1.0

Information Security Specialist Training on the Basis of ISO/IEC 27002

FITSP-Auditor Candidate Exam Guide

CompTIA CASP Pre-approved Training for CompTIA CASP Continuing Education Units (CEUs)

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright Security Compass. 1

The Need for Secure Software

Domain 5 Information Security Governance and Risk Management

Social Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

HealthCare Information Security and Privacy Practitioner (HCISPP) Briefing Paper. Piloted by the Cyber Security Programme

Software Assurance: A Kaleidoscope of Perspectives. Mano Paul, CSSLP, CISSP, AMBCI, MCAD, MCSD, Network+, ECSA

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Guide to information security certifications. SearchSecurity.com's guide to vendor-neutral security certifications

Forensic Certifications

IT S A FUNNY THING ABOUT OFFICIAL CERTIFICATES

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages

All about CPEs. David Gittens CISA CISM CISSP CRISC HISP

Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid

InfoSec Academy Application & Secure Code Track

The CCM Designation is the Means by Which the Profession:

Learning objectives for today s session

Understanding the Federal IT Security Professional (FITSP) Certification

The Evolution of Application Monitoring

Network Security Testing

The Ten Best Practices for Secure Software Development

Defending against modern threats Kruger National Park ICCWS 2015

Security Certifications. A Short Survey. Welcome. Stan Reichardt stan2007@sluug.org

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Cyber Defense Operations Graduate Certificate

Certification. Is it Right for You? 2013 Micron Technology, Inc. February 12, 2014

Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.

Release: 1. ICA60308 Advanced Diploma of Information Technology (E-Security)

The National Skills Academy for IT. Cyber Security

CompTIA Security+ Pre-approved Training for CompTIA Security+ Continuing Education Units (CEUs)

Shon Harris s Newly Updated CISSP Materials

Secure Development LifeCycles (SDLC)

Big 4 Information Security Forum

Cyber R &D Research Roundtable

Application for CISM Certification

IT Security Management 100 Success Secrets

KEY TRENDS AND DRIVERS OF SECURITY

SCOPING QUESTIONNAIRE FOR PENETRATION TESTING

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Vulnerability management lifecycle: defining vulnerability management

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

ASK PC Certified Information Systems Security Expert - CISSE

Need Assistance selecting an EMR/EHR? OCR Launches Full Scale HIPAA Audits in 2013 Are you ready for a HIPAA Audit?

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

(ISC)² Foundation Announces 2014 Information Security Scholarship Recipients

BUILD YOUR CYBERSECURITY SKILLS WITH NRB

Certified Software Development Associate (CSDA)

Leveraging OWASP to Reduce Web App Data Breach Risk

LINUX / INFORMATION SECURITY

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

FedVTE Course Library

Insert Client Name Request for Proposal for Security Risk Assessment Services Consulting

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

Information Systems Security Certificate Program

Transcription:

Information Security and Privacy Lynn McNulty, CISSP Advisory Board November 2008

Global leaders in certifying and educating information security professionals with the CISSP and related concentrations, CAP and SSCP. Established in 1989 not-for-profit consortium of industry leaders. More than 60,000 certified professionals in over 135 countries. Board of Directors - top information security professionals worldwide. All of our credentials are accredited ANSI/ISO/IEC Standard 17024 and were the first technology-related credentials to receive this accreditation.

Over 70% of breaches of security vulnerabilities exist at the application level.* * Gartner Group, 2005

Why Attack Applications? Attacking systems became harder Perimeter defenses improved Attacking applications became easier Application software became vulnerable and more exploitable

What is the Answer? No single answer Variety of solutions The following are addressing software development in a variety of ways: IEEE: CSDA and CSDP (Software development) SANS: GSSP-C, GSSP-J (Language specific/secure coding) ISSECO: CSSE (Entry level education program with certificate of completion DHS: Software Assurance Initiative (Awareness Program/Forum) OWASP PCP (Web Application Development Security Certification) Vendor-Specific (ex: Microsoft, Symantec) based on internal lifecycle processes/technology specific There is no indication that these organizations are addressing the content areas in the same manner as (ISC)².

The (ISC)² Approach The CSSLP? Certified Secure Software Lifecycle Professional (CSSLP) Base credential Professional certification program Addresses security in the software lifecycle Takes a holistic approach to security in the software lifecycle Tests candidates competency (KSAs) to significantly mitigate the security concerns

Purpose The purpose of the Certification is to provide a credential that speaks to the individual s ability to contribute to the delivery of secure software through the use of best practices. The target professionals for this Certification would be those who are involved in the Software Life Cycle activities.

Overview of (ISC)² Software Assurance Certification Auditors Client Side PM Industry Group Delivery Heads Business Analysts Top Management Software Lifecycle Stakeholders Business Unit Heads IT Manager Security Specialists Application Owners Quality Assurance Managers Technical Architects Developers/ Coders Project Managers/ Team Leads Influencers Primary Target Secondary Target

Market Drivers Has emerged as a global concern Off shoring of software development Minimize the potential for human error Software is not developed with security in mind Desire to meet growing industry needs

Certified System Security Lifecycle Professional Scope (ISC)² CSSLP CBK Domains Secure Software Concepts Secure Software Requirements Secure Software Design Secure Software Implementation/Coding Secure Software Testing Software Acceptance Software Deployment, Operations, Maintenance, and Disposal

CSSLP Certification Requirements By Experience Assessment: Experience assessment will be open through 3/30/09 Can be done on-line only Candidate will be required to submit: Experience Assessment Application Candidate agreement and agree to adhere to (ISC)² Code of Ethics Detailed resume of experience Four (4) essays detailing experience in four (4) of the following knowledge areas Applying Security concepts to Software Development Software Design Software Implementation/Coding Software Testing Software Acceptance Software Deployment, Operations, Maintenance, and Disposal Fee of $650 with submission of applications

CSSLP Certification Requirements By Examination: The first public exam will be held at the end of June 2009 Candidate will be required to submit: Completed examination registration form Signed candidate agreement and agree to adhere to the (ISC)² Code of ethics Proof of 4 years of FTE experience in the Software Development Lifecycle (SDLC) Process or 3 years experience plus a one year waiver of experience for 4 year degree or equivalent in an IT related field Pay a Fee of $549 early-bird and $599 standard Candidate will be required to Pass the official (ISC)² CSSLP certification examination Complete the endorsement process The Associate of (ISC)² Program will apply to those who have passed the exam but will need to acquire the necessary minimum experience requirements

CSSLP Recertification Requirements Pay AMF s annually ($100.00) Earn and submit a minimum of 15 CPE s annually Earn and submit 90 CPE s by the end of the 3-year certification cycle Adhere to the Code of Ethics

Future of CSSLP International Marketing Efforts ANSI/ISO/IEC17024 accreditation Maintenance activities Cert Education Program

For more information, please contact: Tony Baratta, (ISC)² Director of Professional Programs tbaratta@isc2.org OR Vehbi Tasar, (ISC)² Manager of Professional Programs vtasar@isc2.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information