Clarification and Summary CSSLP - ISC澄清和总结csslp - ISC.ppt

W. Hord Tipton, CISSP-ISSEP, CAP, CISA (ISC)2 Executive Director Global leaders in certifying and educating information security professionals with the CISSP? and related concentrations, CAP? and SSCP?. Established in 1989 – not-for-profit consortium of industry leaders. More than 60,000 certified professionals in over 135 countries. Board of Directors - top information security professionals worldwide. All of our information security credentials are accredited ANSI/ISO/IEC Standard 17024 and were the first technology-related credentials to receive this accreditation. Over 70% of breaches of security vulnerabilities exist at the application level.* * Gartner Group, 2005 What is the CSSLP? Certified Secure Software Lifecycle Professional (CSSLP) Base credential Professional certification program Takes a holistic approach to security in the software lifecycle Tests candidates competency (KSAs) to significantly mitigate the security concerns Purpose The purpose of the Certification is to provide a credential that speaks to the individual’s understanding of and ability to deliver secure software through the use of best practices. The target professionals for this Certification would be anyone who is directly and in some cases indirectly, involved in the Software Lifecycle. Software Lifecycle Stakeholder Chart Top Management IT Manager Business Unit Heads Developers/ Coders Client Side PM Industry Group Delivery Heads Business Analysts Quality Assurance Managers Technical Architects Project Managers/ Team Leads Software LifecycleStakeholders Secondary Target Primary Target Influencers Application Owners Security Specialists Auditors Market Drivers Security is everyone’s responsibility Software vulnerabilities have emerged as a major concern Off shoring of software development Software is often not developed with security in mind Desire to meet growing industry needs Certified Secure Software Lifecycle Professional (ISC)2 CSSLP CBK Domains Secure