Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our secure software design module. There are security architecture models which will specify how you can control access to your system resources. You need to make sure that you have adequate security controls in every system, and these controls should be considered from the earliest stages of development.
Security must be considered and included in every step of the software development life cycle. You should make sure that all of the team members involved in your development projects are aware of security at all phases. And you should make sure to document all of your security relevant decisions.
You should have a security software architect, or project manager, or information assurance officer, who is responsible for translating your business requirements into solutions that are secure, and also meet your needs, and manage the expectations of all of the individuals involved in the process. It is very important that your assets are protected, and that you also align this with the priorities of your management team.
This individual should be a good communicator, an analyst, a good negotiator, and should be able to interface with customers. They will be responsible for team accountability, as well as meeting required milestones. For the CISSP examination, you should remember that security must be considered at each step of the software development life cycle, and that security must be built into the system as early as possible, in order for it to be effective.
There are several different models used to manage the software development process which will appear on the CISSP examination. All of these models have the same basic processes involved in them. They all begin with a project initiation phase, which is where a risk analysis must be conducted to determine any risks that may be involved in the process.
Then next phase is the functional design analysis and planning phase where you determine the requirements for the system or software that you're designing. During the system designs specifics phase, you will actually design specifications for the system, and then move on to the software development phase, where the programmers will begin writing the code for the program.
Once the code has been written, you will then move on to the installation phase where the system will be installed, tested, and implemented into the organization. You will then move on to the operational and maintenance phase, where you keep the system up to date to prevent any new threats that may come out, and also respond to any incidents that may occur.
Once the system is end of life and you will no longer be using it anymore, you will then move over to the disposal phase, where you will take steps to properly dispose of the software. The operation and maintenance phase and the disposal phase are only part of the software life-cycle model and are not part of the software development life-cycle model.
Software engineering involves techniques for effectively designing and maintaining computer code, and making sure that the structure is documented. You can use a document management system to maintain paperwork, but you use a secure code library, which is a secure repository for maintaining computer code. Your programmers will check in and check out the code as they need to work on it.
It is important to make sure that you have source code documentation, so that the people who write the code, and maintain the code, can understand what is going on with the software. You should have design documents and comments inside the code, so that if a new individual is going to work on the code, they can understand how it functions.
You should also have documentation for the users of the software that you develop. This will make it easier for the end users to understand the application. Documentation is very important and you should remember for the CISSP examination, that you should have understandable documentation which explains how the source code functions.
When you're dealing with project management you will often have constraints that you need to be concerned with. These are generally costs involved in the project, the amount of time you have to complete the project, as well as function and performance goals that are placed on the project. Security is not always considered in the project, however, it is very important to make sure that security and documentation are implemented from the beginning of the project.
Programmers are almost always under pressure to meet different time goals, or to keep the project under a certain cost. Generally with programming, the software can be either, cheap, quick, usable or secure, and you can only choose two of those options. So it can be cheap and quick, but it will not be secure, or it can be secure and done quickly, but it will not be cheap.
So depending on your budget, you'll have to select two of these items. However security is critical, and even if it costs extra money, or takes longer to design the product, it can save a lot of trouble in the future. Technical debt is common with programming where programmers say that they want to hit a milestone and make their bosses happy, and they'll get to some other part of the project later.
Generally, the quality is put off for a future iteration. They just try to get the software completed as quick as possible, and then they decide that they'll fix it in the future. Managers are generally pushing the developers to get the software done as soon as possible, and say that they can figure it out any problems at the later time.
This is obviously not a good way to design software, and you should take time to make sure that you complete the product successfully, rather than have it done quickly. You'll generally have a team approach to producing some type of software or other product. The integrated product and process development team or IPPD is responsible for keeping track of the big picture. Management is responsible for integrating all of your acquisition activities, and these teams are multidisciplinary, and they collaborate in order to optimize the process needed to deliver the project on time. Your integrated product team or IPT is a multidisciplinary group of people who are responsible for making sure that they deliver a defined product or process.
Your DevOps team has highly experienced troubleshooters and quality assurance staff members, and works to make sure that development and IT operations are based on collaboration, integration, and communication which are agile principles. This concludes our secure software design module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!