CSSLP Cert Prep: 2 Secure Software Requirements

Learn how to define and validate security requirements for applications as you prepare for the second domain of the CSSLP exam: Secure Software Requirements.

Specific, achievable security requirements are critical ingredients in the creation of any application. In this course, the second installment in the CSSLP Cert Prep series, instructor Jerod Brennen dives into the subject of security requirements to prepare you for the second domain of the Certified Secure Software Lifecycle Professional (CSSLP) exam: Secure Software Requirements. Jerod discusses how to properly define what an app must be and do in order to remain secure. He covers how to approach security, privacy, and data classification requirements for applications. Plus, he goes over how to validate your requirements, including how to use a security requirement traceability matrix (SRTM) to determine how well an app adheres to your security requirements.

Introduction

• Determining security requirements

1. Security Requirements

• Functional requirements
• Nonfunctional requirements
• Policy decomposition
• Legal, regulatory, and industry

2. Privacy Requirements

• Security vs. privacy
• Data anonymization
• User consent
• Disposition

3. Data Classification Requirements

• Data ownership
• Labeling
• Types of data
• Data life cycle

4. Validating Your Requirements

• Misuse and abuse cases
• Software requirement specifications
• Security requirement traceability matrix

Conclusion

• Next steps