Автор: | Mike Chapple |
Издательство: | John Wiley & Sons Limited |
Серия: | |
Жанр произведения: | Зарубежная компьютерная литература |
Год издания: | 0 |
isbn: | 9781119786245 |
href="#u1b48377b-7af8-5c8a-9a23-f9b26030ec38">18
7.13
Participate in Business Continuity (BC) planning and exercises
3
7.14
Implement and manage physical security
10
7.14.1
Perimeter security controls
10
7.14.2
Internal security controls
10
7.15
Address personnel safety and security concerns
16
7.15.1
Travel
16
7.15.2
Security training and awareness
16
7.15.3
Emergency management
16
7.15.4
Duress
16
Domain 8
Software Development Security
8.1
Understand and integrate security in the Software Development Life Cycle (SDLC)
20
8.1.1
Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps)
20
8.1.2
Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))
20
8.1.3
Operation and maintenance
20
8.1.4
Change management
20
8.1.5
Integrated Product Team (IPT)
20
8.2
Identify and apply security controls in software development ecosystems
15, 17, 20, 21
8.2.1
Programming languages
20
8.2.2
Libraries
20
8.2.3
Tool sets
20
8.2.4
Integrated Development Environment (IDE)
20
8.2.5
Runtime
20
8.2.6
Continuous Integration and Continuous Delivery (CI/CD)
20
8.2.7
Security Orchestration, Automation, and Response (SOAR)
17
8.2.8
Software Configuration Management (SCM)
20
8.2.9
Code repositories
20
8.2.10
Application security testing (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST))
15
8.3
Assess the effectiveness of software security
20
8.3.1
Auditing and logging of changes
20
8.3.2
Risk analysis and mitigation
20
8.4
Assess security impact of acquired software