Business Issues -> Security & Risk
Released: 4th April 2013
London, UK – 4th April 2013 - To address the growing number of threats arising from widening security gaps in the software supply chain, (ISC)2® (“ISC-squared”), the world’s largest not-for-profit information and software security professional body and administrators of the CISSP®, has added a new domain to its Certified Secure Software Lifecycle Professional (CSSLP) credential exam. The new Domain, titled “Supply Chain and Software Acquisition”, captures the activities within each phase of the software lifecycle that must occur to mitigate Supply Chain Risk.
The CSSLP is the only certification in the industry designed to ensure that security is considered throughout the entire software development lifecycle. From concept and planning through operations and maintenance to the ultimate disposal, it establishes industry standards and best practices for building security into each phase. The domains, or key areas covered by the exam, include:
The new eighth domain validates that an individual perform the activities necessary when acquiring software to ensure the proper security measures are implemented. Key elements to supply chain risk that CSSLP candidates must know include:
The largest gap between information security risk awareness and response exists in the software development discipline. According to the recently released 2013 (ISC)² Global Information Security Workforce Study, which surveyed 12,394 information security professionals from around the world:
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director for (ISC)², commented, “Our data shows that the frequency of software acquisition and outsourcing are increasing dramatically. The CSSLP is an excellent vehicle for professionals and organisations to validate and maintain the most sought-after skills of the secure software workforce. By adding this new domain, we are hoping to enhance a professional’s ability to secure the supply chain and decrease breaches attributable to insecure software.”
For more information about the CSSLP, the new domain or to register for the exam, please visit www.isc2.org/csslp.
 2013 (ISC)2 Global Information Security Workforce Study https://www.isc2cares.org/IndustryResearch/GISWS/
Service Delivery Executive
Tel: +44 (0)1522 883640
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761