CSSLP domain help?!?!?!
Got this email today from (ISC)2 regarding CSSLP:
I have a question regarding the domains though, for example domain 1:
Key Areas of Knowledge
A. Confidentiality, Integrity, Availability
B. Authentication, Authorization, and Auditing
C. Security Design Principles
A, B, C1, C2: From a software developer view or a security view in general?
I'm trying to see if I have enough experience to become endorsed. I called the number and spoke with the guy who is booking the event but he couldn't answer my questions. I called (ISC)2 services and spoke to two different individuals and they assumed yes but even they said the domains are pretty vague.
[SNIP]
I have a question regarding the domains though, for example domain 1:
Key Areas of Knowledge
A. Confidentiality, Integrity, Availability
B. Authentication, Authorization, and Auditing
C. Security Design Principles
- C.1 Least Privilege
- C.2 Separation of Duties
- C.3 Defense in Depth
- C.4 Fail Safe
- C.5 Economy of Mechanism
- C.6 Complete Mediation
- C.7 Open Design
- C.8 Least Common Mechanism
- C.9 Psychological Acceptability
- C.10 Weakest Link
- C.11 Leveraging Existing Components
A, B, C1, C2: From a software developer view or a security view in general?
I'm trying to see if I have enough experience to become endorsed. I called the number and spoke with the guy who is booking the event but he couldn't answer my questions. I called (ISC)2 services and spoke to two different individuals and they assumed yes but even they said the domains are pretty vague.
BS in IT: Information Assurance and Security (Capella) CISSP, GIAC GSEC, Net+, A+
Comments
-
JDMurray Admin Posts: 13,099 AdminThe experience for the CSSLP is in working directly with the Secure Software Development Life Cycle (SSDLC) for lat least 4-5 years. I never went for the CSSLP because in 25 years of being paid to write software, I've never been on a project that was interested in secure coding and quality assurance practices. Knowing software engineering and knowing InfoSec is not enough; you need to have worked with them together to produce secure software.