(ISC)2 Launches New Software Security Certification – CSSLP

(ISC)2 announced the release of a brand new certification, entitled the Certified Secure Software Lifecycle Professional (CSSLP), to address educating and certifying people on various aspects of software security.

Covering topics from Secure Software Concepts to Secure Deployment and Operations, weaving through Requirements, Design, Development, Testing and Acceptance, this certification is a welcome addition to the already existing gold standard certifications that (ISC)2 administers such as the CISSP, SSCP, CAP, CISSP-MP/AP/EP.

More information about CSSLP can be found at https://www.isc2.org/csslp
A whitepaper on the Need for Secure Software can be found at https://www.isc2.org/download/CSSLP-white-paper.pdf

OWASP AppSec India – Keynote and Training

My keynote address on “Application Security Trends and Challenges”  and the training session on “Advanced Threat Modeling” went well and a few friends have posted some comments about their experience.

Check it out.
http://armorize-cht.blogspot.com/2008/09/owasp-appsec_22.html
http://projectbee.org/blog/archive/owasp-appsec-conf-delhi-day-2-and-more/
http://projectbee.org/blog/archive/owasp-appsec-conf-delhi-day-1/

(ISC)2 Official CISSP Practice Exams and (ISC)2 Official SSCP Practice Exams

(ISC)² is dedicated to creating new value-added services for its prospective and more than 50,000 current members worldwide. One of the most exciting of these is studISCope, our online self-assessment tool that helps candidates assess their knowledge of the CISSP or SSCP CBK^®. Together with our partner, Express Certifications – a company renowned for developing innovative testing and training techniques – (ISC)² can now maximize your learning experience and focus your study efforts more precisely along whichever information security career path you choose.

Read More

Top 3 Questions in the Board Room …

Are there other questions (than the ones listed below) that take more precedence that an Information Security Professional/Leader/Executive needs to be able to answer in the board room? If so, please respond …

1. What is the Revenue to the company?
2. What is the Cost to the company?
3. What are the Risks to the company?

Additionally thoughts on how these questions can be answered from an information security perspective is welcome.

2007 – The Year of …

1982 Machine of the Year was the Computer and the 2006 year end issue of Time magazine has ”You” - the IT Professional as the Person of the Year.

With the continued focus and increased attention on information security, many information security professionals find themselves to be in constant demand. What makes these InfoSec Professionals to be sought after? (See DNA of an effective InfoSec Professional) and the real question would be will 2007 be not just the Year of “You-the IT Professional” but also the Year of the “InfoSec” Professional?

DNA of an effective InfoSec Professional?

Just wondering, in today’s day and age, what constitutes the DNA of an effective InfoSec Professional -
Is it one who is versatile with a breadth of experience across various technology or is it someone who is super specializes in one area of security? Is it one with an entreprenuerial spirit, a visionary, …

I would like to compile various opinions as to what one thought was the DNA of an effective InfoSec Professional

Merriam-Webster defines effective as “producing a decided, decisive, or desired effect”