Security Operations & Software Development Security

Welcome to this course: CISSP Certification Domain 7 & 8: Security Operations & Software Development Security. Security operations pertains to everything that takes place to keep networks, computer systems, applications, and environments up and running in a secure and protected manner.
This course covers security in operations including physical and environmental security, equipment security, and monitoring activities. The core concepts in the operations security are covered with suitable illustrations.
Security operations consists of ensuring that people, applications, and servers have the proper access privileges to only the resources to which they are entitled and that oversight is implemented via monitoring, auditing, and reporting controls.
Operations take place after the network is developed and implemented. This includes the continual maintenance of an environment and the activities that should take place on a day-to-day or week-to-week basis.
These activities are routine in nature and enable the network and individual computer systems to continue running correctly and securely. Software is usually developed with a strong focus on functionality, not security.
This course also covers foundational concepts in various software development life cycle models, and it discusses security requirements in software development processes and assurance requirements in the software.
In many cases, security controls are bolted on as an afterthought (if at all). To get the best of both worlds, security and functionality would have to be designed and integrated at each phase of the development life cycle.
Security should be interwoven into the core of a product and provide protection at the necessary layers. This is a better approach than trying to develop a front end or wrapper that may reduce the overall functionality and leave security holes when the software has to be integrated into a production environment.
In this course, you’ll learn:

• Understand and support investigations
• Understand requirements for investigation types
• Conduct logging and monitoring activities
• Securely provisioning resources
• Understand and apply foundational security operations concepts
• Apply resource protection techniques
• Conduct incident management
• Operate and maintain detective and preventative measures
• Implement and support patch and vulnerability management
• Understand and participate in change management processes
• Implement recovery strategies
• Implement Disaster Recovery (DR) processes
• Test Disaster Recovery Plans (DRP)
• Participate in Business Continuity (BC) planning and exercises
• Implement and manage physical security
• Address personnel safety and security concerns
• Understand and integrate security in the Software Development Life Cycle (SDLC)
• Identify and apply security controls in development environments
• Assess the effectiveness of software security
• Assess security impact of acquired software
• Define and apply secure coding guidelines and standards