Software Deployment and Lifecycle

Beginner
1m 15s
591
5/5

This Lesson introduces the development lifecycle and describes how robust development practices, including testing and change control, can considerably reduce security-related vulnerabilities in a production system. It then builds on this by looking further into different test strategies and approaches, including the role of auditing in reducing risk exposure.

Learning objectives

The objectives of this Lesson are to provide you with and understanding of:

  • The software development lifecycle
  • The role of testing and change control in reducing security-related vulnerabilities in a production system
  • How the risks introduced by third-party and outsourced developments can be mitigated
  • Test strategies and test approaches, including vulnerability testing, penetration testing, and code analysis
  • The importance of reporting, and how reports should be structured and presented to stakeholders
  • The principles of auditing and the role played by digital forensics

Intended audience

This Lesson is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.

Prerequisites

There are no specific pre-requisites to study this Lesson, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.

Feedback

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started.

About the Author
Avatar
Fred Hickling, opens in a new tab
Cyber Security Trainer
Students
1,652
Courses
11
Learning paths
2

Fred is a trainer and consultant specializing in cyber security.  His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics.  However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking.  From networking it was a natural progression to IT security and cyber security more generally.  As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.