SANS Institute to Host Official (ISC)2® CSSLPCM CBK® Education Seminars at Upcoming Conferences

PALM HARBOR, Fla.-(Business Wire)-September 24, 2009 - (ISC)^2®(“ISC-squared”), the not-for-profit global leader in educating and certifying information security professionals throughout their careers, today announced that SANS Institute will be holding Official (ISC)² Certified Secure Software Lifecycle Professional (CSSLP^CM) CBK^® Education Seminars at two of its upcoming conferences: SANS London from Nov. 30-Dec. 4 and SANS Cyber Defense Initiative (CDI) in Washington, D.C. from Dec. 11-15, 2009.

Taught by (ISC)²-certified instructors, the five-day Education Seminars will cover the seven domains of the CSSLP, a certification from (ISC)² created to stop the proliferation of software security vulnerabilities by establishing best practices and validating an individual’s competency in addressing security issues throughout the software development lifecycle.

The course will detail the tools and processes required to build security into each phase of the software lifecycle, from the requirement phase through software design, software testing and disposal.

“With unsecured software posing a greater threat to enterprises every day and causing higher production costs and delays for software developers, educating software lifecycle professionals on optimum security practices is a sensible solution,” said Alan Paller, director of research for SANS.

“The CSSLP complements SANS’ GIAC Secure Software Programmer (GSSP) certification, which tests developers’ secure coding skills,” Paller said.

“We are pleased to be working with SANS on this important but frequently-overlooked issue,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)². “By raising awareness of the problem and providing one set of solutions with our complementary certifications, we hope to defray the rising costs – both concrete and intangible – of relying on software that has not been properly secured and managed from cradle to grave.”

Code-language neutral, the CSSLP is applicable to software analysts, developers, engineers, project managers, software quality assurance testers and programmers. To be eligible for the certification, CSSLP candidates must demonstrate four years of professional experience in the software development lifecycle process, or three years of experience and a bachelor’s degree (or regional equivalent) in an IT discipline.

The seven domains of the CSSLP CBK^®, a compendium of secure software topics, are:

Secure Software Concepts
Secure Software Requirements
Secure Software Design
Secure Software Implementation/Coding
Secure Software Testing
Software Acceptance
Software Deployment, Operations, Maintenance and Disposal

To register for the CSSLP Review Seminar at SANS London, visit http://www.sans.org/london09/description.php?tid=3597. To register for the CSSLP Review Seminar at SANS CDI in Washington, D.C., visit http://www.sans.org/cyber-defense-initiative-2009/description.php?tid=3597.

For more information about the CSSLP education programs, visit http://www.isc2.org/csslpedu/.

SANS Institute

SANS is the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC, a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

About (ISC)²

(ISC)^2® is the globally recognized Gold Standard for certifying information security professionals. Celebrating its 20^th anniversary, (ISC)² has certified nearly 65,000 information security professionals in more than 130 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)² issues the Certified Information Systems Security Professional (CISSP^®) and related concentrations, Certified Secure Software Lifecycle Professional (CSSLP^CM), Certification and Accreditation Professional (CAP^®), and Systems Security Certified Practitioner (SSCP^®) credentials to those meeting necessary competency requirements. (ISC)²’s CISSPand related concentrations, CAP, and the SSCPcertifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)²’s CBK^®, a compendium of information security topics. More information is available at www.isc2.org.