Competency
Implementation of Controls A 8.25 and A 8.26 SDLC and Application Security
This competency provides a solid foundation in implementing a Secure Development Life Cycle (SDLC) aligned with ISO/IEC 27001. Participants will learn key SDLC phases, including threat modeling, secure coding, and deployment practices, as well as application security principles, regulatory compliance, and authentication. The competency concludes with practical guidance on implementing and auditing security controls per ISO/IEC 27001, ensuring robust security throughout the software development process.
5 Trainers
About
Course Overview:
This competency focuses on securing the software development process from the ground up. It covers all phases of the Secure Development Life Cycle (SDLC), including threat modeling, secure coding, and deployment best practices. Participants will also learn about key application security principles, regulatory requirements, and compliance with ISO/IEC 27001. The course provides practical examples to guide participants in implementing and auditing security controls throughout the software development life cycle.
What You'll Learn:
- The phases of SDLC and their relationship with information security
- How to implement secure coding standards and ensure secure deployment
- Regulatory compliance and legal considerations in application security
- How to embed security at each stage of the SDLC
- Techniques for threat modeling and managing security vulnerabilities
- How to implement and audit controls based on ISO/IEC 27001 standards
Who Should Take This Course?
This course is perfect for:
- Software developers and engineers
- IT security professionals and managers
- Application security teams
- Risk and compliance officers
- IT auditors and quality assurance specialists
- Business leaders responsible for securing software applications
What You'll Get:
- A certification of completion
- Practical knowledge on SDLC and application security
- Hands-on experience with threat modeling, secure coding, and secure deployment practices
- Access to a community of cybersecurity professionals
- Access to course materials in multiple languages
Module 1
Secure Development Life Cycle (SDLC)
- SDLC and Information Security (15 mins)
- Phases of the SDLC (15 mins)
- Threat Modeling (15 mins)
- Security Best Practices in SDLC (16 mins)
- Take the Practice Quiz
Module 2
Implementing SDLC
- Security Training and Awareness (15 mins)
- Secure Coding Standards (14 mins)
- Secure Deployment and Configuration (14 mins)
- Case Studies and Practical Solutions (14 mins)
- Take the Practice Quiz
Module 3
Security Requirements
- Key Principles of Application Security (15 mins)
- Regulatory Compliance and Legal Considerations (14 mins)
- Authentication and Authorization (16 mins)
- Security Measures in System Implementation (15 mins)
- Take the Practice Quiz
Module 4
ISO/IEC 27001
- Implementation as per Annex A 8.25 (13 mins)
- Auditing as per Annex A 8.25 (13 mins)
- Implementation as per Annex A 8.26 (14 mins)
- Auditing as per Annex A 8.26 (15 mins)
- Take the Practice Quiz
Specialization · 4 modules
4 Modules
100% Positive Reviews (24 reviews)
104 Lessons (4h 15m)
3,011 Students
Languages Available: Spanish, English, German, French
Exam
Certificate upon completion of the course
Tags
SDLC and Application Security
Implementation of Control 8.25
Implementation of Control 8.26
ISO/IEC 27001
Secure Development
Risk Management
About the Trainer
Mike Boutwell
Information Security and Risk Management Expert
Mike Boutwell is an esteemed expert in information security and risk management, with over 15 years in security and 10 years in risk management, contributing to companies such as Cisco, AT&T, IBM, Kyndryl, First Data, and Euroclear. Specializing in artificial intelligence and cybersecurity, he identifies and mitigates cyber risks while integrating AI risk management into existing security frameworks. Mike has advanced information security through innovative vendor collaborations, maintaining high compliance rates, and authoring insightful publications on AI and cybersecurity.
