I'll be taking my CCSP in a couple of weeks, I'm hoping I can get help with the discrepancies between the CBK and the Official Study Guide (both from ISC2) as it pertains to the SDLC steps.
The CCSP Official Study Guide
Chapter 7 - Cloud-Secure Software Development Lifecycle (Pg 340-341 ebook)
5. Secure Operations
The Official (ISC)2 Guide to the CCSP CBK
Domain 4 - Cloud Application Security (Pg 213-214)
1. Planning and requirements analysis
Which one is correct? Which one should I concentrate on?
If a question is which one is the last step of SDLC, I can see getting this wrong.
Any help would be greatly appreciated.
Definitely something that should be raised to Casey and his crew.
As to an answer, that's a hard one.
I am not a CCSP so may be all wrong on this one but as a CSSLP, I would suggest that the Official study guide may be missing a few stages. I have always used a seven stage method:
I typically group Disposal in the operations and maintenance phase.
However I have seen other folks use five and six phase approaches. But then I think the two documents should reflect the same steps.
Suggest we wait to see what (ISC)2 has to say on this one.
As to the exam, Testing is NOT the last phase no matter which model one uses.
Thank you for your reply. I appreciate it, specially as I plan on sitting for the CSSLP as well in March of next year. I don't have the CSSLP book yet and I was hoping that would be the "tie-breaker".
It sounds like adding the CSSLP then by all accounts ISC2 has a total of 3 different lifecycles for software development, which is understandable in real world scenario, but should not be the case for a single topic in an educational setting (but then again, what do I know about education.). 🙂