top of page
71OMr0D4FrL._SL1500_.jpg
119159849_10158061653118813_5314694876572739015_n.jpg
71eSH5cSYiL._SL1377_.jpg
final.png

CISSP Study Plan – Day 6 of 55 | SDLC & Scrum Development Methodology Explained


"SDLC was my weakest domain so I had to hit it harder than the rest ! And you know what? The exam knew, and pummeled me with SDLC questions."

- Luke Ahmed



Today is Day 6 of Yihenew’s CISSP study plan, continuing with Systems Development Security, but now shifting the focus toward the Scrum development methodology within the SDLC.


Key Areas Covered:

  • Scrum Framework — iterative development approach using short sprints (1–4 weeks) to deliver working software quickly

  • Roles — Product Owner (defines vision and backlog), Scrum Master (facilitates the process), Development Team (builds and tests increments)

  • Artifacts — Product Backlog, Sprint Backlog, and Increment, all designed to ensure transparency and traceability

  • Ceremonies — Sprint Planning, Daily Stand-ups, Sprint Review, and Retrospective, ensuring continuous communication and feedback

  • Security in Scrum — weaving security tasks into backlog items and reviews so vulnerabilities are addressed during development, not after


In this CISSP study plan session, Yihenew highlighted that Scrum isn’t just about speed—it’s about adaptability and accountability. Security professionals must understand how Agile and Scrum change the way risks, controls, and secure coding practices are implemented.

If you’re building your own CISSP preparation plan, these SDLC concepts are critical for mastering the Software Development Security domain and tie directly into Security and Risk Management through governance, oversight, and secure process integration.

Quick CISSP Practice Question

In the Scrum methodology, who is primarily responsible for ensuring that security requirements are added into the product backlog?

A. Development Team B. Scrum Master C. Product Owner D. Security Architect

✅ Correct Answer: C. Product Owner

Explanation:The Product Owner owns the backlog and decides what work gets prioritized, including security tasks. The Development Team implements backlog items, the Scrum Master facilitates the process, and a Security Architect may advise — but only the Product Owner can formally add and prioritize items in the backlog.


Follow his full journey on TikTok or check out Day 7.


Yihenew's Resources in the Video:


Course


Practice Questions

 
 
  • Youtube
  • Instagram
  • Linkedin
  • Facebook
  • TikTok
bottom of page