Software Certifications in Quality, Testing, Business Analysis, Project Management and Process Engineering
Register for Certification Exam on Customer Portal
Certifications
Quality
Certified Associate in Software Quality (CASQ) Certified Software Quality Analyst (CSQA) Certified Manager of Software Quality (CMSQ)
Testing
Certified Associate in Software Testing (CAST) Certified Software Tester (CSTE) Certified Manager of Software Testing (CMST)
Project Management
Certified Software Project Manager (CSPM)
Business Analysis
Certified Associate Business Analyst (CABA) Certified Software Business Analyst (CSBA)
Process Engineering
Certified Software Process Engineer (CSPE) Certified Quantitative Software Process Engineer (CQSPE)
 
Read the latest survey report on "Getting Certified"
Software Certifications Survey Report
Common Body of Knowledge: (CMST)
All candidates will be tested on the current CMST CBOK / Skill Categories mentioned below. Those who are already a CMST certificant and plan to recertify will either be tested (recertification examination) or need to start obtaining CPE credits towards recertification (journal) based off this current version of the CBOK.
 
Skill Categories: (CMST)
  1. Software Testing Principles and Concepts
  2. Building the Test Environment
  3. Managing the Test Project
  4. Test Planning
  5. Executing the Test Plan
  6. Test Status, Analysis and Reporting
  7. User Acceptance Testing
  8. Testing Software Developed by Outside Organizations
  9. Testing Software Controls and the Adequacy of Security Procedures
  10. Testing New Technologies
 
Knowledge Skill Category 9: Testing Software Controls and the Adequacy of Security Procedures
The software system of internal control includes the totality of the means developed to ensure the integrity of the software system and the products created by the software. Controls are employed to control the processing components of software, assure that software processing is in accordance with the organization's policies and procedures, and according to applicable laws and regulations. Software systems are divided into two parts, the part that performs the processing and the part that controls processing. The control part includes a system of controls as well as the means employed to assure processing cannot be penetrated by outside sources. This category addresses all the components of the software system of internal control and security procedures.

Principles and Concepts of a Software System of Internal Control and Security
  1. Vocabulary of Internal Control and Security – the vocabulary of internal control and security which includes terms such as risk, threat, control, exposure, vulnerability and penetration.
  2. Internal Control and Security Models – includes internal control and security models. The current model that is most accepted is the COSO model. (Committee of Sponsoring Organizations, COSO, is comprised of five major U.S. accounting associations.)
Testing the System of Internal Controls
The test process for testing the system of internal controls in software is:
  1. Perform risk analysis – determine the risks faced by the transactions/events processed by the software.
  2. Determine the controls for each of the processing segments for transactions processing including:
    1. transaction origination
    2. transaction entry
    3. transaction processing
    4. data base control
    5. transaction results
  3. Determine whether the identified controls are adequate to reduce the risks to an acceptable level.
  4. When all components of the control system are present and functioning effectively, the internal control process can be deemed “effective.”
Testing the Adequacy of Security for a Software System
Testers need to evaluate the security for an individual software system. The tests should include:
  1. Evaluate the adequacy of management’s security environment.
  2. Security Risk Assessment – determining the types of risk requiring security controls.
  3. Identify the most probable points where the software would be penetrated.
  4. Determine the controls at those points of penetration.
  5. Test/assess whether those controls are adequate to reduce the security risks to an acceptable level. These tests should include:
    1. Security awareness of the software stakeholders
    2. Adequacy of management’s security environment.
Submit a Query
*Name:
*Organization:
*Phone:
*Email:
*Exam Date:
*Urgent: Call:
*Country:
*Query:
 
 
 
* Required Fields
 
QAI Web-based Business Analysis Certification Prep Courses
 
Fast Facts
40000+ IT Professionals certified worldwide
135 countries, 6 continents and 3000 + Test Centers
4000 + certified at TCS
4400 + certified at Infosys
2100 + certified at Accenture
First certification initiated in 1985 by QAI, USA
First formal examination process was launched in 1990
Quick Links
CSTE Group
CSQA Group
CSQA Info
Copyright © 2012, Software Certifications. All rights reserved.