Application Security in the ISO27001 Environment
IT Governance Publishing (Verlag)
978-1-905356-35-5 (ISBN)
- Titel wird leider nicht erscheinen
- Artikel merken
Application Security in the ISO27001 Environment demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment, helps organisations protet critical data in line with the requirements of financial, governance and data protection regulations, and supports implementation of the PCI DSS Payment Application Security Standard. Application Security in the ISO27001 Environment is written by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala and Siddharth Anbalahan. Together, the authors draw on a wealth of experience in tackling and securing applications in critical environments and make this expertise available to help anyone tackling application security in ISO27001 and PCI environments, risk management and software application development. Secure Development Lifecycles. Over 224 pages, they address a range of essential topics, including: * secure development lifecycles, * threat profiling, * security testing, * secure coding guidelines.
They also show how the controls from Annex A of ISO27001/ISO27002 can be used to secure individual applications, and demonstrates how to tackle this issue as part of the development and roll out of an organisation-wide Information Security Management System conforming to the Standard.
Vinod Vasudevan, CISSP, is the Director of Managed Risk Services at Paladion. He is the co-author of Enhancing Computer Security with Smart Technology, published by Auerbach. Prior to co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter 'Application Security and ISO27001'. Anoop Mangla is a risk specialist in banking and finance. Previously with PCQuest, Anoop is an expert on the effectiveness of security technologies in an organisation's security. He wrote the chapter on 'Introduction to Application Security Threats'.Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO27001 consulting practice. Firosh advises Fortune 500 companies on their ISMS strategy and helps them get certified to the new ISO standard. Firosh wrote the chapter 'Threat Profiling and Security Testing'. Sachin Shetty, CISSP, is a senior application security engineer with Paladion. Sachin's work on fighting keyloggers has been published in Securityfocus. Sachin wrote the chapter 'Attacks on Applications'. Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She has had experience on more than fifty application security projects. She is the lead author of the OWASP Application Security FAQ. Sangita's work was presented at RSA Conference 2006 and ISACA Europe 2005. She wrote the chapter 'Secure Development Lifecycle'. Siddharth Anbalahan is a senior application security engineer with experience of more than twenty penetration tests. Siddharth has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. He is the editor of Palisade, the application security magazine. Siddharth wrote the chapter 'Secure Coding Guidelines'.
CHAPTER 1: Introduction to the International Information Security Standards ISO27001 and ISO27002CHAPTER 2: The ISO27001 Implementation ProjectCHAPTER 3: Risk AssessmentCHAPTER 4: Introduction to Application Security ThreatsCHAPTER 5: Application Security and ISO27001CHAPTER 6: Attacks on ApplicationsCHAPTER 7: Secure Development LifecycleCHAPTER 8: Threat Profiling and Security TestingCHAPTER 9: Secure Coding Guidelines
| Erscheint lt. Verlag | 10.4.2008 |
|---|---|
| Zusatzinfo | Illustrations |
| Verlagsort | Ely |
| Sprache | englisch |
| Maße | 138 x 216 mm |
| Gewicht | 327 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Theorie / Studium ► Kryptologie | |
| ISBN-10 | 1-905356-35-8 / 1905356358 |
| ISBN-13 | 978-1-905356-35-5 / 9781905356355 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
