KuTenk.Business Success Center.Life Success Coach.Career Success Resources.Cheap Bargain Discount Bookstores.Engineering Books.Management Books.Business Books.Computer Books.

Enhance your Professional Development, Personal Learning from KuTenk Success Center.Buy Cheap Books Online.EBooks Shopping Online from Best Online Discount Book Stores.Free Download PDF EBooks.Popular Book Buys from Cheapest Bookstore.Investment Books.Finance Books.Professional Books.Academic Books.Human Resources Books.Chemical Engineering Books.Civil Engineering Books.Mechanical Engineering Books.Electronics Engineering Books.Communications Engineering EBooks.Electrical Engineering EBook.

Archive for April, 2010

Application Security in the ISO27001 Environment | by Vinod Vasudevan et al. | ISBN: 9781905356355. International Information Security Standards. Secure Application Development Lifecycle. Information Security Management System.

Tuesday, April 27th, 2010

Application Security in the ISO27001 Environment

by Vinod Vasudevan et al.
ISBN:9781905356355

Helping organizations protect critical data in line with the requirements of financial, governance and data protection regulations, this book demonstrates how to secure software applications within a best practice ISO/IEC 27001 environment.

Get this Book by clicking below:

Application Security in the ISO27001 Environment

Preface
Chapter 1 – Introduction to the International Information Security Standards ISO27001 and ISO27002
What is information security?
The ISMS and regulation
ISO/IEC27001:2005 (‘ISO27001’ or ‘the Standard’)
ISO/IEC27002:2005 (‘ISO27002’)
Definitions
Risks to information assets
Information Security Management System
Relationship between the standards
Specification compared to a Code of Practice
The ISMS
ISO27001 as a model for the ISMS

Chapter 2 – The Iso27001 Implementation Project
PDCA cycle
Project team
Demonstrating management commitment
Project team/steering committee
Information security co-ordination
Project initiation
Awareness
Awareness tools
Documentation requirements and record control
ISO27001 document control requirements
Annex A document controls
Document approval
Contents of the ISMS documentation
Record control
Documentation process and toolkits

Chapter 3 – Risk Assessment
Risk management
Risk treatment plans
Acceptable risks
Risk assessment
Assets within scope
Asset classes
Asset owners
Assessing risk
Risk level
Risk treatment plan
Risk assessment tools

Chapter 4 – Introduction to Application Security Threats
Chapter 5 – Application Security and ISO27001
Overview
A.12.1.1 Security requirements analysis and specifications
A.12.5.1 Change control procedures
A.12.5.2 Technical review of applications after operating system changes
A.12.5.3 Restrictions on changes to software packages
A.12.5.5 Outsourced software development
A.10.1.3 Segregation of duties
A.10.1.4 Separation of development, test and operational facilities
A.10.3.2 System Acceptance
A.12.4.2 Protection of system test data
A.12.4.3 Access control to program source code
A.12.2.1 Input validation
A.12.2.2 Control of internal processing, and

A.12.2.4 Output data validation
A.12.2.3 Message integrity
A.11.6.1 Information access restriction

A.11.2.2 Privilege management

A.11.2.4 Review of user access rights
A.11.6.2 Sensitive system isolation
A.11.2.1 User registration
A.11.2.3 Password management

A.11.5.3 Password management system
A.11.5.4 Use of system utilities
A.11.5.5 Session time out

A.11.5.6 Limitation of connection time
A.10.10.1 Audit logging

A.10.10.2 Monitoring system use

A.10.10.3 Protection of log information

A.10.10.4 Administrator and operator logs
A.15.2.2 Technical compliance checking
A.10.9.1 Electronic commerce

A.10.9.2 Online transactions

A.10.9.2 Publicly available information
Security metrics
Bibliography

Chapter 6 – Attacks on Applications
Variable manipulation attacks
How to set up a web proxy editor
Buffer overflows
Structured Query Language (SQL) injection
Cross-site scripting
Attack on browser’s refresh

Chapter 7 – Secure Development Lifecycle
Overview
Security activities in SDLC
Preliminary risk assessment
Threat modelling
Secure coding practices
Security testing
Backup and recovery
Change control (ISO27001 A.12.5.1)
Incident response
Security training
Bibliography

Chapter 8 – Threat Profiling and Security Testing
Threat profiling
The process of threat profiling
Application security review and testing
Input validation tests

Chapter 9 – Secure Coding Guidelines
Overview
Input validation guidelines (ISO27001 A.12.2.1)
Authentication guidelines (ISO27001 A.11.5.2)
Guidelines for handling sensitive data (ISO27001 A.10.7.3)
Session management guidelines
Error handling and logging (ISO27001 A.10.10.5)
Miscellaneous guidelines

ITG Resources
Pocket Guides
Toolkits

For 1000+ more Computer Books & Application Security Books, click below: