Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Copyright
    Preface
    Ch. 1. Introduction to the International Information Security Standards ISO27001 and ISO27002
    Ch. 2. The ISO27001 Implementation Project
    Ch. 3. Risk Assessment
    Ch. 4. Introduction to Application Security Threats
    Ch. 5. Application Security and ISO27001
    A.12.1.1 Security requirements analysis and specifications
    A.12.5.1 Change control procedures
    A.12.5.2 Technical review of applications after operating system changes
    A.12.5.3 Restrictions on changes to software packages
    A.12.5.5 Outsourced software development
    A.10.1.3 Segregation of duties
    A.10.1.4 Separation of development, test and operational facilities
    A.10.3.2 System Acceptance
    A.12.4.2 Protection of system test data
    A.12.4.3 Access control to program source code
    A.12.2.1 Input validation
    A.12.2.2 Control of internal processing, and A.12.2.4 Output data validation
    A.12.2.3 Message integrity
    A.11.6.1 Information access restriction
    A.11.2.2 Privilege management
    A.11.2.4 Review of user access rights
    A.11.6.2 Sensitive system isolation
    A.11.2.1 User registration
    A.11.2.3 Password management
    A.11.5.3 Password management system
    A.11.5.4 Use of system utilities
    A.11.5.5 Session time out
    A.11.5.6 Limitation of connection time
    A.10.10.1 Audit logging
    A.10.10.2 Monitoring system use
    A.10.10.3 Protection of log information
    A.10.10.4 Administrator and operator logs
    A.15.2.2 Technical compliance checking
    A.10.9.1 Electronic commerce
    A.10.9.2 Online transactions
    A.10.9.2 Publicly available information
    Security metrics
    Bibliography
    Ch. 6. Attacks on Applications
    Ch. 7. Secure Development Lifecycle
    Ch. 8. Threat Profiling and Security Testing
    Ch. 9. Secure Coding Guidelines
    ITG Resources
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • PrintPrint
    Share this Page URL
    Help

    Chapter 5. Application Security and ISO2... > A.12.5.1 Change control procedures

    A.12.5.1 Change control procedures

    ISO27001 has controls for change management in relation to IT applications and infrastructure, to ensure that changes to systems do not introduce new risks.

    Control and verify changes so there is no impact on security. A common problem is the short time usually available to develop and deploy applications. This leads to a number of short cuts to quickly deploy the applications. These, in turn, result in a number of vulnerabilities that can go unidentified. These vulnerabilities remain in the systems thereafter and usually get identified and reported only during application audits. Adherence to this control ensures that changes will not compromise application security.


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial