Application Security in the ISO27001 Environment > Copyright

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

Application Security in the ISO27001 Environment

Search

Table of Contents

Preface

Ch. 1. Introduction to the International Information Security Standards ISO27001 and ISO27002

Ch. 2. The ISO27001 Implementation Project

Ch. 3. Risk Assessment

Ch. 4. Introduction to Application Security Threats

Ch. 5. Application Security and ISO27001

Ch. 6. Attacks on Applications

Ch. 7. Secure Development Lifecycle

Ch. 8. Threat Profiling and Security Testing

Ch. 9. Secure Coding Guidelines

ITG Resources

Copyright

Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and the authors cannot accept responsibility for any errors or omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the authors.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher, or in the case of reprographic reproduction in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers at the following address:

IT Governance Publishing
IT Governance Limited
Unit 3, Clive Court
Bartholomew's Walk
Cambridgeshire Business Park
Ely
Cambs
CB7 4EH
United Kingdom

www.itgovernance.co.uk

The authors have asserted the rights of the author under the Copyright, Designs and Patent Act, 1988, to be identified as authors of this work.

First published in the United Kingdom in 2008
by IT Governance Publishing

About the Authors

Vinod Vasudevan, CISSP, is the Director of Managed Risk Services at Paladion. He is the co-author of Enhancing Computer Security with Smart Technology, published by Auerbach. Prior to co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter ‘Application Security and ISO27001’.

Anoop Mangla is a risk specialist in banking and finance. Previously with PCQuest, Anoop is an expert on the effectiveness of security technologies in an organisation’s security. He wrote the chapter on ‘Introduction to Application Security Threats’.

Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO27001 consulting practice. Firosh advises Fortune 500 companies on their ISMS strategy and helps them get certified to the new ISO standard. Firosh wrote the chapter ‘Threat Profiling and Security Testing’.

Sachin Shetty, CISSP, is a senior application security engineer with Paladion. Sachin’s work on fighting keyloggers has been published in Securityfocus. Sachin wrote the chapter ‘Attacks on Applications’.

Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She has had experience on more than fifty application security projects. She is the lead author of the OWASP Application Security FAQ. Sangita’s work was presented at RSA Conference 2006 and ISACA Europe 2005. She wrote the chapter ‘Secure Development Lifecycle’.

Siddharth Anbalahan is a senior application security engineer with experience of more than twenty penetration tests. Siddharth has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. He is the editor of Palisade, the application security magazine. Siddharth wrote the chapter ‘Secure Coding Guidelines’.