Application Security in the ISO27001 Environment [Paperback]

Vinod Vasudevan (Author), Anoop Mangla (Author), Firosh Ummer (Author), Sachin Shetty (Author), Sangita Pakala (Author), Siddharth Anbalahan (Author)

Book Description

Publication Date: April 10, 2008

Application security is a major issue for CIOs. Application Security in the ISO27001 Environment demonstrates how to secure software applications using ISO/IEC 27001. It does this in the context of a wider roll out of an information security management system (ISMS) that conforms to ISO/IEC 27001. Together, the authors offer a wealth of expertise in ISO27001 information security, risk management and software application development. Over 224 pages, they address a range of essential topics, including an introduction to ISO27001 and ISO27002, secure development lifecycles, threat profiling and security testing, and secure coding guidelines. As well as showing how to use ISO27001 to secure individual applications, the book demonstrates how to tackle this issue as part of the development and roll out of an organisation-wide Information Security Management System conforming to the Standard. Software packages are the conduits to critical business data, thus securing applications adequately is of the utmost importance. Thus you must order a copy of this book today, as it is the de-facto standard on application security in the ISO/IEC 27001 environment.

Editorial Reviews

Review

This book can be seen as result of a fruitful encounter between a CISO and a software developer. By one hand, the book introduces the major concepts of management of information security, according to the ISO 27001 approach, and then details which security requirements apply to the application s domain. By another hand, the book presents how major application threats such as SQL injection and cross site scripting can be addressed by ISO requisites, in a language familiar to every developer. In sum, this book explains ISO in a programmer s languages and applications challenges to security managers. --Paulo Coelho, CISSP ISO27001 Consultant & Lead Auditor

About the Author

Vinod Vasudevan, CISSP, is the Director of Managed Risk Services at Paladion. He is the co-author of Enhancing Computer Security with Smart Technology, published by Auerbach. Prior to co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter 'Application Security and ISO27001'. Anoop Mangla is a risk specialist in banking and finance. Previously with PCQuest, Anoop is an expert on the effectiveness of security technologies in an organisation's security. He wrote the chapter on 'Introduction to Application Security Threats'.Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO27001 consulting practice. Firosh advises Fortune 500 companies on their ISMS strategy and helps them get certified to the new ISO standard. Firosh wrote the chapter 'Threat Profiling and Security Testing'. Sachin Shetty, CISSP, is a senior application security engineer with Paladion. Sachin's work on fighting keyloggers has been published in Securityfocus. Sachin wrote the chapter 'Attacks on Applications'. Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She has had experience on more than fifty application security projects. She is the lead author of the OWASP Application Security FAQ. Sangita's work was presented at RSA Conference 2006 and ISACA Europe 2005. She wrote the chapter 'Secure Development Lifecycle'. Siddharth Anbalahan is a senior application security engineer with experience of more than twenty penetration tests. Siddharth has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. He is the editor of Palisade, the application security magazine. Siddharth wrote the chapter 'Secure Coding Guidelines'.

Product Details

• Paperback: 224 pages
• Publisher: IT Governance Publishing (April 10, 2008)
• Language: English
• ISBN-10: 1905356358
• ISBN-13: 978-1905356355
• Product Dimensions: 8.4 x 5.4 x 0.7 inches
• Shipping Weight: 9.6 ounces (View shipping rates and policies)
• Average Customer Review: 1.0 out of 5 stars  See all reviews (1 customer review)
• Amazon Best Sellers Rank: #3,427,570 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

1 of 1 people found the following review helpful:

1.0 out of 5 stars An expensive disappointment, February 21, 2011

By 

Lawrence J. Webber (Springfield, OH) - See all my reviews

This review is from: Application Security in the ISO27001 Environment (Paperback)

There is a lot of excellent information in the marketplace on this topic and unfortunately this is not it. The information identifies problems but provides little answers. Instead it provides links to web sites. For the cost of this book, I would want to know the details of the solutions from the author - not to be referred to common Information Security web sites.