- Paperback: 224 pages
- Publisher: It Governance Ltd (April 2008)
- Language: English
- ISBN-10: 1905356358
- ISBN-13: 978-1905356355
- Product Dimensions: 21.6 x 14 x 1.3 cm
- Shipping Weight: 272 g
- Amazon Bestsellers Rank: #1,692,418 in Books (See Top 100 in Books)
- See Complete Table of Contents
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
Product Details |
Product Description
Product Description
Application security is, today, a #1 issue for CIOs, according to Gartner. Why is this? Deloitte (in their 2007 Global Security Survey: The Shifting Security Paradigm) say of application security that 'generic countermeasures are no longer adequate.' Applications are in fact now the primary gateway to sensitive data and, therefore, application security is critical to effective information security management. However, 87% of respondents to the Deloitte survey identified poor software development quality as a top threat facing them in the next 12 months. Application software - from Microsoft Office, SAP and Lotus Notes to Adobe, SAGE and Skype - is ubiquitous, affecting all aspects of our personal and professional lives. Software vulnerabilities are equally ubiquitous, threatening: . Personal identities . Intellectual property . Corporate brand value, credit card data and consumer trust . Business services, operations and continuity, as well as our . Critical national infrastructures and the public sector. Individual, corporate and national security and economic effectiveness depend on the reliable execution of software. This book shows you how to use ISO/IEC 27001 to secure applications and how to tackle this issue as part of the development and roll out of an Information Security Management System ('ISMS') that conforms with ISO/IEC 27001.
About the Author
Vinod Vasudevan, CISSP, is the Director of Managed Risk Services at Paladion. He is the co-author of Enhancing Computer Security with Smart Technology, published by Auerbach. Prior to co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter 'Application Security and ISO27001'. Anoop Mangla is a risk specialist in banking and finance. Previously with PCQuest, Anoop is an expert on the effectiveness of security technologies in an organisation's security. He wrote the chapter on 'Introduction to Application Security Threats'.Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO27001 consulting practice. Firosh advises Fortune 500 companies on their ISMS strategy and helps them get certified to the new ISO standard. Firosh wrote the chapter 'Threat Profiling and Security Testing'. Sachin Shetty, CISSP, is a senior application security engineer with Paladion. Sachin's work on fighting keyloggers has been published in Securityfocus. Sachin wrote the chapter 'Attacks on Applications'. Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She has had experience on more than fifty application security projects. She is the lead author of the OWASP Application Security FAQ. Sangita's work was presented at RSA Conference 2006 and ISACA Europe 2005. She wrote the chapter 'Secure Development Lifecycle'. Siddharth Anbalahan is a senior application security engineer with experience of more than twenty penetration tests. Siddharth has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. He is the editor of Palisade, the application security magazine. Siddharth wrote the chapter 'Secure Coding Guidelines'.
Inside This Book
(Learn More)
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
1 review
1 of 1 people found the following review helpful
An expensive disappointment
Feb 21 2011
Format:Paperback
There is a lot of excellent information in the marketplace on this topic and unfortunately this is not it. The information identifies problems but provides little answers. Instead it provides links to web sites. For the cost of this book, I would want to know the details of the solutions from the author - not to be referred to common Information Security web sites.
Listmania!
Look for similar items by category
- Books > Business & Investing > Reference
- Books > Computers & Internet > Business & Culture > Manager's Guides to Computing
- Books > Computers & Internet > Certification Central > Exams > Security+
- Books > Computers & Internet > Computer Science > Software Engineering > Information Systems
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Web Development > Security & Encryption > Encryption
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
|
