New addition to the IT Governance catalogue: Application Security in the ISO 27001:2013 Environment, second edition

IT Governance has added a new title to their catalogue: the second edition of Application Security in the ISO 27001:2013 Environment.

ELY, ENGLAND, October 21, 2015 /EINPresswire.com/ -- Ely, England, 21 October 2015 – The international information security experts IT Governance have added a new title to their catalogue: the second edition of Application Security in the ISO 27001:2013 Environment.

Updated to reflect ISO 27001:2013, Application Security in the ISO 27001:2013 Environment, second edition explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.

It describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how organisations can combat such attacks by employing the guidance and controls set out in ISO 27001.

Topics covered include:

• A full introduction to ISO 27001 and information security management systems, including implementation
guidance.
• Risk assessment, management and treatment approaches.
• Common types of web app security attack, including injection attacks, cross-site scripting, and attacks on
authentication and session management, explaining how each can compromise ISO 27001 control objectives and
showing how to test for each attack type.
• The ISO 27001 controls relevant to application security.
• Useful web app security metrics and their relevance to ISO 27001 controls.
• A four-step approach to threat profiling, and descriptions of application security review and testing
approaches.
• The importance of security as part of the web app development process.
• Guidelines and the ISO 27001 controls relevant to them, covering:

o input validation
o authentication
o authorisation
o sensitive data handling and the use of TLS rather than SSL
o session management
o error handling and logging

Application Security in the ISO 27001:2013 Environment, second edition is available from IT Governance in various formats (including softcover, Adobe eBook, Kindle and ePub):

Application Security in the ISO 27001:2013 Environment, second edition is available from good booksellers and from IT Governance in various formats (including softcover, Adobe eBook, Kindle and ePub):

www.itgovernanceusa.com/shop/p-1519-application-security-in-the-iso-270012013-environment-second-edition.aspx (International)

www.itgovernanceusa.com/shop/p-361-application-security-in-the-iso-270012013-environment-second-edition.aspx (USA)

www.itgovernance.eu/p-54-application-security-in-the-iso-270012013-environment-second-edition.aspx (EU)

www.itgovernance.asia/p-54-application-security-in-the-iso-270012013-environment-second-edition.aspx (APAC)

www.itgovernance.in/p-866-application-security-in-the-iso-270012013-environment-second-edition.aspx (India and South Asia)

www.itgovernancesa.co.za/p-54-application-security-in-the-iso-270012013-environment-second-edition.aspx (Southern Africa)

- Ends -

NOTES TO EDITORS

A division of IT Governance Ltd., IT Governance Publishing (ITGP) is the world's leading IT GRC publisher, with books and tools covering all IT governance, risk and compliance frameworks.

Julia Dutton
IT Governance Ltd
00448450701750
email us here

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.