Book Shows Software Developers Best-Practice Application Security
Ely, England — April 16
As software applications are the primary gateways to sensitive data, application security has, according to Gartner, become a top priority concern for CIOs. To help software developers ensure that best-practice security is fully incorporated within their products, IT Governance has published Application Security in the ISO27001 Environment.
This practical guide explains how to use the global ISO27001 standard to meet the increasingly rigorous security demands of the software application market, an important requirement for future commercial success. It is also of value to organizations that deploy applications, providing them with a clear explanation of the issues they must monitor.
Software applications have become integral to our personal and professional lives, facilitating everything from e-mail and communications to personal finance and Internet shopping. They have therefore become a channel through which vast amount of sensitive data is passed, including financial and other personally identifiable information. To underpin their customer loyalty, reputations and brand value, companies and organizations must ensure this data is secure and their information systems are robust and dependable.
For this reason, CIOs and other budget holders now place far greater emphasis upon information security when making application procurement decisions. According to Deloitte’s 2007 Global Security Survey, “The Shifting Security Paradigm,” “generic countermeasures are no longer adequate” for ensuring application security. Meanwhile, in the same study, Deloitte found that 87 percent of respondents saw poor software development quality as a top threat facing them in the next 12 months.
Application Security in the ISO27001 Environment is written by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala and Siddharth Anbalahan. Together, the authors offer a wealth of expertise in ISO27001 information security, risk management and software application development. More than 224 pages, they address a range of essential topics, including an introduction to ISO27001 and ISO27002, secure development lifecycles, threat profiling and security testing and secure coding guidelines.
As well as showing how to use ISO27001 to secure individual applications, the book demonstrates how to tackle this issue as part of the development and rollout of an organization-wide information security management system conforming to the standard.