Description

This intensive course will allow you to understand the principles and concepts of application security according to ISO 27034. You will learn how to implement this standard within organizations to help them integrate security into applications throughout of their development cycle.

Who is this training for ?

For whom ?

IS managers, project managers, software developers, application owners, IS managers, IS architects, programmer/tester analysts.

Prerequisites

Training objectives

Understand the implementation of SA according to the international standard ISO/IEC 27034 Obtain an understanding of the concepts, approaches, standards, methods and techniques required to effectively manage AS Understand how the SA integrates risk management, controls and compliance with third party requirements Acquire the necessary expertise to help an organization implement, manage and maintain its SA, according to ISO 27034 Acquire the expertise necessary to manage a team that will implement ISO 27034 Advise organizations on recommended practices for Security management Application Improve your analysis and decision-making capacity in an Application Security context

Training program

• Introduction to Application Security concepts
  • Introduction to Application Security and the global vision provided by ISO/IEC 27034.
  • Review of the fundamental principles of information security.
  • Concepts , principles, definitions, scopes, components, processes and actors involved in Application Security.
  • Implicit, integrated concepts.
  • Presentation of the 27034 series: organization, projects, validation/verification /certification, structure, XML schemas.
• Implementation of Application Security based on ISO/IEC 27034
  • Goals of Application Security at the level of an organization.
  • The Normative Framework of the Organization (CNO).
  • The CNO committee.
  • The NOC management process.
  • The integration of ISO/IEC 27034 elements into the organization's existing processes.
  • Design, validation , implementation, verification, operation and evolution of CSAs.
  • CSA library and traceability matrix.
  • Draft the certification process.
• Implementation of application security based on ISO/IEC 27034 (continued)
  • The process of managing the security of an application.
  • Delivering and operating an application.
  • Maintaining the current trust level at the target trust level.
  • SA validation development.
• Application security validation
  • Internal application security audits.
  • Minimize the cost of an audit.
  • Ensure that all evidence is available.
  • Validation and certification of application security according to ISO 27034: organization and project.
• CSA protocols and data structures
  • A free formal language for communicating: CSA.
  • XML schemas offered by ISO 27034 (data structure, descriptions, graphic representation).
• Guides for specific organizations and applications
  • 27034 to help resolve the establishment of CSAs meeting the requirements of conflicting laws in an application.
  • Develop CSAs.
  • Acquire CSAs.
• Certification exam
  • Examen Examen de certification ISO 27034 Lead Implementer.