Skip to Main Content
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training. Find out more

Sorry, the page you're looking for cannot be found

 You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You don't have access to this page
   5. The requested resource was not found
   6. An error has occurred whilst processing your request

Are you looking for:

Application Security in the ISO 27001 2013 Environment - Second edition
Overview

Web application security as part of an ISO 27001-compliant information security management system

Web application vulnerabilities are a common point of intrusion for cyber criminals. As cyber security threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets.

Although awareness of the need for web application security is increasing, security levels are nowhere near enough: according to the 2015 Trustwave Global Security Report, 98% of tested web applications were vulnerable to attack.

SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins – such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player – which often contain exploitable vulnerabilities.

Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.

The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.


Product overview

  • Second edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.
  • Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.
  • Describes risk assessment, management and treatment approaches.
  • Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.
  • Discusses the ISO 27001 controls relevant to application security.
  • Lists useful web app security metrics and their relevance to ISO 27001 controls.
  • Provides a four-step approach to threat profiling, and describes application security review and testing approaches.
  • Sets out guidelines and the ISO 27001 controls relevant to them, covering:
    • input validation
    • authentication
    • authorisation
    • sensitive data handling and the use of TLS rather than SSL
    • session management
    • error handling and logging
  • Describes the importance of security as part of the web app development process
About the author

Vinod Vasudevan

Vinod Vasudevan, CISSP, is the chief technology officer (CTO) at Paladion. Before co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter ‘Application Security and ISO27001’.

Anoop Mangla

Anoop Mangla is a risk specialist in banking and finance, and an expert on the effectiveness of security technologies in organisations’ security. He wrote the chapter ‘Introduction to Application Security Threats’.

Firosh Ummer

Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO 27001 consulting practice. Firosh wrote the chapter ‘Threat Profiling and Security Testing’.

Sachin Shetty

Sachin Shetty, CISSP, is a senior application security engineer with Paladion. He wrote the chapter ‘Attacks on Applications’.

Sangita Pakala

Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She wrote the chapter ‘Secure Development Lifecycle’.

Siddharth Anbalahan

Siddharth Anbalahan is a senior application security engineer. He has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. Siddharth wrote the chapter ‘Secure Coding Guidelines’.

Assessing Information Security - Strategies, Tactics, Logic and Framework, 2nd Edition
Overview

Build a strategic response to cyber attacks

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.

It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that explain what to do when under attack.


Cyber crime… cyber war?

With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu, and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.


Contents

  1. Information Security Auditing and Strategy
  2. Security Auditing, Governance, Policies and Compliance
  3. Security Assessments Classification
  4. Advanced Pre-Assessment Planning
  5. Security Audit Strategies and Tactics
  6. Synthetic Evaluation of Risks
  7. Presenting the Outcome and Follow-Up Acts
  8. Reviewing Security Assessment Failures and Auditor Management Strategies 

Click here to view a sample of the book

About the author

Dr Andrew Vladimirov

Dr Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.

Konstantin Gavrilenko

Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his speciality, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.

Andriej Michajlowski

Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms, and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.

Breaking the Addiction to Process - An Introduction to Agile Development
Overview

Not sure if you want to become Agile? This book will explain why you should

We live and work in an age in which clients’ needs are changing rapidly. Deadlines are shortening and existing development methodologies are relatively inflexible. Projects undertaken using these systems are coming up against increasing difficulties. Modern processes need to be fast-moving and adaptable to cope with the pace of business today.

Revolutionise your working practices with Agile

Agile development methods offer greater flexibility than traditional methods. Their emphasis on incremental testing allows maximum adaptability, giving you the tools you need to meet your customers’ needs efficiently and cost-effectively.


Save time and money

This twelve-step guide will give you a clear understanding of the way Agile works. It can save you time and money by helping you to:

  • improve your business practices
  • develop your relationships with your customers
  • work more efficiently with your colleagues
  • create streamlined and successful working practices

Discover how Agile can help you deliver the results your clients want, and improve your own job.  

About the author

Elizabeth Scanlon Thomas

Elizabeth Scanlon Thomas is a member of the Nokia Agile Community and the London Agile Community. She works as a documentation manager at Nokia, having begun her career in advertising and marketing before moving into writing in IT.

CyberWar, CyberTerror, CyberCrime and CyberActivism, Second Edition
Overview

Develop better cybersecurity by taking a wider view of the threats

Many books on cybersecurity focus on technical responses to the cybercriminal, the cyberactivist and the state-sponsored hacker. As important as this is, relatively inexperienced hackers can still break into systems that have not taken account of human fallibility and other known vulnerabilities.


Cyber security is much more than technology 

This second edition analyses the changing threats in the cyber landscape, and includes an updated body of knowledge that describes how to acquire, develop, and sustain a secure information environment that goes beyond technology and create a cyber-aware organisational culture that is more robust and better able to deal with a wider range of threats.


Contents

  • Technology Is a Double-Edged Sword;
  • Cyber attack: It's A Dangerous World for Information Systems;
  • The Human Factor: The Underrated Threat;
  • Transition from an Environment of "FUD" to a Standards-Based Environment;
  • Establishing a Culture of Cyber Security;
  • Increasing Internationalism: Governance, Laws, and Ethics;
  • Standards: What are They and Why Should We Care;
  • From Reaction to Proaction: Applying Standards in an Environment of Change and Danger;
  • Conclusion: Where Do We Go From Here?;
  • Appendix 1: Gap Analysis Areas of Interest;
  • Appendix 2: Standards Crosswalk
About the author

Dr Julie Mehan

Dr Julie Mehan is the Founder and President of JEMStone Strategies and a Principal in a strategic consulting firm in the State of Virginia. She has delivered cybersecurity and related privacy services to senior commercial, department of defence and federal government clients working in Italy, Australia, Canada, Belgium, and the United States. Dr Mehan is also an Associate Professor at the University of Maryland University College, specializing in courses in Cybersecurity, Cyberterror, IT in Organizations and Ethics in an Internet Society.
Disaster Recovery and Business Continuity, Third Edition
Overview

What would you do if your systems were hacked or compromised by a virus? How would your IT systems cope in the event of fire, flooding or an explosion?

IT has brought many benefits to business. However, IT failures can seriously damage your ability to deliver products and services, harm your company’s reputation, and jeopardise your relationship with your customers. In short, poorly managed IT problems could threaten the survival of your business.


Create a Survival Plan

If you want to protect your business, you need to put in place a business continuity (BC) and disaster recovery (DR) plan to help your business survive. Disaster Recovery and Business Continuity, a quick guide for organisations and business managers shows you how to will keep your information safe and safeguard your company from viruses and phishing scams. It explains how to store data safely, prevent assets and business intelligence from being lost by accident, and ensure your communication links are secure and functioning when disaster strikes.


Contents

  • Introduction to Disaster Recovery and Business Continuity
  • Data Disasters
  • Virus Disasters
  • Communication System Disasters
  • Software Disasters
  • Data Centre Disasters
  • IT Staff Member Disasters
  • IT Contractor Disasters
  • IT Project Failures
  • Information Security
  • Cyber Security Issues
  • Introduction to Non-IT Disasters
  • Disaster Recovery at Home
  • Plenty of Questions
  • How do I Get Started?
  • Appendix 1: Disaster Recovery Training and Certification
  • Appendix 2: Business Continuity Standards
  • Appendix 3: Making DR and BC Exciting
  • Appendix 4: Disaster Recovery Glossary
About the author

Thejendra BS

Thejendra B.S is the IT manager for a software development firm in Bangalore, and has over 20 years of experience in IT. Besides working in India, his career has also taken him to Saudi Arabia, Dubai, Bahrain and Australia. He has dealt with customers in many different areas of business, and has written many articles for websites such as techrepublic.com and drj.com. Visit www.thejendra.com for details of his other books and articles.

This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING
Loading...