Embed Size (px)
Citation preview
MASTERING THE IMPLEMENTATION OF MANAGEMENT IN IT - SECURITY TECHNIQUES – APPLICATION SECURITY BASED ON ISO 27034
DAY 1 DAY 2
DAY 3 DAY 4
DAY 5
DURATION: 5 DAYSCOURSE AGENDA
WHO SHOULD ATTEND?
SUMMARY
▶ Project managers or consultants wanting to prepare and to support an organization in the implementation of an Application Security
▶ ISO 27034 auditors who wish to fully understand the Application Security implementation process
▶ Administrators
▶ Software acquirers ▶ Software development managers ▶ Application owner ▶ Line managers, who supervise employees
Introduction to IT - Security techniques – Application Security overview and concepts as required by ISO 27034
▶ Introduction to Security techniques – Application Security and the process approach
▶ Presentation of the standards ISO 27034-1, ISO 27034-2, ISO 27034-3, ISO 27034-4, ISO 27034-5, ISO 27034-6 and regulatory framework
▶ Fundamental principles of Security Techniques – Application Security
▶ Overview and concepts of Application Security ▶ Definitions, concepts, principles and processes involved
in Application Security
Protocols and Application Security control data structure based on ISO 27034
▶ Application security control data structure requirements, descriptions, graphical representation
▶ XML schema, based on ISO/TS 15000: Electronic business extensible Markup Language ebXML
▶ Facilitation the implementation of the ISO/IEC 27034 ▶ Communication and exchange of ASC's ▶ Establishment of libraries of Application Security
functions ▶ Provisioning and operating the application
Certification Exam ▶ PECB’s 3 Hour Certified ISO/IEC 27034 Lead Implementer Exam is available in different languages. The candidates
who do not pass the exam will be able to retake it for free within 12 months from the initial exam date.
Implementation of IT - Security techniques – Application Security based on ISO 27034
▶ Organization normative framework ▶ Definition of the scope in Application Security ▶ Relationships and support of processes to the Application
Security management process ▶ Implementation of ISO/IEC 27034 and integration of it into
its existing processes ▶ Application Security risks assessment ▶ Realization, operation and validation of application of
security throughout its life cycle ▶ Development of Application Security validation ▶ Drafting the certification process
Security guidance for specific applications ▶ Applications Security controls based on ISO 27034 ▶ Development of metrics, performance indicators and
dashboards in accordance with ISO 27034 ▶ ISO 27034 internal audit ▶ Review of IT - Security techniques – Application
Security ▶ Implementation of a continual improvement program ▶ Preparing for an ISO 27034 certification audit
www.pecb.org
This five-day intensive course enables the participants to develop, acquire, implement and use trustworthy applications, at an acceptable (or tolerable) security cost. More specifically, these components, processes and frameworks provide verifiable evidence that applications have reached and maintained a targeted level of trust as specified in ISO/IEC 27034. The purpose of ISO/IEC 27034 Lead Implementer is to assist organizations in integrating security seamlessly throughout the life cycle of their applications. Application Security applies to the original software of an application and to its contributing factors that impact its security, such as data, technology, application development life cycle processes, supporting processes and actors, and it applies to all sizes and all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) exposed to risks associated with applications. The multi-part standard provides guidance on specifying, designing/selecting and implementing information security controls through a set of processes integrated throughout an organization’s Systems Development Life Cycle/s (SDLC).
CERTIFIED ISO 27034 LEAD IMPLEMENTER
▶ Certification fees are included in the exam price ▶ Participant manual contains over 450 pages of information and practical examples ▶ A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
▶ The “Certified ISO/IEC 27034 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: » Domain 1: Overview and concepts » Domain 2: Organization normative framework best practice based on ISO 27034 » Domain 3 Application Security management process based on ISO 27034 » Domain 4: Application Security validation based on ISO 27034 » Domain 5: Protocols and Application Security control data structure based on ISO 27034 » Domain 6: Security guidance for specific applications based on ISO 27034 » Domain 7: Preparing for ISO 27034 certification audit
▶ For more information about the exam, please visit: www.pecb.org
▶ After successfully completing the exam, the participants can apply for the credentials of Certified ISO/IEC 27034 Provisional Implementer, Certified ISO/IEC 27034 Implementer or Certified ISO/IEC 27034 Lead Implementer, depending on their level of experience
▶ A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential:
Credential Exam ProfessionalExperience
ITST AuditExperience
ITST ProjectExperience
OtherRequirements
ISO 27034Provisional
Implementer
ISO 27034 LeadImplementer
ExamNone None None
Signing thePECB
code of ethics
ISO 27034Implementer
ISO 27034 LeadImplementer
Exam
Two yearsOne year ofInformation Technology
Security Techniques work experience
NoneProject activities
totaling200 hours
Signing thePECB
code of ethics
ISO 27034Lead
Implementer
ISO 27034 LeadImplementer
Exam
Five yearsTwo years ofInformation Technology
Security Techniques work experience
NoneProject activities
totaling300 hours
Signing thePECB
code of ethics
EXAMINATION
CERTIFICATION
GENERAL INFORMATION
For additional information, please contact us at [email protected]
www.pecb.org
PECBCertified
ISO
Lead Implementer
27034
