Skip to Main Content
USA
Select regional store:
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training | Find out more

We're sorry but that page cannot be found

Please use the links above to find what you were looking for.

You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You have no access to this page
   5. The requested resource was not found.
   6. An error has occurred while processing your request.

Are you looking for:

Information Security Training Courses

Browse the information security training courses in IT Governance's webshop, your one-stop shop for high-quality and cost-effective training solutions.

Data protection / EU GDPR training courses

Browse the GDPR training course options from the leading international GDPR training provider.

An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition
Overview

The ideal primer for anyone implementing an Information Security Management System (ISMS)

This pocket guide will help you to:

  • Make informed decisions
    Using this guide will enable the key people in your organization to make better decisions before embarking on an information security project.
  • Ensure everyone is up to speed
    Use this guide to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
  • Raise awareness among staff
    Use this guide to make sure your people know what is at stake with regard to information security and understand what is expected of them.
  • Enhance your competitiveness
    Use this guide to let your customers know that the information you hold about them is managed and protected appropriately.
About the author

Steve G. Watkins

Steve G. Watkins managed the world’s first successful BS7799 (the forerunner of ISO27001) implementation project and leads the consultancy and training services of IT Governance Ltd. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. He has over 20 years’ experience managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sectors.

Application Security in the ISO 27001 2013 Environment - Second edition
Overview

Web application security as part of an ISO 27001-compliant information security management system

Web application vulnerabilities are a common point of intrusion for cyber criminals. As cybersecurity threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organizations urgently need to focus on web application security to protect their customers, their interests, and their assets.

Although awareness of the need for web application security is increasing, security levels are nowhere near enough: according to the 2015 Trustwave Global Security Report, 98% of tested web applications were vulnerable to attack.

SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins—such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player—which often contain exploitable vulnerabilities.

Application Security in the ISO 27001:2013 Environment explains how organizations can implement and maintain effective security practices to protect their web applications—and the servers on which they reside—as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.

The book describes the methods used by criminal hackers to attack organizations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.


Product overview

  • Second edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.
  • Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.
  • Describes risk assessment, management, and treatment approaches.
  • Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.
  • Discusses the ISO 27001 controls relevant to application security.
  • Lists useful web app security metrics and their relevance to ISO 27001 controls.
  • Provides a four-step approach to threat profiling and describes application security review and testing approaches.
  • Sets out guidelines and the ISO 27001 controls relevant to them, covering:
    • input validation
    • authentication
    • authorization
    • sensitive data handling and the use of TLS rather than SSL
    • session management
    • error handling and logging
  • Describes the importance of security as part of the web app development process

Order Application Security in the ISO 27001 Environment to secure your web applications today.

About the author

About the Authors

  • Vinod Vasudevan, CISSP, is the chief technology officer (CTO) at Paladion. Before co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter "Application Security and ISO27001."
  • Anoop Mangla is a risk specialist in banking and finance an expert on the effectiveness of security technologies in organizations’ security. He wrote the chapter "Introduction to Application Security Threats."
  • Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO 27001 consulting practice. Firosh wrote the chapter "Threat Profiling and Security Testing."
  • Sachin Shetty, CISSP, is a senior application security engineer with Paladion. He wrote the chapter "Attacks on Applications."
  • Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She wrote the chapter "Secure Development Lifecycle."
  • Siddharth Anbalahan is a senior application security engineer. He has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. Siddharth wrote the chapter "Secure Coding Guidelines."
Assessing Information Security - Strategies, Tactics, Logic and Framework, 2nd Edition
Overview

Build a strategic response to cyber attacks

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations.

Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.

It is clear that organizations need to develop a view of cybersecurity that goes beyond technology: all staff in the organization have a role to play, and it is the senior managers who must ensure, like generals marshaling their forces, that all staff know the cybersecurity policies that explain what to do when under attack.


Cybercrime… cyber war?

With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.


Contents: 

  1. Information Security Auditing and Strategy
  2. Security Auditing, Governance, Policies, and Compliance
  3. Security Assessments Classification
  4. Advanced Pre-Assessment Planning
  5. Security Audit Strategies and Tactics
  6. Synthetic Evaluation of Risks
  7. Presenting the Outcome and Follow-Up Acts
  8. Reviewing Security Assessment Failures and Auditor Management Strategies 
About the author

About the authors 

Dr. Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.

Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his specialty, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.

Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.

top
This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION
TRAINING
Loading...