Secure Coding mailing list archives
Re: application security reqs - standards comparison?
From: Jari Pirhonen <japi () iki fi>
Date: Tue, 08 Nov 2005 23:17:16 +0000
[EMAIL PROTECTED] wrote: Jari Pirhonen wrote: Does anyone know or have a document, which would compare different security/auditing standards from the application security point of view? For example ISO 17799, COBIT, ISF, VISA/MC, GAISP, etc. I'd like to see, how much differences there really are and if one standard would cover all the other standards on this particular area. You might want to take a look at http://www.issa.org/gaisp/_pdfs/strawman_mapping.pdf Thanks. which compares the GAISP to the (ISC)2 CBK, ISF Standard of Good Practice, 17799, COBIT and NIST SP 800-14. Since they all try to cover all aspects of information security, you might want to look at an application security specific guide, for example the OWASP Guide, instead: http://www.owasp.org/documentation/guide/guide_about.html OWASP is a good source, but I don't have problems with defining security requirements for applications or SDLC. I just try to find out how much common standards/guidelines differ on this topic. I have received several replies and it seems that there's no comprehensive comparison available at the level I'm searching for. Jari
Current thread:
- application security reqs - standards comparison? Jari Pirhonen (Nov 07)
- Re: application security reqs - standards comparison? oddbjorn (Nov 08)
- Re: application security reqs - standards comparison? Jari Pirhonen (Nov 08)
- <Possible follow-ups>
- application security reqs - standards comparison? Benjamin Tomhave (Nov 25)
- Re: application security reqs - standards comparison? oddbjorn (Nov 08)