Secure Coding mailing list archives
Re: application security reqs - standards comparison?
From: <oddbjorn () tricknology org>
Date: Tue, 08 Nov 2005 17:49:58 +0000
Jari Pirhonen wrote: Does anyone know or have a document, which would compare different security/auditing standards from the application security point of view? For example ISO 17799, COBIT, ISF, VISA/MC, GAISP, etc. I'd like to see, how much differences there really are and if one standard would cover all the other standards on this particular area. You might want to take a look at http://www.issa.org/gaisp/_pdfs/strawman_mapping.pdf which compares the GAISP to the (ISC)2 CBK, ISF Standard of Good Practice, 17799, COBIT and NIST SP 800-14. Since they all try to cover all aspects of information security, you might want to look at an application security specific guide, for example the OWASP Guide, instead: http://www.owasp.org/documentation/guide/guide_about.html regards, Jari -oddbjorn
Current thread:
- application security reqs - standards comparison? Jari Pirhonen (Nov 07)
- Re: application security reqs - standards comparison? oddbjorn (Nov 08)
- Re: application security reqs - standards comparison? Jari Pirhonen (Nov 08)
- <Possible follow-ups>
- application security reqs - standards comparison? Benjamin Tomhave (Nov 25)
- Re: application security reqs - standards comparison? oddbjorn (Nov 08)