Secure Coding mailing list archives
application security reqs - standards comparison?
From: falcon at secureconsulting.net (Benjamin Tomhave)
Date: Fri, 25 Nov 2005 14:25:23 -0500
Greetings - new to the list, was reading through the archives, saw this recent post... Jari Pirhonen wrote:
Does anyone know or have a document, which would compare different
security/auditing standards
from the application security point of view? For example ISO 17799, COBIT,
ISF, VISA/MC, GAISP,
etc. I'd like to see, how much differences there really are and if one
standard would cover all
the other standards on this particular area.
I published a white paper last Summer that classifies, compares, and describes many of these methods. It's available online from http://falcon.secureconsulting.net/professional/papers/Alphabet_Soup.pdf and is scheduled for an updated release this Winter to account for the recent revisions of 17799, new release of 27001, finalized PCI DSS standards, upcoming revisions to CobiT, and so on. Your comments or corrections are welcomed. cheers, -ben --- Benjamin Tomhave, CISSP falcon at secureconsulting.net http://falcon.secureconsulting.net/ "We must scrupulously guard the civil liberties of all citizens, whatever their background. We must remember that any oppression, any injustice, any hatred is a wedge designed to attack our civilization." -President Franklin Delano Roosevelt
Current thread:
- application security reqs - standards comparison? Jari Pirhonen (Nov 07)
- Re: application security reqs - standards comparison? oddbjorn (Nov 08)
- Re: application security reqs - standards comparison? Jari Pirhonen (Nov 08)
- <Possible follow-ups>
- application security reqs - standards comparison? Benjamin Tomhave (Nov 25)
- Re: application security reqs - standards comparison? oddbjorn (Nov 08)