MASTERING THE IMPLEMENTATION OF MANAGEMENT IN IT - SECURITY TECHNIQUES – APPLICATION SECURITY BASED ON ISO 27034

SUMMARY

This five-day intensive course enables the participants to develop, acquire, implement and use trustworthy applications, at an acceptable (or tolerable) security cost. More specifically, these components, processes and frameworks provide verifiable evidence that applications have reached and maintained a targeted level of trust as specified in ISO/IEC 27034. The purpose of ISO/IEC 27034 Lead Implementer is to assist organizations in integrating security seamlessly throughout the life cycle of their applications. Application Security applies to the original software of an application and to its contributing factors that impact its security, such as data, technology, application development life cycle processes, supporting processes and actors, and it applies to all sizes and all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) exposed to risks associated with applications.

DAY 1 DAY 2

DAY 3 DAY 4

DURATION: 5 DAYSCOURSE AGENDA

Introduction to IT - Security techniques – Application Security overview and concepts as required by ISO 27034

▶ Introduction to Security techniques – Application Security and the process approach

▶ Presentation of the standards ISO 27034-1, ISO 27034-2, ISO 27034-3, ISO 27034-4, ISO 27034-5, ISO 27034-6 and regulatory framework

▶ Fundamental principles of Security techniques – Application Security

▶ Overview and concepts of Application Security

▶ Definitions, concepts, principles and processes involved in Application Security

Protocols and application security control data structure based on ISO 27034

▶ Application security control data structure requirements, descriptions, graphical representation

▶ XML schema, based on ISO/TS 15000: Electronic business extensible Markup Language ebXML

▶ Facilitation the implementation of the ISO/IEC 27034 ▶ Communication and exchange of ASCs ▶ Establishment of libraries of Application Security unctions ▶ Provisioning and operating the application

Implementation of IT - Security Techniques – Application Security based on ISO 27034

▶ Organization normative framework ▶ Definition of the scope in Application Security ▶ Relationships and support of processes to the

Application Security management process ▶ Implementation of ISO/IEC 27034 and integration of it

into its existing processes ▶ Realization, operation and validation of application of

security throughout its life cycle ▶ Security into application project ▶ Development of Application Security validation ▶ Drafting the certification process

Security guidance for specific applications ▶ Applications Security Controls based on ISO 27034 ▶ Development of metrics, performance indicators and

dashboards in accordance with ISO 27034 ▶ ISO 27034 internal audit ▶ Review of IT - Security techniques – Application

Security ▶ Implementation of a continual improvement program ▶ Preparing for an ISO 27034 certification audit

DAY 5 Certification Exam

www.pecb.org

CERTIFIED ISO 27034 LEAD IMPLEMENTER

LEARNING OBJECTIVES

▶ To understand the implementation of an IT - Security techniques – Application Security in accordance with ISO 27034 ▶ To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques

required for the effective management of Security techniques – Application Security ▶ To understand the relationship between the components of an Application Security including risk management,

controls and compliance with the requirements of different stakeholders of the organization ▶ To acquire necessary expertise to support an organization in implementing, managing and maintaining an

Application Security as specified in ISO 27034 ▶ To acquire necessary expertise to manage a team implementing ISO 27034 ▶ To develop knowledge and skills required to advise organizations on best practices in the management of

Application Security ▶ To improve the capacity for analysis and decision making in the context of Application Security

WHO SHOULD ATTEND?

▶ Project managers or consultants wanting to prepare and to support an organization in the implementation of an Application Security

▶ ISO 27034 auditors who wish to fully understand the Application Security implementation process ▶ Administrators ▶ Software acquirers ▶ Software development managers ▶ Application owners ▶ Line managers, who supervise employees

www.pecb.org www.pecb.org

PECBCertified

ISO

Lead Implementer

27034

EXAMINATION

▶ The “Certified ISO/IEC 27034 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:

DOMAIN 1: FUNDAMENTAL PRINCIPLES AND CONCEPTS IN APPLICATION SECURITY

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can understand, interpret and illustrate the main Application Security concepts related to an Information Technology Application Security (AS)

DOMAIN 2: APPLICATION SECURITY CONTROL BEST PRACTICE BASED ON ISO 27002

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can understand, interpret and provide guidance on how to implement and manage Application Security controls best practices based on ISO 27002

DOMAIN 3: PLANNING AN AS BASED ON ISO 27034

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can plan the implementation of an AS in preparation for an ISO 27034 certification

DOMAIN 4: IMPLEMENTING AN AS BASED ON ISO 27034

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can implement the processes and security controls of an AS required for an ISO 27034 certification

DOMAIN 5: PERFORMANCE EVALUATION, MONITORING AND MEASUREMENT OF AN AS BASED ON

ISO 27034

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can evaluate, monitor and measure the performance of an AS in the context of an ISO 27034 certification

DOMAIN 6: CONTINUOUS IMPROVEMENT OF AN AS BASED ON ISO 27034

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can provide guidance on the continuous improvement of an AS in the context of ISO 27034

DOMAIN 7: PREPARATION FOR AN AS CERTIFICATION AUDIT

Main Objective: To ensure that the ISO 27034 Lead Implementer candidate can prepare and assist an organization for the certification of an AS against the ISO 27034 standard

▶ The “Certified ISO/IEC 27034 Lead Implementer” exam is available in different languages, including English, French, Spanish and Portuguese

▶ Duration: 3 hours ▶ For more information about the exam, please visit: www.pecb.org

1

2

3

4

5

6

7

www.pecb.org

CERTIFICATION

▶ After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27034 Provisional Implementer, Certified ISO/IEC 27034 Implementer or Certified ISO/IEC 27034 Lead Implementer, depending on their level of experience

▶ A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential:

GENERAL INFORMATION

▶ Certification fees are included in the exam price ▶ Participant manual contains over 450 pages of information and practical examples ▶ A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants

▶ In case of failure of the exam, participants are allowed to retake it for free under certain conditions

Credential Exam ProfessionalExperience

ITST AuditExperience

ITST ProjectExperience

OtherRequirements

ISO 27034Provisional

Implementer

ISO 27034 LeadImplementer

ExamNone None None

Signing thePECB

code of ethics

ISO 27034Implementer

ISO 27034 LeadImplementer

Exam

Two yearsOne year ofInformation

Technology Security Techniques work

experience

NoneProject activities

totaling200 hours

Signing thePECB

code of ethics

ISO 27034Lead

Implementer

ISO 27034 LeadImplementer

Exam

Five yearsTwo years ofInformation

Technology Security Techniques work

experience

NoneProject activities

totaling300 hours

Signing thePECB

code of ethics

www.pecb.org

For additional information, please contact us at info@pecb.org PECB

Certified

ISO

Lead Implementer

27034