CERTIFIED ISO 27034 LEAD IMPLEMENTER

MASTERING THE IMPLEMENTATION OF MANAGEMENT IN IT - SECURITY TECHNIQUES APPLICATION SECURITY BASED ON ISO 27034

SUMMARY
This five-day intensive course enables the participants to develop, acquire, implement and use trustworthy applications, at an acceptable (or tolerable) security cost. More specifically, these components, processes and frameworks provide verifiable evidence that applications have reached and maintained a targeted level of trust as specified in ISO/IEC 27034. The purpose of ISO/IEC 27034 Lead Implementer is to assist organizations in integrating security seamlessly throughout the life cycle of their applications. Application Security applies to the original software of an application and to its contributing factors that impact its security, such as data, technology, application development life cycle processes, supporting processes and actors, and it applies to all sizes and all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) exposed to risks associated with applications. The multi-part standard provides guidance on specifying, designing/selecting and implementing information security controls through a set of processes integrated throughout an organizations Systems Development Life Cycle/s (SDLC).

WHO SHOULD ATTEND?

P roject managers or consultants wanting to prepare and to support an organization in the implementation of an Application Security ISO 27034 auditors who wish to fully understand the Application Security implementation process Administrators Software acquirers Software development managers Application owner Line managers, who supervise employees

COURSE AGENDA
DAY 1 Introduction to IT - Security techniques Application Security overview and concepts as required by ISO 27034
Introduction to Security techniques Application Security and the process approach Presentation of the standards ISO 27034-1, ISO 270342, ISO 27034-3, ISO 27034-4, ISO 27034-5, ISO 27034-6 and regulatory framework Fundamental principles of Security Techniques Application Security Overview and concepts of Application Security Definitions, concepts, principles and processes involved in Application Security

DURATION: 5 DAYS DAY 2 Implementation of IT - Security techniques Application Security based on ISO 27034

O rganization normative framework Definition of the scope in Application Security Relationships and support of processes to the Application Security management process Implementation of ISO/IEC 27034 and integration of it into its existing processes Application Security risks assessment Realization, operation and validation of application of security throughout its life cycle Development of Application Security validation Drafting the certification process

DAY 3 Protocols and Application Security control data structure based on ISO 27034

DAY 4 Security guidance for specific applications

A pplications Security controls based on ISO 27034 Development of metrics, performance indicators and dashboards in accordance with ISO 27034 ISO 27034 internal audit Review of IT - Security techniques Application Security Implementation of a continual improvement program Preparing for an ISO 27034 certification audit

A pplication security control data structure requirements, descriptions, graphical representation XML schema, based on ISO/TS 15000: Electronic business extensible Markup Language ebXML Facilitation the implementation of the ISO/IEC 27034 Communication and exchange of ASC's Establishment of libraries of Application Security functions Provisioning and operating the application

Certification Exam DAY 5 PECBs 3 Hour Certified ISO/IEC 27034 Lead Implementer Exam is available in different languages. The candidates
who do not pass the exam will be able to retake it for free within 12 months from the initial exam date.

www.pecb.org

EXAMINATION
The Certified ISO/IEC 27034 Lead Implementer exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: Domain 1: Overview and concepts Domain 2: Organization normative framework best practice based on ISO 27034 Domain 3 Application Security management process based on ISO 27034 Domain 4: Application Security validation based on ISO 27034 Domain 5: Protocols and Application Security control data structure based on ISO 27034 Domain 6: Security guidance for specific applications based on ISO 27034 Domain 7: Preparing for ISO 27034 certification audit  For more information about the exam, please visit: www.pecb.org

CERTIFICATION
A fter successfully completing the exam, the participants can apply for the credentials of Certified ISO/IEC 27034 Provisional Implementer, Certified ISO/IEC 27034 Implementer or Certified ISO/IEC 27034 Lead Implementer, depending on their level of experience A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential: Credential ISO 27034 Provisional Implementer Exam ISO 27034 Lead Implementer Exam ISO 27034 Lead Implementer Exam Professional Experience None Two years One year of Information Technology Security Techniques work experience Five years Two years of Information Technology Security Techniques work experience ITST Audit Experience None ITST Project Experience None Other Requirements Signing the PECB code of ethics Signing the PECB code of ethics

ISO 27034 Implementer

None

Project activities totaling 200 hours

ISO 27034 Lead Implementer

ISO 27034 Lead Implementer Exam

None

Project activities totaling 300 hours

Signing the PECB code of ethics

GENERAL INFORMATION
Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants

For additional information, please contact us at info@pecb.org www.pecb.org

PECB

Certified ISO 27034 Lead Implementer