Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Security in web applications

  Quote
Guest
Guest user Created:   Jun 28, 2017 Last commented:   Jun 28, 2017

Security in web applications

1 - Im trying to look for the best ISO norms for a web application that has a web server ,DB, Firewall ,application server . So if i try to write an IT Security concept for a web application which norm should i use ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 28, 2017

Answer: For security of web application I'd suggest you to take a look at ISO 15408 at ISO site: https://www.iso.org/standard/50341.html This standard is an international reference for computer security certification

2 - what is the main difference between 27001, 27002, 27003, 27004 , I'm trying to read them but I feel there is a lot a similarity and no difference to choose the right one of them

Answer: ISO 27001 covers the requirements for the establishment, implementation, maintenance and continual improvement of an Information Security Management System. ISO 27002 provides details and recommendations for the implementation of the controls described in the Annex A of ISO 27001.

ISO 27003 provides details and recommendations for the implementation of the requirements of ISO 27001. And ISO 27004 provides specific guidance for monitoring, measurement, analysis and evaluation of an ISMS.

In short, ISO 27001 defines what must be done, and ISO 27002, 27003 and 27004 provides recommendations about how to do what is required.

This article will provide you further explanation about ISO standards:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

These materials will also help you regarding ISO standards:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0
Guest
alaadinebouzghiba Jun 28, 2017
Thank you for you replay ,
is 27001 combined with 27002 a good idea to secure a web application also? , because i mean there is some points in 27001 that we dont need probably or if i want to write a security policy for a web application , because i didn't get a lot of information about 15408 and how it works
What do u think about PCI ? im just trying to get the best norm and explain why thanks for u help
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 28, 2017

Jun 28, 2017