[EMAIL PROTECTED] wrote:
Jari Pirhonen wrote:
Does anyone know or have a document, which would compare different
security/auditing standards from the application security point of
view? For example ISO 17799, COBIT, ISF, VISA/MC, GAISP, etc. I'd like
to see, how much differences there really are and if one standard
would cover all the other standards on this particular area.
You might want to take a look at
http://www.issa.org/gaisp/_pdfs/strawman_mapping.pdf
Thanks.
which compares the GAISP to the (ISC)2 CBK, ISF Standard of Good Practice,
17799, COBIT and NIST SP 800-14. Since they all try to cover all aspects of
information security, you might want to look at an application security
specific
guide, for example the OWASP Guide, instead:
http://www.owasp.org/documentation/guide/guide_about.html
OWASP is a good source, but I don't have problems with defining security
requirements for applications or SDLC. I just try to find out how much common
standards/guidelines differ on this topic. I have received several replies and
it seems that there's no comprehensive comparison available at the level I'm
searching for.
Jari
