Greetings - new to the list, was reading through the archives, saw this recent post...
Jari Pirhonen wrote: > Does anyone know or have a document, which would compare different security/auditing standards > from the application security point of view? For example ISO 17799, COBIT, ISF, VISA/MC, GAISP, > etc. I'd like to see, how much differences there really are and if one standard would cover all > the other standards on this particular area. I published a white paper last Summer that classifies, compares, and describes many of these methods. It's available online from http://falcon.secureconsulting.net/professional/papers/Alphabet_Soup.pdf and is scheduled for an updated release this Winter to account for the recent revisions of 17799, new release of 27001, finalized PCI DSS standards, upcoming revisions to CobiT, and so on. Your comments or corrections are welcomed. cheers, -ben --- Benjamin Tomhave, CISSP [EMAIL PROTECTED] http://falcon.secureconsulting.net/ "We must scrupulously guard the civil liberties of all citizens, whatever their background. We must remember that any oppression, any injustice, any hatred is a wedge designed to attack our civilization." -President Franklin Delano Roosevelt _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
