Jari Pirhonen wrote:
Does anyone know or have a document, which would compare different
security/auditing standards from the application security point of view?
For example ISO 17799, COBIT, ISF, VISA/MC, GAISP, etc. I'd like to see,
how much differences there really are and if one standard would cover
all the other standards on this particular area.
You might want to take a look at
http://www.issa.org/gaisp/_pdfs/strawman_mapping.pdf
which compares the GAISP to the (ISC)2 CBK, ISF Standard of Good Practice,
17799, COBIT and NIST SP 800-14. Since they all try to cover all aspects of
information security, you might want to look at an application security
specific
guide, for example the OWASP Guide, instead:
http://www.owasp.org/documentation/guide/guide_about.html
regards,
Jari
-oddbjorn
