Alphabet Soup
The following exchange recently took place on the Secure Coding mailing list (SC-L). I thought the information might be of use to some of you.
Mike Hines
mshines@purdue.edu
----------------------------------------
Jari Pirhonen wrote:
Does anyone know or have a document, which would compare different
security/auditing standards from the application security point of view? For
example ISO 17799, COBIT, ISF, VISA/MC, GAISP, etc. I'd like to see, how much
differences there really are and if one standard would cover all the other
standards on this particular area.
Benjamin Tomhave wrote:
I published a white paper last Summer that classifies, compares, and describes
many of these methods. It's available online from http://falcon.secureconsulting.net/professional/papers/Alphabet_Soup.pdf
and is scheduled for an updated release this Winter to account for the recent
revisions of 17799, new release of 27001, finalized PCI DSS standards, upcoming
revisions to CobiT, and so on. Your comments or corrections are welcomed.
cheers,
-ben
---
Benjamin Tomhave, CISSP
falcon@secureconsulting.net
http://falcon.secureconsulting.net/
"We must scrupulously guard the civil liberties of all citizens, whatever their
background. We must remember that any oppression, any injustice, any hatred is a
wedge designed to attack our civilization."
-President Franklin Delano Roosevelt