CERTIFIED ISO 27034 LEAD IMPLEMENTER

(5-day course)

This five-day intensive course enables participants to develop, acquire, implement and use trustworthy applications, at an acceptable (or tolerable) security cost. More specifically, these components, processes and frameworks provide verifiable evidence that applications have reached and maintained a targeted level of trust as specified in ISO/IEC 27034.

The purpose of ISO/IEC 27034 Lead Implementer is to assist organizations in integrating security seamlessly throughout the life cycle of their applications.

Applications Security applies to the original software of an application and to its contributing factors that impact its security, such as data, technology, application development life cycle processes, supporting processes and actors, and it applies to all sizes and all type of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) exposed to risk associated with applications.

The multi-part standard provided guidance on specifying, designing/selecting an implementing information security controls through a set of processes integrated throughout an organization's System Development Life Cycle/s (SDLC)


Next course dates (in Belgium): 

  • May 23-27, 2016 (register before April 30, 2016)
  • October 3-7, 2016 (register before September 30, 2016)

 

 

WHO SHOULD ATTEND?

  • Project managers or consultants wanting to prepare and to support an organization in the implementation of an Application Security.
  • ISO 27034 auditors who wish to fully understand the Application Security implementation process
  • Administrators Software acquirers
  • Software development managers
  • Applications owners
  • Line Managers, who supervises employees

 

REQUEST INFORMATION

 

LEARNING OBJECTIVES

  • To understand the implementation of an AS in accordance with ISO/IEC 27034
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective managememt of an AS
  • To understand the relationship between the components of an AS including risk management, controls and compliance with the requirements of differents stakeholders of the organization
  • To acquire necessary expertise to support an organization in implementing, managing and maintaining an AS as specified in ISO/IEC 27034
  • To acquire necessary epxertise to manage a team implementing ISO/IEC 27034
  • To develop knowledge and skills required to advise organizations on best practices in the mangement of an AS
  • To improve the capacity for analysis and decision making in the context of an AS

 

COURSE AGENDA

  • DAY 1: INTRODUCTION TO IT - SECURITY TECHNIQUES - APPLICATION SECURITY OVERVIEW AND CONCEPTS AS REQUIRED BY ISO 27034
    Introduction to Security Techniques - Application Security and the process approach Presentation of the standards ISO 27034-1, ISO 27034-2, ISO 27034-3, ISO 27034-4, ISO 27035-5, ISO 27034-6 and regulatory framework Fundamentals principles of Security Techniques - Application Security Overview and concepts of Application Security Definitions, concepts, principles and processes involved in Application Security
  • DAY 2: IMPLEMENTATION OF IT - SECURITY TECHNIQUES - APPLICATION SECURITY BASED ON ISO 27034
    Organization normative framework Definition of the scope in Application Security Relationship and support of processes to the Application Security management process Implementation of ISO/IEC 27034 and integration of it into its existing processes Application Security risks assessments Realization, operation and validation of application of security throughout its lifecycle Development of Application Security validation Drafting the certification process
  • DAY 3: PROTOCOLS AND APPLICATION SECURITY CONTROL DATA STRUCTURE BASED ON ISO 27034
    Application security control data structure requirements, descriptions, graphical representation XML schema, based on ISO/TS 15000: Electronic business extensible Markup Language ebXML Facilitation the implementation of the ISO/IEC 27034 Communication and exchange of ASC's Establishment of librairies of Application Security functions Provisioning and operating the application
  • DAY 4: SECURITY GUIDANCE FOR SPECIFIC APPLICATIONS
    Application Security controls based on ISO 27034 Development of metrics, performance indicators and dashboards in accordance with ISO 27034 ISO 27034 internal audit Review of IT - Security Techniques - Application Security Implementation of a continual improvement program Preparing for an ISO 27034 certification audit
  • DAY 5: CERTIFICATION EXAM
    PECB's 3 hours Certified ISO/IEC 27034 Lead Implementer Exam is available in different languages. The candidates who do not pass the exam will be able to retake it for free within 12 months from the initial exam date.

 

EXAMINATION

The “Certified ISO/IEC 27034 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:

  • Domain 1: Overview and concepts
  • Domain 2: Organization normative framework best practice based on ISO 27034
  • Domain 3: Application Security management process based on ISO 27034
  • Domain 4: Application Security validation based on ISO 27034
  • Domain 5: Protocols and Application Security control data structure based on ISO 27034
  • Domain 6: Security guidance for specific applications based on ISO 27034
  • Domain 7: Preparing for ISO 27034 certification audit

 

CERTIFICATION

After successfully completing the exam, the participants can apply for the credentials of Certified ISO/IEC 27034 Provisional Implementer, Certified ISO/IEC 27034 Implementer or Certified ISO/IEC 27034 Lead Implementer, depending on their level of experience.

A certificate will be issued to participants who successfully pass the exam and comply with all the others requirements related to the selected credentials.

 

GENERAL INFORMATION

  • Certification fees are included in the exam price
  • A student manual containing over 450 pages of information and practical examples
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants

 


 

PRE-REGISTER HERE...

 

REGISTRATION

  • Price: 2500.00 €
  • When:
    • May 23-27, 2016 (register before April 30, 2016)
    • October 3-7, 2016 (register before September 30, 2016)
  • Location: ICT Control, Brussels (BELGIUM)
  • Minimum enrollment: 4 participants

 


 

Download Brochure (PDF)

 

download brochure (EN)

download brochure (FR)