1. CERTIFIED ISO 27034
LEAD IMPLEMENTER
MASTERING THE IMPLEMENTATION OF MANAGEMENT IN IT - SECURITY TECHNIQUES
– APPLICATION SECURITY BASED ON ISO 27034
SUMMARY
This five-day intensive course enables the participants to develop, acquire, implement and use trustworthy applications, at an
acceptable (or tolerable) security cost. More specifically, these components, processes and frameworks provide verifiable evidence
that applications have reached and maintained a targeted level of trust as specified in ISO/IEC 27034. The purpose of ISO/IEC
27034 Lead Implementer is to assist organizations in integrating security seamlessly throughout the life cycle of their applications.
Application Security applies to the original software of an application and to its contributing factors that impact its security, such as
data, technology, application development life cycle processes, supporting processes and actors, and it applies to all sizes and all
types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) exposed to risks associated
with applications. The multi-part standard provides guidance on specifying, designing/selecting and implementing information
security controls through a set of processes integrated throughout an organization’s Systems Development Life Cycle/s (SDLC).
WHO SHOULD ATTEND?
▶▶ roject managers or consultants wanting to prepare
P
and to support an organization in the implementation of
an Application Security
▶▶ SO 27034 auditors who wish to fully understand the
I
Application Security implementation process
▶▶ Administrators
▶▶
▶▶
▶▶
▶▶
Software acquirers
S
oftware development managers
Application owner
L
ine managers, who supervise employees
COURSE AGENDA
DURATION: 5 DAYS
DAY 1
Introduction to IT - Security techniques –
Application Security overview and concepts as
required by ISO 27034
▶▶ Introduction to Security techniques – Application
Security and the process approach
▶▶ Presentation of the standards ISO 27034-1, ISO 270342, ISO 27034-3, ISO 27034-4, ISO 27034-5, ISO
27034-6 and regulatory framework
▶▶ Fundamental principles of Security Techniques –
Application Security
▶▶ Overview and concepts of Application Security
▶▶ Definitions, concepts, principles and processes involved
in Application Security
DAY 3
Protocols and Application Security control
data structure based on ISO 27034
▶▶ pplication security control data structure
A
requirements, descriptions, graphical representation
▶▶ ML schema, based on ISO/TS 15000: Electronic
X
business extensible Markup Language ebXML
▶▶ acilitation the implementation of the ISO/IEC 27034
F
▶▶ ommunication and exchange of ASC's
C
▶▶ stablishment of libraries of Application Security
E
functions
▶▶ Provisioning and operating the application
DAY 2
Implementation of IT - Security techniques –
Application Security based on ISO 27034
▶▶ rganization normative framework
O
▶▶ efinition of the scope in Application Security
D
▶▶ elationships and support of processes to the Application
R
Security management process
▶▶ mplementation of ISO/IEC 27034 and integration of it into
I
its existing processes
▶▶ pplication Security risks assessment
A
▶▶ ealization, operation and validation of application of
R
security throughout its life cycle
▶▶ Development of Application Security validation
▶▶ Drafting the certification process
DAY 4
Security guidance for specific applications
▶▶ pplications Security controls based on ISO 27034
A
▶▶ evelopment of metrics, performance indicators and
D
dashboards in accordance with ISO 27034
▶▶ SO 27034 internal audit
I
▶▶ eview of IT - Security techniques – Application
R
Security
▶▶ mplementation of a continual improvement program
I
▶▶ reparing for an ISO 27034 certification audit
P
Certification Exam
DAY 5 ▶▶ PECB’s 3 Hour Certified ISO/IEC 27034 Lead Implementer Exam is available in different languages. The candidates
who do not pass the exam will be able to retake it for free within 12 months from the initial exam date.
www.pecb.org
2. EXAMINATION
▶▶ The “Certified ISO/IEC 27034 Lead Implementer” exam fully meets the requirements of the PECB Examination and
Certification Program (ECP). The exam covers the following competence domains:
»» omain 1: Overview and concepts
D
»» omain 2: Organization normative framework best practice based on ISO 27034
D
»» omain 3 Application Security management process based on ISO 27034
D
»» Domain 4: Application Security validation based on ISO 27034
»» omain 5: Protocols and Application Security control data structure based on ISO 27034
D
»» omain 6: Security guidance for specific applications based on ISO 27034
D
»» omain 7: Preparing for ISO 27034 certification audit
D
▶▶ or more information about the exam, please visit: www.pecb.org
F
CERTIFICATION
▶▶ fter successfully completing the exam, the participants can apply for the credentials of Certified ISO/IEC 27034
A
Provisional Implementer, Certified ISO/IEC 27034 Implementer or Certified ISO/IEC 27034 Lead Implementer,
depending on their level of experience
▶▶ A certificate will be issued to participants who successfully pass the exam and comply with all the other
requirements related to the selected credential:
Credential
Exam
Professional
Experience
ITST Audit
Experience
ITST Project
Experience
Other
Requirements
ISO 27034
Provisional
Implementer
ISO 27034 Lead
Implementer
Exam
None
None
None
Signing the
PECB
code of ethics
ISO 27034 Lead
Implementer
Exam
Two years
One year of
Information
Technology
Security Techniques
work experience
None
Project activities
totaling
200 hours
Signing the
PECB
code of ethics
ISO 27034 Lead
Implementer
Exam
Five years
Two years of
Information
Technology
Security Techniques
work experience
None
Project activities
totaling
300 hours
Signing the
PECB
code of ethics
ISO 27034
Implementer
ISO 27034
Lead
Implementer
GENERAL INFORMATION
▶▶ Certification fees are included in the exam price
▶▶ Participant manual contains over 450 pages of information and practical examples
▶▶ A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
For additional information,
please contact us at info@pecb.org
www.pecb.org
PECB
Certified
ISO 27034
Lead Implementer