ISO/IEC 27034 - Application Security Introduction


This one-day training enables participants to be familiar with the basic concepts of implementation and management of an Application Security based on ISO 27034 as specified in ISO/IEC 27034. The participant will learn the different components of AM.
AS applies not only to the software of an application but also to its other components and contributing factors that impact its security, such as its technological context, its regulatory context, its business context, its specifications, the sensitivity of its data, and the processes and actors supporting its entire life cycle.


Who should attend?

  • Staff involved in the implementation of the ISO 27034 standard
  • IT Expert advisors
  • Provisioning and operation teams such as architects, analysts, programmers, testers, system administrators, DBA, network administrators, and technical personnel
  • Auditors
  • Administrators
  • Software acquirers
  • Software development managers
  • Application owner
  • Line managers, who supervise employees


Learning objectives

  • To understand the fundamentals of application security
  • To know the interrelationships between ISO 27034 and the other information security standards (ISO/IEC 27034-1, ISO/IEC 27034-1, ISO/IEC 27034-2, ISO/IEC 27034-3, ISO/IEC 27034-4, ISO/IEC 27034-5, ISO/IEC 27034-5-1, ISO/IEC 27034-6)
  • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage application security
  • To understand the relationship between the components of an AS including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • To understand the stages of the ISO 27034 certification process


Course Agenda

  • Introduction to ISO/IEC 27034 AS and its global vision
  • Presentation of the 27034 series: ISO/IEC 27034-1, ISO/IEC 27034-2, ISO/IEC 27034-3, ISO/IEC 27034-4, ISO/IEC 27034-5, ISO/IEC 27034-5-1, ISO/IEC 27034-6.
  • Application security control data structure requirements, descriptions, graphical representation
  • Implementation phases of ISO 27034 framework
  • Continual improvement of Application Security
  • Conducting an ISO 27034 certification audit




Examination and Certification


General Information

  • A student manual containing over 100 pages of information and practical examples will be distributed to participants
  • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants