Application security is, today, a #1 issue for CIOs, according to Gartner. Why is this? Deloitte (in their 2007 Global Security Survey: The Shifting Security Paradigm) say of application security that ‘generic countermeasures are no longer adequate.’ Applications are in fact now the primary gateway to sensitive data and, therefore, application security is critical to effective information security management. However, 87% of respondents to the Deloitte survey identified poor software development quality as a top threat facing them in the next 12 months. Application software – from Microsoft Office, SAP and Lotus Notes to Adobe, SAGE and Skype – is ubiquitous, affecting all aspects of our personal and professional lives. Software vulnerabilities are equally ubiquitous, threatening: .Personal identities .Intellectual property .Corporate brand value, credit card data and consumer trust .Business services, operations and continuity, as well as our .Critical national infrastructures and the public sector. Individual, corporate and national security and economic effectiveness depend on the reliable execution of software. This book shows you how to use ISO/IEC 27001 to secure applications and how to tackle this issue as part of the development and roll out of an Information Security Management System (‘ISMS’) that conforms with ISO/IEC 27001.