Papers and presentations will be posted to this page on a regular basis.

Papers

Integrating ISO 17999 into your Software Development Lifecycle

In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using ISO/IEC 17799 (now ISO/IEC 27002). The article includes a summary table linking specific clauses in the standard to SDLC phases starting from the risk assessment stage, prior to drawing up security requirements, and continuing right through development, testing and operations to system disposal at the end of its life.

Thanks to Mirko Zorz, INSECURE’s Chief Editor, for publishing my work and thanks to all the colleagues in the security community that have reviewed my article and posted positive comments on their websites. Just to mention a few:

• Gary Hinson, the brains behind well known sites like Noticebored.com, made a short review of the article and included it on the Links section of his ISO 27001 security website. Thanks Gary!
• Jose Manuel Fernandez, a fellow countryman made also an entry on his blog; this one in Spanish. Thanks mate
• Javier Ruiz and Agustin Lopez, included my article in the ISO 27000 Guidelines section of their website. They have even asked me to record a podcast on section 12 of the Standard, but haven’t found the time so far, so sorry for that chaps. I own you one!

To download my article only, instead of the full issue click here.

If you happen to find a review somewhere else or want to send me your comments on it, you are welcome!

Presentations

Windows Forensics Analysis (pdf and mov) - in Spanish

Presentation given at the 3rd FORMAN Security Workshop held at Malaga’s Business Park on April 16, 2008. Slides are in Spanish. A mov file is also available in case you want to watch the presentation in the iPod.

Análisis Forense de un Sistema Windows (PDF - 1,6 MB)

Análisis Forense de un Sistema Windows (MOV - 3,98 MB - 640×480 )