Blog posts

Integrating ISO 17799 into your Software Development Lifecycle

[IN]Secure Magazine - Issue 11I open the new section Papers & Presentations of this blog posting my latest article published on INSECURE Magazine: “Integrating ISO 17799 into your Software Development Lifecycle”.

In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using ISO/IEC 17799 (now ISO/IEC 27002). The article includes a summary table linking specific clauses in the standard to SDLC phases starting from the risk assessment stage, prior to drawing up security requirements, and continuing right through development, testing and operations to system disposal at the end of its life.

Continue reading “Integrating ISO 17799 into your Software Development Lifecycle”

Just passed my GIAC Certified Intrusion Analyst (GCIA) exam!

GCIAYes! I’m just writing my first post from the Apple Store at Regent Street (London) to let you know that I’ve just passed my SANS GCIA exam. Indeed, I know it could have been better (scored 89%) and that I scored even more on my first GIAC exam (GCFA -Forensics Analyst- that I took on 2007), but hey, analysing large network dumps is not that easy. Anyway, another nice acronym to add to my signature 😉

By the way, I thought there was no better place to start my new blog than right from where I am. If you keep reading my blog (thanks for that) you will see there are many things I enjoy. One of those is traveling, and London is one of my favourites places, and other one is technology, specially anything related to Information Security. And yes, that includes Macs! In fact I’m currently typing in one of the new iMacs, and you know how difficult is to find a free one, if you have ever been here.

Well, let’s keep this post short for now. I’m heading to the airport to catch my flight back home. I’ll be posting here soon, so stay tuned.