Application security has become according to Gartner a top priority concern for CIOs, as software applications are today the primary gateways to sensitive data. IT Governance has published, to help software developers ensure that best practice security is fully incorporated within their products, 'Application Security in the ISO27001 Environment' (http://www.itgovernance.co.uk/products/1496 ). This practical guide explains how to use the global ISO27001 standard (http://www.itgovernance.co.uk/iso27001.aspx ) to meet the increasingly rigorous security demands of the software application market, an important requirement for future commercial success. Providing organisations that deploy applications with a clear explanation of the issues they must monitor, it is also of value to them.

Facilitating everything from email and communications to personal finance and Internet shopping, software applications have become integral to our personal and professional lives. Including financial and other personally identifiable information, they have therefore become a channel through which vast amount of sensitive data is passed. Companies and organisations must ensure, to underpin their customer loyalty, reputations and brand value, that this data is secure and that their information systems are robust and dependable.

CIOs and other budget holders, for this reason, now place far greater emphasis upon information security when making application procurement decisions. 'Generic countermeasures are no longer adequate' for ensuring application security, according to Deloitte's 2007 Global Security Survey, The Shifting Security Paradigm. Meanwhile, in the same study, Deloitte found that 87 percent of respondents saw poor software development quality as a top threat facing them in the next 12 months.

'Application Security in the ISO27001 Environment' is written by Sangita Pakala Sachin Shetty, Firosh Ummer, Anoop Mangla, Vinod Vasudevan, and Siddharth Anbalahan. The authors offer together, a wealth of expertise in ISO27001 information security, risk management and software application development. They address, over 224 pages, a range of essential topics, including an introduction to ISO27001 and ISO27002, threat profiling and security testing, secure development lifecycles, and secure coding guidelines.