ISO/IEC 27034 Lead Application Security Implementer
Why should you attend?
ISO/IEC 27034 Lead Implementer training enables you to develop the necessary expertise to support an organization in establishing, implementing and managing Application Security (AS) based on ISO/IEC 27034. During this training course, you will also gain a thorough understanding of the best practices of Application Security techniques and be able to identify and avoid common application vulnerabilities.
After mastering all the necessary concepts of Application Security (AS) techniques, you can sit for the exam and apply for a “Certified ISO/IEC 27034 Lead Implementer” credential. By holding a Lead Implementer Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to implement Application Security techniques in an organization.
Who should attend?
- Managers or consultants involved in Application Security (AS)
- Expert advisors seeking to master the implementation of Application Security techniques
- Individuals responsible for maintaining conformance with organization`s Application Security requirements
- Application developers
- Application Security analysts
- Expert advisors involved in Application Security (AS) operations
Learning objectives
- Acknowledge the correlation between ISO/IEC 27034 and other standards and regulatory frameworks
- Master the concepts, principles, approaches, processes and techniques used for the implementation and effective maintenance of Application Security
- Learn how to interpret the ISO/IEC 27034 guidelines within the specific context of an organization
- Learn how to support an organization to effectively plan, implement, and manage Application Security
- Acquire the expertise to advise an organization in implementing Application Security best practices
Educational approach
- This training is based on both theory and best practices used in the implementation of Application Security (AS) techniques
- Lecture sessions are illustrated with examples based on case studies
- Practical exercises are based on a case study which includes role playing and discussions
- Practice tests are similar to the Certification Exam
Prerequisites
A fundamental understanding of ISO/IEC 27034 and comprehensive knowledge of implementation principles.
Course agenda
Day 1: Introduction to Application Security techniques
Day 2: Plan the implementation of AS techniques based on ISO/IEC 27034 (project level)
Day 3: Implementation of AS techniques based on ISO/IEC 27034 (organization level)
Day 4: AS validation and certification, protocols and ASC data structure based on ISO/IEC 27034
Day 5: Certification Exam
Examination
The “Certified ISO/IEC 27034 Lead Implementer” exam fully meets the requirements of the Examination and Certification Programme (ECP). The exam covers the following competency domains:
Domain 1: Fundamental principles and concepts of Application Security
Domain 2: Application Security Controls (ASCs) and other best practices in AS
Domain 3: Preparation of an AS project implementation based on ISO/IEC 27034
Domain 4: Implementing an AS project based on ISO/IEC 27034
Domain 5: Performance evaluation, monitoring and measurement of an AS project based on ISO/IEC 27034
Domain 6: Continual improvement of an AS project based on ISO/IEC 27034
Domain 7: Preparing for an Application Security audit
Certification
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.
The requirements for Implementer Certifications are:
Credential |
Exam |
Professional |
ASMS project experience |
Other requirements |
Certified ISO/IEC 27034 Provisional Application Security |
Certified ISO/IEC 27034 Lead Implementer Exam |
None |
None |
Signing the Code of Ethics |
Certified ISO/IEC 27034 Application Security Implementer | Certified ISO/IEC 27034 Lead Implementer Exam or equivalent | Two years: One year of work experience in related field | Project activities totaling 200 hours | Signing the code of ethics |
Certified ISO/IEC 27034 Lead Application Security Implementer | Certified ISO/IEC 27034 Lead Implementer Exam or equivalent | Five years: Two years of work experience in Application Security | Project activities: a total of 300 hours | Signing the Code of Ethics |
To be considered valid, these implementation activities should follow best implementation practices and include the following activities:
- Managing an AS implementation project
- Performing risk assessment
- Implementing AS based on ISO/IEC 27034
- Drafting Application Security (AS) processes
- Performing an evaluation, monitoring and measurement of Application Security activities based on ISO 27034
- Managing an Application Security team
General Information
- Certification fees are included on the exam price
- Training material containing over 450 pages of information and practical examples will be distributed
- A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
- In case of exam failure, you can retake the exam within 12 months for free