
At a Glance
ePUB
eBook
$39.99
or 4 interest-free payments of $10.00 with
orInstant Digital Delivery to your Kobo Reader App
Security controls only work in software companies when they become part of how engineers design, build, test, and ship. Volume 2 translates ISO/IEC 27001:2022 into day-to-day engineering practices, so your ISMS strengthens delivery instead of slowing it down.
What you'll get:
- Secure SDLC patterns that work in agile teams (standards, reviews, guardrails)
- CI/CD + build hardening, including source code and artifact integrity
- Practical AppSec testing strategy (where SAST/DAST/IAST fits, and where it doesn't)
- Supply-chain risk management for dependencies and third-party components
- Secrets + key management, and access control for developer tooling
- Vulnerability management loop tied to risk treatment and measurable remediation
What it helps you produce: engineering-friendly standards, repeatable controls, and evidence that is generated by your delivery pipeline — not by manual "compliance chores".
Typical questions this volume answers:
- What does "secure by default" look like in agile teams that ship weekly or daily?
- How do we harden CI/CD and protect source code + build artifacts?
- Where do SAST/DAST/IAST fit (and where do they create noise)?
- How do we treat software supply chain risk in a way that auditors accept?
Who it's for: engineering and security teams that want "secure by default" delivery with auditable evidence.
on
ISBN: 9798233828881
Series: ISO 27001 for Software Companies : Book 3
Published: 29th May 2026
Format: ePUB
Language: English
Publisher: ?Harald Messemer
Volume Number: 3
























