Connect with us

Hi, what are you looking for?

Cyber Security

ISO/IEC 27554

ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [Draft]

Introduction

To facilitate the application of ISO 31000 risk management guidelines to identity management, this standard will outline the associated risks.

To evaluate identity management-related risks through the ISO 31000 process, scenarios will be developed for processes and implementations as part of the risk assessment.

The scope of the standard

In particular, the standard applies to the assessment of risks associated with services and processes dependent upon or related to the management of identities. The risk assessment will exclude risks associated with delivery, technology, or security generally. Other standards that concern the control of identity information will be used alongside this standard.

By providing a standardized definition, context and impact of identity-related risks, the standard fills gaps in other standards.

The content

To be determined.

Status

The project began in 2018.

The standard should be published by the end of 2023.

A skeletal outline was included in the first Working Draft.

Commentary

To be determined.

You May Also Like

Information Security

ISO 27001 Clause 6.1.3 Information security risk treatment Required activity The organization defines and applies a risk treatment process for information security. Guidelines for...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Compliance

5. 1 Management direction for information security ISO 27001 Annex : A.5 Information Security Policies – Its objective is to provide management guidance and...

Cyber Security

ISO/IEC 27551 — Information security, cybersecurity and privacy protection — Requirements for attribute-based unlinkable entity authentication [Draft] Introduction Attribute-Based Unlinkable Entity Authentication permits formal...