ISO/IEC 27554

ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [Draft]

Introduction

To facilitate the application of ISO 31000 risk management guidelines to identity management, this standard will outline the associated risks.

To evaluate identity management-related risks through the ISO 31000 process, scenarios will be developed for processes and implementations as part of the risk assessment.

The scope of the standard

In particular, the standard applies to the assessment of risks associated with services and processes dependent upon or related to the management of identities. The risk assessment will exclude risks associated with delivery, technology, or security generally. Other standards that concern the control of identity information will be used alongside this standard.

By providing a standardized definition, context and impact of identity-related risks, the standard fills gaps in other standards.

The content

To be determined.

Status

The project began in 2018.

The standard should be published by the end of 2023.

A skeletal outline was included in the first Working Draft.

Commentary

To be determined.

ISO 27001

Lifestyle

Travel

Food

Fashion

Advertisment

Instagtam

Newsletter

ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [Draft]

Introduction

The scope of the standard

The content

Status

Commentary

About Author / editor

ISO 27001 Clause 10.2 Continual Improvement

ISO/IEC 27557