ISO/IEC 27554
ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [Draft]
Introduction
To facilitate the application of ISO 31000 risk management guidelines to identity management, this standard will outline the associated risks.
To evaluate identity management-related risks through the ISO 31000 process, scenarios will be developed for processes and implementations as part of the risk assessment.
The scope of the standard
In particular, the standard applies to the assessment of risks associated with services and processes dependent upon or related to the management of identities. The risk assessment will exclude risks associated with delivery, technology, or security generally. Other standards that concern the control of identity information will be used alongside this standard.
By providing a standardized definition, context and impact of identity-related risks, the standard fills gaps in other standards.
The content
To be determined.
Status
The project began in 2018.
The standard should be published by the end of 2023.
A skeletal outline was included in the first Working Draft.
Commentary
To be determined.