Information security, cybersecurity and privacy protection — Ontology building blocks for security and risk assessment

This document defines an inventory of building blocks conceptually associated with different types of assessments of information and communication technology (ICT) trustworthiness. These assessments apply to areas such as governance, risk management, security evaluation, secure development lifecycle (SDL), supply chain integrity and privacy. This document also defines an ontology that organizes these building blocks and provides instructions for using the inventory of building blocks and the ontology. Formalizing the types, categories, and structural characteristics of building blocks in the area of ICT trustworthiness assessment aims to increase efficiency and improve future harmonization in standards development and their use. Building blocks can refer to structural components as well as semantic components. These components can be connected to a variety of concepts and activities related to trustworthiness assessments, including process related, such as traceability or elements of assessment methodologies.

Sécurité de l'information, cybersécurité et protection de la vie privée — Blocs de construction pour l'ontologie de l'évaluation de la sécurité et des risques

General Information

Status
Published
Publication Date
04-Mar-2024
Current Stage
6060 - International Standard published
Start Date
05-Mar-2024
Due Date
13-Sep-2023
Completion Date
05-Mar-2024
Ref Project

Buy Standard

Technical specification
ISO/IEC TS 24462:2024 - Information security, cybersecurity and privacy protection — Ontology building blocks for security and risk assessment Released:5. 03. 2024
English language
41 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC DTS 24462 - Information security, cybersecurity and privacy protection — Ontology building blocks for security and risk assessment Released:20. 11. 2023
English language
43 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
REDLINE ISO/IEC DTS 24462 - Information security, cybersecurity and privacy protection — Ontology building blocks for security and risk assessment Released:20. 11. 2023
English language
43 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

Technical
Specification
ISO/IEC TS 24462
First edition
Information security, cybersecurity
2024-03
and privacy protection — Ontology
building blocks for security and risk
assessment
Sécurité de l'information, cybersécurité et protection de la vie
privée — Blocs de construction pour l'ontologie de l'évaluation de
la sécurité et des risques
Reference number
ISO/IEC TS 24462:2024(en) © ISO/IEC 2024

---------------------- Page: 1 ----------------------
ISO/IEC TS 24462:2024(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland

© ISO/IEC 2024 – All rights reserved
ii

---------------------- Page: 2 ----------------------
ISO/IEC TS 24462:2024(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms. 3
5 Background . 4
6 Methodology . 4
7 Building blocks: collection and structure . 7
7.1 General .7
7.2 Application security assessment .8
7.3 Risk assessment .8
7.4 Application security controls validation .9
7.5 Risk analysis .9
8 Ontology capturing relationships among BBs . 10
8.1 General .10
8.2 Building block: application security assessment . 13
8.3 Building block: risk assessment .
...

FINAL
TECHNICAL ISO/IEC DTS
DRAFT
SPECIFICATION 24462
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Ontology
Voting begins on:
2023-12-04 building blocks for security and risk
assessment
Voting terminates on:
2024-01-29
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC DTS 24462:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC DTS 24462:2023(E)
FINAL
TECHNICAL ISO/IEC DTS
DRAFT
SPECIFICATION 24462
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection — Ontology
Voting begins on:
building blocks for security and risk
assessment
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC DTS 24462:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 2 ----------------------
ISO/IEC DTS 24462:2023(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms.4
5 Background . 4
6 Methodology .5
7 Building blocks: collection and structure . 7
7.1 General . 7
7.2 Application security assessment . 9
7.3 Risk assessment .
...

Style Definition
ISO/IEC DTS 24462:2023(XE) .
Formatted: Font: 11 pt, English (United Kingdom)
ISO/IEC JTC 1/SC27/WG3
Formatted
...
Secretariat: DIN Formatted: zzCover, Left
Formatted
...
Date: 2023-08-2811-20
Formatted: Font: Not Bold
Formatted: zzCover, Left, Space After: 0 pt, Don't
Information Security, Cybersecuritysecurity, cybersecurity and Privacy
adjust space between Latin and Asian text, Don't adjust
Protectionprivacy protection — Ontology Building Blocksbuilding blocks for
space between Asian text and numbers
Securitysecurity and Risk Assessmentrisk assessment
Formatted: Font: 11 pt
Formatted: zzCover, Line spacing: single, Don't adjust
space between Latin and Asian text, Don't adjust space
between Asian text and numbers
Formatted
...

WD/CD/DIS/FDIS stage

Warning for WDs and CDs
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
change without notice and may not be referred to as an International Standard.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.


A model manuscript of a draft International Standard (known as “The Rice Model”) is available at
https://www.iso.org/iso/model_document-rice_model.pdf

© ISO #### – All rights reserved

---------------------- Page: 1 ----------------------
© ISO 20XX

---------------------- Page: 2 ----------------------
ISO/IEC TS DTS 24462:2023(XE)
Formatted: Font: 11.5 pt, Bold
Formatted: Normal
Formatted: Font: 11.5 pt, Bold
© ISO 2023
Formatted: Font: 11.5 pt, Bold
Formatted
All rights reserved. Unless otherwise specified, or required in the context of its implementation,
no part of this publication may be reproduced or utilized otherwise in any form or by any means,
Formatted: Font: 11 pt, Font color: Blue
electronic or mechanical, including photocopying, or posting on the internet or an intranet,
Formatted: Indent: Left: 0 pt, Right: 0 pt, Border: Left:
without prior written permission. Permission can be requested from either ISO at the address
(No border), Right: (No border)
below or ISO’sISO's member body in the country of the requester.
Formatted: Font: 11 pt, Font color: Blue
ISO copyright officeCopyright Office
Formatted: Font: 11 pt, Font color: Blue
Formatted: Font: 11 pt, Font color: Blue
CP 401 • Ch. de Blandonnet 8
Formatted: Font: 11 pt
CH-1214 Vernier, Geneva
Formatted: Font: 11 pt, Font color: Blue
Phone: + 41 22 749 01 11
Formatted: Font: 11 pt, Font color: Blue
Formatted: Indent: Left: 0 pt, First line: 0 pt, Right: 0
Email: copyright@iso.org
pt, Border: Left: (No border), Right: (No border)
Email: copyright@iso.org
Formatted: Font: 11 pt, Font color: Blue, English
Website: www.iso.orgwww.iso.org (United Kingdom)
Formatted: Font: 11 pt, Font color: Blue, English
Published in Switzerland.
(United Kingdom)
Formatted: Font: 11 pt, Font color: Blue, English
(United Kingdom)
Formatted: Font: 11 pt, Font color: Blue, English
(United Kingdom)
Formatted: Indent: Left: 0 pt, First line: 0 pt, Right: 0
pt, Border: Bottom: (No border), Left: (No border),
Right: (No border)
Formatted: Font: 11 pt, Font color: Blue, English
(United Kingdom)
Formatted: Font: 11 pt, Font color: Blue, English
(United Kingdom)
Formatted: Font: 11 pt
Formatted: Space After: 0 pt, Line spacing: single
2 © ISO #### – All rights reserved
ii © ISO/IEC 2023 – All rights reserved

---------------------- Page: 3 ----------------------
ISO TS /IEC DTS 24462:2023(XE)
Formatted: Font: 11.5 pt, Bold
Formatted: Font: 11.5 pt, Bold
Formatted: Normal
Formatted: Font: 11.5 pt, Bold
Formatted: Space Before: 48 pt, Don't adjust space
Contents
between Latin and Asian text, Don't adjust space
between Asian text and numbers
This template allows you to work with default MS Word functions and styles. You can use these if you want
to maintain the Table of Contents automatically and apply auto-numbering.
To update the Table of Contents please select it and press "F9".


Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.