Information technology — Application security — Part 3: Application security management process

This document provides a detailed description and implementation guidance for the Application Security Management Process.

Technologie de l’information — Sécurité des applications — Partie 3: Processus de gestion de la sécurité d'une application

General Information

Status
Published
Publication Date
21-May-2018
Current Stage
9093 - International Standard confirmed
Completion Date
27-Oct-2023
Ref Project

Buy Standard

Standard
ISO/IEC 27034-3:2018 - Information technology -- Application security
English language
47 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 27034-3
First edition
2018-05
Information technology — Application
security —
Part 3:
Application security management
process
Technologie de l’information — Sécurité des applications —
Partie 3: Processus de gestion de la sécurité d'une application
Reference number
ISO/IEC 27034-3:2018(E)
©
ISO/IEC 2018

---------------------- Page: 1 ----------------------
ISO/IEC 27034-3:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27034-3:2018(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Application Security Management Process . 2
5.1 General . 2
5.2 Purpose . 4
5.3 Principles and concepts . 4
5.3.1 General. 4
5.3.2 Clearly communicate roles and responsibilities . 4
5.3.3 Relationship of the ASMP with the Organizational Normative Framework (ONF) 4
5.3.4 Use approved tools . 5
5.3.5 Level of Trust . 5
5.3.6 Application‘s Targeted Level of Trust . 5
5.3.7 Application’s Actual Level of Trust . 5
5.3.8 Impact of this document on an application project . 6
6 ASMP steps . 7
6.1 Identifying the application requirements and environment . 7
6
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.