CSA CAN/CSA-ISO/IEC 27034-1:12 Information technology - Security techniques - Application security - Part 1: Overview and concepts
Данный раздел/документ содержится в продуктах:
- Техэксперт: Машиностроительный комплекс
- Картотека зарубежных и международных стандартов
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- 13
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- 13.180
- 35
- CEN ISO/TR 9241-100 Ergonomics of human-system interaction - Part 100: Introduction to standards related to software ergonomics
- 35.180
- ISO ISO/IEC TR 29110-3 Software engineering - Lifecycle profiles for Very Small Entities (VSEs) - Part 3: Assessment guide - First Edition
- ISO ISO/IEC 15504-1 Information technology Process assessment Part 1: Concepts and vocabulary - First Edition; Supersedes ISO/IEC TR 15504-1 and ISO/IEC TR 15504-9
- ISO ISO/IEC 15504-1 Information technology Process assessment Part 1: Concepts and vocabulary - First Edition; Supersedes ISO/IEC TR 15504-1 and ISO/IEC TR 15504-9
- ISO ISO/IEC TR 15504-7 Information technology - Process assessment - Part 7: Assessment of organizational maturity - First Edition
- ISO ISO/IEC 15504-2 CORR 1 Software engineering - Process assessment - Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 - First Edition
- ISO ISO/IEC 33001 Information technology - Process assessment - Concepts and terminology - Second Edition
- ISO ISO/IEC/IEEE 24765 Systems and software engineering - Vocabulary - First Edition
- Картотека зарубежных и международных стандартов
CSA Standards
Information technology - Security techniques - Application security - Part 1: Overview and concepts
N CAN/CSA-ISO/IEC 27034-1:12
Annotation
Purpose
The purpose of ISO/IEC 27034 is to assist organizations in integrating security seamlessly throughout the life cycle of their applications by:
a) providing concepts, principles, frameworks, components and processes;
b) providing process-oriented mechanisms for establishing security requirements, assessing security risks, assigning a Targeted Level of Trust and selecting corresponding security controls and verification measures;
c) providing guidelines for establishing acceptance criteria to organizations outsourcing the development or operation of applications, and for organizations purchasing from third-party applications;
d) providing process-oriented mechanisms for determining, generating and collecting the evidence needed to demonstrate that their applications can be used securely under a defined environment;
e) supporting the general concepts specified in ISO/IEC 27001 and assisting with the satisfactory implementation of information security based on a risk management approach; and
f) providing a framework that helps to implement the security controls specified in ISO/IEC 27002 and other standards.
ISO/IEC 27034:
a) applies to the underlying software of an application and to contributing factors that impact its security, such as data, technology, application development life cycle processes, supporting processes and actors; and
