Skip to content
Please enter a keyword to search

  • CAN/CSA-ISO/IEC 27034-1:12 (R2017)

    Current The latest, up-to-date edition.

    Information technology - Security techniques - Application security - Part 1: Overview and concepts (Adopted ISO/IEC 27034-1:2011, first edition, 2011-11-15)

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  01-01-2012

    Publisher:  Canadian Standards Association

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    FOREWORD
    INTRODUCTION
    1 SCOPE
    2 NORMATIVE REFERENCES
    3 TERMS AND DEFINITIONS
    4 ABBREVIATED TERMS
    5 STRUCTURE OF ISO/IEC 27034
    6 INTRODUCTION TO APPLICATION SECURITY
    7 ISO/IEC 27034 OVERALL PROCESSES
    8 CONCEPTS
    ANNEX A (INFORMATIVE) - MAPPING AN EXISTING DEVELOPMENT
            PROCESS TO ISO/IEC 27034 CASE STUDY
    ANNEX B (INFORMATIVE) - MAPPING ASC WITH AN EXISTING
            STANDARD
    ANNEX C (INFORMATIVE) - ISO/IEC 27005 RISK MANAGEMENT
            PROCESS MAPPED WITH THE ASMP
    BIBLIOGRAPHY

    Abstract - (Show below) - (Hide below)

    ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications.

    Scope - (Show below) - (Hide below)

    Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications. This part of ISO/IEC 27034 presents an overview of application security. It introduces definitions, concepts, principles and processes involved in application security. ISO/IEC 27034 is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Product Note Reconfirmed EN
    Publisher Canadian Standards Association
    Status Current
    Supersedes

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 2382-7:2000 Information technology Vocabulary Part 7: Computer programming
    ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
    ISO/IEC/IEEE 29148:2011 Systems and software engineering Life cycle processes Requirements engineering
    ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
    ISO/IEC 15289:2006 Systems and software engineering Content of systems and software life cycle process information products (Documentation)
    ISO/IEC/IEEE 24765:2017 Systems and software engineering — Vocabulary
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    ISO/IEC TR 20000-4:2010 Information technology Service management Part 4: Process reference model
    ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)
    ISO/IEC 15288:2008 Systems and software engineering System life cycle processes
    ISO/IEC 18019:2004 Software and system engineering Guidelines for the design and preparation of user documentation for application software
    ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
    ISO/IEC 12207:2008 Systems and software engineering Software life cycle processes
    ISO 9000:2015 Quality management systems — Fundamentals and vocabulary
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective