CAN/CSA-ISO/IEC 27034-1:12 (R2017)
Current
The latest, up-to-date edition.
Information technology - Security techniques - Application security - Part 1: Overview and concepts (Adopted ISO/IEC 27034-1:2011, first edition, 2011-11-15)
Hardcopy , PDF
English
01-01-2012
FOREWORD
INTRODUCTION
1 SCOPE
2 NORMATIVE REFERENCES
3 TERMS AND DEFINITIONS
4 ABBREVIATED TERMS
5 STRUCTURE OF ISO/IEC 27034
6 INTRODUCTION TO APPLICATION SECURITY
7 ISO/IEC 27034 OVERALL PROCESSES
8 CONCEPTS
ANNEX A (INFORMATIVE) - MAPPING AN EXISTING DEVELOPMENT
PROCESS TO ISO/IEC 27034 CASE STUDY
ANNEX B (INFORMATIVE) - MAPPING ASC WITH AN EXISTING
STANDARD
ANNEX C (INFORMATIVE) - ISO/IEC 27005 RISK MANAGEMENT
PROCESS MAPPED WITH THE ASMP
BIBLIOGRAPHY
ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications.
DocumentType |
Standard
|
ISBN |
978-1-55491-942-0
|
Pages |
92
|
ProductNote |
Reconfirmed EN
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
Supersedes |
Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications. This part of ISO/IEC 27034 presents an overview of application security. It introduces definitions, concepts, principles and processes involved in application security. ISO/IEC 27034 is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced.
Standards | Relationship |
ISO/IEC 27034-1:2011 | Identical |
ISO/IEC 2382-7:2000 | Information technology Vocabulary Part 7: Computer programming |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/IEC/IEEE 29148:2011 | Systems and software engineering Life cycle processes Requirements engineering |
ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
ISO/IEC 15289:2006 | Systems and software engineering Content of systems and software life cycle process information products (Documentation) |
ISO/IEC/IEEE 24765:2017 | Systems and software engineering — Vocabulary |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC TR 20000-4:2010 | Information technology Service management Part 4: Process reference model |
ISO/IEC 21827:2008 | Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®) |
ISO/IEC 15288:2008 | Systems and software engineering — System life cycle processes |
ISO/IEC 18019:2004 | Software and system engineering Guidelines for the design and preparation of user documentation for application software |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
ISO/IEC 12207:2008 | Systems and software engineering — Software life cycle processes |
ISO 9000:2015 | Quality management systems — Fundamentals and vocabulary |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.