• There are no items in your cart

CAN/CSA-ISO/IEC 27034-1:12 (R2017)

Current

Current

The latest, up-to-date edition.

Information technology - Security techniques - Application security - Part 1: Overview and concepts (Adopted ISO/IEC 27034-1:2011, first edition, 2011-11-15)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2012

FOREWORD
INTRODUCTION
1 SCOPE
2 NORMATIVE REFERENCES
3 TERMS AND DEFINITIONS
4 ABBREVIATED TERMS
5 STRUCTURE OF ISO/IEC 27034
6 INTRODUCTION TO APPLICATION SECURITY
7 ISO/IEC 27034 OVERALL PROCESSES
8 CONCEPTS
ANNEX A (INFORMATIVE) - MAPPING AN EXISTING DEVELOPMENT
        PROCESS TO ISO/IEC 27034 CASE STUDY
ANNEX B (INFORMATIVE) - MAPPING ASC WITH AN EXISTING
        STANDARD
ANNEX C (INFORMATIVE) - ISO/IEC 27005 RISK MANAGEMENT
        PROCESS MAPPED WITH THE ASMP
BIBLIOGRAPHY

ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications.

DocumentType
Standard
ISBN
978-1-55491-942-0
Pages
92
ProductNote
Reconfirmed EN
PublisherName
Canadian Standards Association
Status
Current
Supersedes

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications. This part of ISO/IEC 27034 presents an overview of application security. It introduces definitions, concepts, principles and processes involved in application security. ISO/IEC 27034 is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced.

Standards Relationship
ISO/IEC 27034-1:2011 Identical

ISO/IEC 2382-7:2000 Information technology Vocabulary Part 7: Computer programming
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC/IEEE 29148:2011 Systems and software engineering Life cycle processes Requirements engineering
ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO/IEC 15289:2006 Systems and software engineering Content of systems and software life cycle process information products (Documentation)
ISO/IEC/IEEE 24765:2017 Systems and software engineering — Vocabulary
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC TR 20000-4:2010 Information technology Service management Part 4: Process reference model
ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)
ISO/IEC 15288:2008 Systems and software engineering System life cycle processes
ISO/IEC 18019:2004 Software and system engineering Guidelines for the design and preparation of user documentation for application software
ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
ISO/IEC 12207:2008 Systems and software engineering Software life cycle processes
ISO 9000:2015 Quality management systems — Fundamentals and vocabulary
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary

View more information
€167.95
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.