ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [DRAFT]

Introduction

This standard will outline the associated risks to ease application of the ISO 31000 risk management guidelines to identity management.

It will use the ISO 31000 process to establish the context and assess risk, with risk scenarios for processes and implementations that are subject to identity management-related risk.

Scope of the standard

The standard will apply to the assessment, specifically, of risks associated with processes and services that rely on or are related to identity management.  It will not include risks arising generally from delivery, technology or security.  It will be used in conjunction with other standards concerning controls for identity information.

The standard will explain identity-related risk definition, context and impacts, in a standardized manner, plugging gaps in other standards. 

Content of the standard

TBA.

Status

The project started in 2018.  The standard is due to be published at the end of 2021.

The first Working Draft was a skeletal outline.

Personal notes

TBA.

< Previous standard      ^ Up a level ^      Next standard >