< Previous standard      ^ Up a level ^      Next standard >

ISO/IEC 27554 — Information technology — Security techniques — Application of ISO 31000 for assessment of identity management-related risk [DRAFT]

Abstract

“This document defines identity management-related risk for the purposes of applying ISO 31000 risk management guidelines to this field. It also uses the process outlined in ISO 31000 risk management guidelines to give guidelines for establishing context and assessing risk, including providing risk scenarios for processes and implementations that are exposed to identity management-related risk.”

[Source: SC27 Standing Document 11 (2021)]

Introduction

This standard will outline the associated risks to ease application of the ISO 31000 risk management guidelines to identity management.

It will use the ISO 31000 process to establish the context and assess risk, with risk scenarios for processes and implementations that are subject to identity management-related risk.

Scope of the standard

The standard will apply to the assessment, specifically, of risks associated with processes and services that rely on or are related to identity management.  It will not include risks arising generally from delivery, technology or security.  It will be used in conjunction with other standards concerning controls for identity information.

The standard will explain identity-related risk definition, context and impacts, in a standardized manner, plugging gaps in other standards. 

Content of the standard

TBA.

Status

The project started in 2018. 

The standard is due to be published at the end of 2023.

Personal notes

TBA.

< Previous standard      ^ Up a level ^      Next standard >