admin

Building Trust Through Structured Security Assurance for Applications Introduction: The Assurance Gap in Application Security ISO/IEC 27034-7 addresses a persistent challenge in application security: how do stakeholders gain confidence that security controls have been correctly implemented and remain effective over…

Foundational guidelines for establishing an information security incident management capability Information security incidents are inevitable in modern organizations. The sophistication of cyber threats, the expansion of attack surfaces, and the increasing reliance on digital infrastructure demand a structured, principle-based approach…

Systematic planning and preparation for information security incident response Preparation is the cornerstone of effective incident management. ISO/IEC 27035-2:2023 provides comprehensive guidance on planning and preparing for information security incidents. The standard recognizes that organizations which invest in thorough preparation…

Roles, Responsibilities, Processes, and Infrastructure for Enterprise Application Security Management ISO/IEC 27034-2 focuses on the organizational normative framework for application security. While Part 1 provides the conceptual overview and introduces the ASC framework, Part 2 addresses the organizational infrastructure needed…

Step-by-Step Process for Specifying, Implementing, Verifying, and Maintaining Application Security Controls ISO/IEC 27034-3 defines the application security management process, providing a detailed, step-by-step methodology for managing application security throughout the application lifecycle. While Part 1 establishes the conceptual framework and…

Data Formats, Communication Protocols, and API Specifications for Automated Application Security Management ISO/IEC 27034-5 defines the protocols and application security control data structures that enable interoperability between different tools and systems involved in application security management. While Parts 1 through…

Comprehensive VPN security guidelines covering IPsec, SSL/TLS VPNs, authentication methods, and cryptographic key management Overview of ISO/IEC 27033-5 ISO/IEC 27033-5:2013 provides comprehensive guidelines for securing Virtual Private Networks (VPNs). VPNs are a cornerstone of modern network security, enabling encrypted tunnels…

Guidelines for securing wireless IP networks including WLAN, Bluetooth, and cellular data communications Overview of ISO/IEC 27033-6 ISO/IEC 27033-6:2016 addresses the security challenges of wireless IP networks, which have become ubiquitous in enterprise environments. Wireless networks introduce unique vulnerabilities compared…

Modern guidelines for network access control (NAC), authentication, authorization, and endpoint compliance enforcement Overview of ISO/IEC 27033-7 ISO/IEC 27033-7:2023 is the most recent addition to the 27033 series, addressing the critical domain of network access security. Published in 2023, this…

The ASC Framework: Context-Driven Application Security Management Across the Application Lifecycle ISO/IEC 27034-1 is the foundational part of the ISO/IEC 27034 multipart standard dedicated to application security. It provides an overview of application security concepts and introduces the Application Security…