|
Specification
ISO/IEC TS 24462
First edition
Information security, cybersecurity
2024-03
and privacy protection — Ontology
building blocks for security and risk
assessment
Sécurité de l'information, cybersécurité et protection de la vie
privée — Blocs de construction pour l'ontologie de l'évaluation de
la sécurité et des risques
Reference number
ISO/IEC TS 24462:2024(en) © ISO/IEC 2024
---------------------- Page: 1 ----------------------
ISO/IEC TS 24462:2024(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO/IEC TS 24462:2024(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms. 3
5 Background . 4
6 Methodology . 4
7 Building blocks: collection and structure . 7
7.1 General .7
7.2 Application security assessment .8
7.3 Risk assessment .8
7.4 Application security controls validation .9
7.5 Risk analysis .9
8 Ontology capturing relationships among BBs . 10
8.1 General .10
8.2 Building block: application security assessment . 13
8.3 Building block: risk assessment .
...