ISO/IEC TS 24462:2024 信息安全、网络安全和隐私保护 安全和风险评估用本体构建块

标准编号：ISO/IEC TS 24462:2024

中文名称：信息安全、网络安全和隐私保护 安全和风险评估用本体构建块

英文名称：Information security, cybersecurity and privacy protection — Ontology building blocks for security and risk assessment

发布日期：2024-03

标准范围

ISO/IEC TS 24462:2024本文件定义了概念上与不同类型的信息和通信技术(ICT)可信度评估相关的构建模块清单。这些评估适用于治理、风险管理、安全评估、安全开发生命周期（SDL）、供应链完整性和隐私等领域。本文档还定义了组织这些构建块的本体，并提供了使用构建块清单和本体的说明。将信通技术可信度评估领域构建模块的类型、类别和结构特征形式化，旨在提高效率，改善标准制定及其使用的未来协调。构建块可以指结构组件以及语义组件。这些组件可以连接到与可信度评估相关的各种概念和活动，包括与流程相关的概念和活动，如可追溯性或评估方法的要素。

ISO/IEC TS 24462:2024 This document defines an inventory of building blocks conceptually associated with different types of assessments of information and communication technology (ICT) trustworthiness. These assessments apply to areas such as governance, risk management, security evaluation, secure development lifecycle (SDL), supply chain integrity and privacy. This document also defines an ontology that organizes these building blocks and provides instructions for using the inventory of building blocks and the ontology.
Formalizing the types, categories, and structural characteristics of building blocks in the area of ICT trustworthiness assessment aims to increase efficiency and improve future harmonization in standards development and their use. Building blocks can refer to structural components as well as semantic components. These components can be connected to a variety of concepts and activities related to trustworthiness assessments, including process related, such as traceability or elements of assessment methodologies.

标准预览图