INSTRUCTIVO PARA LLENAR EL FORMATO: SOLICITUD DE PATROCINIO (201D16202/SI-01/14) OBJETIVO:

Standard Title Status Abstract

ISO/IEC TR 14516-1

Guidelines for the use and management of

electronic trust service providers – Part 1: Overview and concepts

3rd _WD

Provides guidance for the use and management of SPs, a clear definition of the basic duties and services provided, their description and their purpose, and the roles and liabilities of TSPs and entities using their services.

ISO/IEC TR 14516-2

Guidelines for the use and management of

electronic trust service providers – Part 2:

Guidelines on information security for CA trust service providers

3rd _WD

Provides guidelines in addition to guidance given in the ISMS family of standards, for initiating, implementing, maintaining, and

improving information security in a Trust Service Provider (TSP, as defined in Part 1) maintaining a Public Key Infrastructure (PKI).

ISO/IEC TR 14516-3

Guidelines for the use and management of

electronic trust service providers – Part 3:

Guidelines on information security for PKI trust service providers

2nd _{WD To be elaborated.}

ISO/IEC 27033-1 Network security – Part 1: _{Overview and concepts} Pending _publication Provides an overview of network security and related definitions. It defines and describes the concepts associated with, and provides management guidance on, network security.

ISO/IEC 27033-6 Network security – Part 6: Securing wireless IP

network access DIS

Describes the threats, security requirements, security control and design techniques associated with wireless networks. It provides guidelines for the selection, implementation and monitoring of the technical controls necessary to provide secure communications using

WG4 Projects

Standard Title Status Abstract

ISO/IEC 27034-2 Application security – Part 2: Organization normative

framework FDIS

Provides a detailed description of the Organization Normative Framework and provides guidance to organizations for its implementation.

ISO/IEC 27034-3 Application security – Part 3: Application security

management process 1

st _CD Provides a detailed description and implementation guidance for the

Application Security Management Process. ISO/IEC 27034-4 Application security – Part 4: Application security

validation 1

st _WD Provides a detailed description of an Application security validation

process used to audit and verify Application Security.

ISO/IEC 27034-5

Application security – Part 5: Protocols and application security control data structure

3rd _CD

Documents and explains the minimal set of essential attributes of Application Security Controls (ASCs) and details the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM).

ISO/IEC TS 27034- 5-1

Application security – Part 5- 1: Protocols and application security control data

structure – XML Schemas

1st _PDTS

Defines XML Schemas that implement the minimal set of

information requirements and essential attributes of Application Security Controls (ASCs) and the activities and roles of the

Application Security Life Cycle Reference Model (ASLCRM) from Part 5.

ISO/IEC 27034-6 Application security – Part 6: _{Case studies} DIS Provides usage examples of Application Security Controls (ASCs) for _{specific applications.}

ISO/IEC 27034-7 Application security – Part 7: Application security assurance prediction 1

st _CD

Provides the criteria and guidance for the extension of security attributes in one application to a different but related application. Additionally the prediction will state the conditions under which the prediction is valid and invalid.

WG4 Projects

Standard Title Status Abstract

ISO/IEC 27035-1 Information security incident management – Part 1: Principles of incident management DIS

Presents basic concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt.

ISO/IEC 27035-2

Information security incident management – Part 2: Guidelines to plan and prepare for incident response

DIS Describes how to plan and prepare for incident response. This part covers the “Plan and Prepare” and “Lessons Learnt” phases of the model presented in Part 1.

ISO/IEC TS 27035-3

Information security incident management – Part 3: Guidelines for incident response operations

1st _PDTS

Includes staff responsibilities and operational incident response activities across the organization. Particular focus is given to the incident response team activities including monitoring, detection, analysis, and response activities for the collected data or security events.

ISO/IEC 27036-4

Information security for supplier relationships – Part 4: Guidelines for security of cloud services

2nd _CD Define guidelines supporting the implementation of Information

Security Management for the use of cloud service.

ISO/IEC 19086-4

Cloud computing – Service level agreement (SLA) framework – Part 4: Security and privacy

1st _WD Specifies the Security and Privacy aspects of Service Level _{Agreements (SLA) for cloud services including requirements and}

WG4 Projects

Standard

Title

Status

Abstract

ISO/IEC 27050-1 Electronic discovery – Part 1: Overview and

concepts 3

rd _CD

Provides an overview of electronic discovery. In addition, it defines related definitions and describes the concepts, including, but not limited to identification, preservation, collection, processing, review, analysis, and production of Electronically Stored Information (ESI).

ISO/IEC 27050-2

Electronic discovery – Part 2: Guidance for governance and management of electronic discovery

4th _WD

Provides guidance for technical and non-technical personnel at senior levels within an organization, including those with

responsibility for compliance with regulatory requirements, industry standards and, in some jurisdictions, legal requirements.

ISO/IEC 27050-3 Electronic discovery – Part 3: Code of Practice for electronic discovery 4

th _WD

Provides requirements and guidance on activities in electronic discovery, including, but not limited to identification, preservation, collection, processing, review, analysis, and production of

Electronically Stored Information (ESI) ISO/IEC 27050-4 Electronic discovery – Part 4: ICT readiness for

electronic discovery 4

th _WD Provides guidance on the ways an organization can plan and prepare _{for, and implement, electronic discovery from the perspective of}