All bloggings

ISO/IEC 27565:2026 is a brand new ISO27k standard on Z ero- K nowledge P roofs. It explains how to go about collecting and verifying personal information for various legitimate purposes without 'over-collecting' i.e. requiring and gathering additional information beyond that strictly needed for the stated purpose - verifying whether a statement or claim is or is not true. Age verification is a common example. A new law in Australia, for instance, prohibits youngsters from

In part, the current (fifth, 2018) edition of ISO/IEC 27000 defines key terms of art used throughout the ISO27k standards . The standard is available as a legitimate free download from ISO . If you haven't already seen it, go ahead - download the standard for a good look at these 77 terms defined in clause 3: access control attack audit audit scope authentication authenticity availability base measure competence confidentiality conformity consequence continual improvement c

Cover page ISO/IEC TS 27103:2026 "Cybersecurity - Guidance on using ISO and IEC standards in a cybersecurity framework" is, essentially, a mapping of NIST's C yber S ecurity F ramework to ISO27k and other standards. The Technical Specification belatedly updates references to various clauses in the 2022 editions of ISO/IEC 27001 and 27002 from 2018's T echnical R eport. Read more about the standard here on this site and at ISO.org

Although ISO/IEC 27000 and most other standards incorporate definitions, the language is often formalised/stilted and very succinct.  Being the product of committees within the larger structure of the global standards bodies means new terms have to be carefully word-crafted to avoid conflict with the existing body of knowledge.  Reducing definitions to their essence may be worthwhile from an academic perspective, although I wonder about the poor reader trying to make sense of