ISO/IEC 27034-3
ISO/IEC 27034-3:2018 — Information technology — Security techniques — Application security — Part 3: Application security management process
(first edition)
Abstract
ISO/IEC 27034 part 3 "provides a detailed description and implementation guidance for the Application Security Management Process.”
[Source: ISO/IEC 27034-3:2018]
Introduction
Part 3 defines the processes of managing the security of an application processing critical information.
Scope
Part 3 "provides a detailed description and implementation guidance for the Application Security Management Process."
Structure
Main sections:
5: Application Security Management Process
6: ASMP steps
7: ANF elements
Annex A: Guidance text related to the ASMP step: (6.4) Realizing and operating the application
Status
The current first edition of part 3 was published in 2018.
Commentary
Part 3 describes “the overall process for managing security on each specific application used by an organisation”.
As such, this may be the most broadly applicable and useful part of this multi-part standard.