标准摘要
[中文适用范围]: 本文件定义了一个概念上与不同类型的信息和通信技术 (ICT) 可信度评估相关的构建块清单。这些评估适用于治理、风险管理、安全评估、安全开发生命周期 (SDL)、供应链完整性和隐私等领域。本文件还定义了一个组织这些构建块的本体,并提供了使用构建块清单和本体的说明。将 ICT 可信度评估领域的构建块类型、类别和结构特征形式化旨在提高效率并改善未来标准制定及其使用的协调性。构建块可以指结构组件,也可以指语义组件。这些组件可以连接到与可信度评估相关的各种概念和活动,包括与流程相关的概念和活动,例如可追溯性或评估方法的要素。 [外文原描述]: This document defines an inventory of building blocks conceptually associated with different types of assessments of information and communication technology (ICT) trustworthiness. These assessments apply to areas such as governance, risk management, security evaluation, secure development lifecycle (SDL), supply chain integrity and privacy. This document also defines an ontology that organizes these building blocks and provides instructions for using the inventory of building blocks and the ontology. Formalizing the types, categories, and structural characteristics of building blocks in the area of ICT trustworthiness assessment aims to increase efficiency and improve future harmonization in standards development and their use. Building blocks can refer to structural components as well as semantic components. These components can be connected to a variety of concepts and activities related to trustworthiness assessments, including process related, such as traceability or elements of assessment methodologies.
英文名称Information security, cybersecurity and privacy protection - Ontology building blocks for security and risk assessment