All bloggings

Having now reached F inal D raft I nternational S tandard stage, ISO/IEC 27090  " Guidance for addressing security threats and compromises to artificial intelligence systems" is on-track for publication later this year, hopefully. This is a timely standard, giving the explosion of AI-with-everything at the moment. Hopefully it will prompt smart (and not-so-smart) organisations to think carefully about the information risks associated with their use of AI, prioritising signi

ISO/IEC 27565:2026 is a brand new ISO27k standard on Z ero- K nowledge P roofs. It explains how to go about collecting and verifying personal information for various legitimate purposes without 'over-collecting' i.e. requiring and gathering additional information beyond that strictly needed for the stated purpose - verifying whether a statement or claim is or is not true. Age verification is a common example. A new law in Australia, for instance, prohibits youngsters from

In part, the current (fifth, 2018) edition of ISO/IEC 27000 defines key terms of art used throughout the ISO27k standards . The standard is available as a legitimate free download from ISO . If you haven't already seen it, go ahead - download the standard for a good look at these 77 terms defined in clause 3: access control attack audit audit scope authentication authenticity availability base measure competence confidentiality conformity consequence continual improvement c

Cover page ISO/IEC TS 27103:2026 "Cybersecurity - Guidance on using ISO and IEC standards in a cybersecurity framework" is, essentially, a mapping of NIST's C yber S ecurity F ramework to ISO27k and other standards. The Technical Specification belatedly updates references to various clauses in the 2022 editions of ISO/IEC 27001 and 27002 from 2018's T echnical R eport. Read more about the standard here on this site and at ISO.org