ISO

This part of ISO/IEC 9797 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key.

Source: https://www.iso.org/obp/ui/#iso:std:iso-iec:9797:-2:ed-2:v2:en
 

This document provides the specialized requirements to demonstrate competence of individuals in performing IT product security evaluations in accordance with ISO/IEC 15408 (all parts) and 
ISO/IEC 18045.
This document includes knowledge and skills especially in the following areas.
      — Information security

Knowledge: Information security principles, information security properties, information security threats and vulnerabilities
Skills: Understand information security requirements, understand the context

— Information security evaluation

Knowledge: Knowledge of ISO/IEC 15408 (all parts) and ISO/IEC 18045, laboratory management system
Skills: Basic evaluation skills, core evaluation skills, skills required when evaluating specific security assurance classes, skills required when evaluating specific security functional requirements classes

— Information systems architecture

Knowledge: Technology being evaluated
Skills: Understand the interaction of security components and information

— Information security testing

Knowledge: Information security testing techniques, information security testing tools, product development lifecycle, test types
Skills: Create and manage an information security test plan, design information security tests, prepare and conduct information security tests

Source: https://www.iso.org/standard/71122.html

In the contexts of information technology and cybersecurity, a vulnerability is a behaviour or set of conditions present in a system, product, component, or service that violates an implicit or explicit security policy
Attackers exploit vulnerabilities to compromise confidentiality, integrity, availability, operation, or some other security property.
This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1.
Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected.

Source: https://www.iso.org/standard/72311.html

Effective information security in the process control domain of the energy utility sector can be achieved by establishing, implementing, monitoring, reviewing and, if necessary, improving the applicable measures set forth in this document, in order to attain the specific security and business objectives of the organization.
Ultimately, the overall success of the cybersecurity of energy industries is based on collaborative efforts by all stakeholders (vendors, suppliers, customers, etc.).
This document provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes.
For example this includes in particular the following:
- central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices.
- all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes.

Source: https://www.iso.org/standard/68091.html

This part of ISO 28004 identifies supply chain risk and threat scenarios, procedures for conducting risks/threat assessments, and evaluation criteria for measuring conformance and effectiveness of the documented security plans in accordance with ISO 28000 and the ISO 28004 series implementation guidelines. An output of this effort will be a level of confidence rating system based on the quality of the security management plans and procedures implemented by the seaport to safeguard the security and ensure continuity of operations of the supply chain cargo being processed by the seaport. The rating system will be used as a means of identifying a measurable level of confidence (on a scale of 1 to 5) that the seaport security operations are in conformance with ISO 28000 for protecting the integrity of the supply chain.

Source: https://www.iso.org/standard/60905.html

This document provides guidance on how to leverage existing standards in a cybersecurity framework.
The concepts behind information security can be used to assess and manage cybersecurity risks. The key question is how to manage cybersecurity risk in a comprehensive and structured manner, and ensure that processes, governance and controls exist and are fit for purpose. This can be done through a management systems approach. An Information Security Management System (ISMS) as described in ISO/IEC 27001 is a well proven way for any organization to implement a risk-based approach to cybersecurity.

This document demonstrates how a cybersecurity framework can utilize current information security standards to achieve a well-controlled approach to cybersecurity management.

Source: https://www.iso.org/standard/72437.html

ISO/IEC TR 20547-2:2018 provides examples of big data use cases with application domains and technical considerations derived from the contributed use cases.

You can see here the preview of the standard.

This part of ISO/IEC 9796 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.

Cloud computing is described at a high, conceptual level in the two foundational standards ISO/IEC 17788 Cloud computing – Overview and vocabulary and ISO/IEC 17789 Cloud computing – Reference Architecture.
However, as the use of cloud computing has grown, a set of commonly used technologies has grown to support, simplify and extend the use of cloud computing alongside sets of commonly used techniques which enable the effective exploitation of the capabilities of cloud services. Many of these common technologies and techniques are aimed at developers and operations staff, increasingly linked together in a unified approach called DevOps. The aim is to speed and simplify the creation and operation of solutions based on the use of cloud services.
This document aims to describe the common technologies and techniques which relate to cloud computing, how they relate to each other and how they are used by some of the roles associated with cloud computing.
This document describes a series of technologies and techniques commonly used to build applications and systems using cloud computing. These include:
- Virtual Machines (VMs) and Hypervisors
- Containers and Container Management systems
- “Serverless" computing
- Microservices architecture and automation
- Platform as a Service systems and their architecture
- Storage services
- Security, Scalability and Networking as applied to the above cloud computing technologies

ISO/IEC 18384-2 describes a Reference Architecture for SOA Solutions which applies to functional design, performance, development, deployment and management of SOA Solutions. It includes a domain-independent framework, addressing functional requirements and non-functional requirements, as well as capabilities and best practices to support those requirements.

ISO/IEC 18384-1 establishes vocabulary, guidelines, and general technical principles underlying service oriented architecture (SOA), including principles relating to functional design, performance, development, deployment, and management.

ISO/IEC 17963 describes a Web services protocol based on SOAP for use in management‑specific domains. These domains include the management of entities such as PCs, servers, devices, Web services and other applications manageable entities. Services can expose only a WS-Management interface or compose the WS-Management service interface with some of the many other Web service specifications.
A crucial application for these services is in the area of systems management. To promote interoperability between management applications and managed resources, ISO/IEC PAS 17963 identifies a core set of Web service specifications and usage requirements that expose a common set of operations central to all systems management. This includes the ability to do the following:
a) get, put (update), create, and delete individual resource instances, such as settings and dynamic values;
b) enumerate the contents of containers and collections, such as large tables and logs;
c) subscribe to events emitted by managed resources;
d) execute specific management methods with strongly typed input and output parameters.
In each of these areas of scope, ISO/IEC 17963 defines minimal implementation requirements for conformant Web service implementations. An implementation is free to extend beyond this set of operations, and to choose not to support one or more of the preceding areas of functionality if that functionality is not appropriate to the target device or system.
ISO/IEC 17963 intends to meet the following requirements:
a) constrain Web services protocols and formats so that Web services can be implemented with a small footprint in both hardware and software management services;
b) define minimum requirements for compliance without constraining richer implementations;
c) ensure backward compatibility and interoperability with WS-Management version 1.0;
d) ensure composability with other Web services specifications.
This standard has been developed by the DMTF (see also the DMTF WS-Management Standards Watch link).
 
The standard can be bought here: https://www.iso.org/standard/61138.html
The informative sections of this standard are publicly available here: https://www.iso.org/obp/ui/#iso:std:iso-iec:17963:ed-1:v1:en