Information technology — Security techniques — Application security —Part 2: Organization normative framework Technologie de l’information — Sécurité des applications —Partie 2: Cadre normatif de l’organisationINTERNATIONAL STANDARDISO/IEC27034-2 Reference numberISO/IEC 27034-2:2015(E)First edition2015-08-15 © ISO/IEC 2015 International Organization for Standardization Provided by IHS under license with ISO Licensee=Zhejiang Institute of Standardization 5956617 Not for Resale, 2015/10/22 07:22:27 No reproduction or networking permitted without license from IHS --`,``,`,```,,`,,,,,,`,,`-`-``,```,,,`--- ii © ISO/IEC 2015 – All rights reservedCOPYRIGHT PROTECTED DOCUMENT © ISO/IEC 2015, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 • CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 [email protected] ISO/IEC 27034-2:2015(E) International Organization for Standardization Provided by IHS under license with ISO Licensee=Zhejiang Institute of Standardization 5956617 Not for Resale, 2015/10/22 07:22:27 No reproduction or networking permitted without license from IHS --`,``,`,```,,`,,,,,,`,,`-`-``,```,,,`--- ISO/IEC 27034-2:2015(E) Foreword ........................................................................................................................................................................................................................................ iv Introduction .................................................................................................................................................................................................................................. v 1 Scope ................................................................................................................................................................................................................................. 1 2 Normative references ...................................................................................................................................................................................... 1 3 Terms and definitions ..................................................................................................................................................................................... 1 4 Abbreviated terms .............................................................................................................................................................................................. 1 5 Organization Normative Framework .............................................................................................................................................. 2 5.1 General ........................................................................................................................................................................................................... 2 5.2 Purpose .......................................................................................................................................................................................................... 2 5.3 Principles ..................................................................................................................................................................................................... 2 5.4 ONF Management Process ............................................................................................................................................................ 2 5.4.1 General ..