ab ovo usque ad mala
Formal Approaches in Standardization: 

1. The ISO 15408 IT Security Techniques - Evaluation Criteria for IT Security,  so-called "Common Criteria":

The Common Criteria comprises three parts:

  1. Security General Model
  2. Security Function Components
  3. Security Assurance Components

2. The ETSI ISG ISI Formal Approach of an ISI-driven Measurement and Event Management Architecture (IMA) and CSlang - A Common ISI Semantics Specification Language

GS ISI 006 proposes an ISI Measurement Architecture (IMA) for the management of security events captured and contained by the ISI Data Lake (IDL) and which comprises raw data enriched by methods derived from ML Algorithms of the AI domain. By means of the IDL sets of raw data should be typed, categorized and enriched in a unique manner for which formal Set and Graph Manipulation (S/G M) Theories and Techniques are applied. The ML-based classification mechanism uses a-priori learned information of a  so-called ISI-type matrix containing the tuple pairs of ISI query tuple and the associated typed target tuple.  

3. The ETSI TISPAN Formal Approach of Security Evaluation Method TVRA - Threats Vulnerability Risk Analysis:

ETSI TISPAN WG7- NGN Security Architecture - has developed and published in ETSI TS 102 165-1[TVRA] the new method and proforma for the evalution and analysis of "Next Generation Networks" due to threats, risks and vulnerabilities.

More information of the ETSI TVRA Method can be gained from the Abstract attached!