게시판내용 검색

사이트 게시판 전체검색

ISO/IEC 27017:2015 – Code of practice for information security controls based on ISO/IEC 27002 for cloud services

CS Center

Tel. 02-6749-0701

AM 9:00 ~ PM 6:00

토,일,공휴일은 휴무입니다.

02.6749.0711
info@igcert.org

Resources

자료파일 배너


ISO/IEC 27017:2015 – Code of practice for information security control…

페이지 정보

profile_image
작성자 igc인증원
댓글 0건 조회 3,577회 작성일 22-01-25 15:37

본문

ISO/IEC 27017:2015 – Code of practice for information security
controls based on ISO/IEC 27002 for cloud services

[ ISO/IEC 27017 Introduction ]

Cloud computing, which has recently grown steeply, has been spotlighted as a new concept technology that can minimize physical limitations, starting with the concept of sharing resources.

However, numerous individuals' access and departure to one huge cloud can be repeated, and problems related to various personal information and assets can arise.

Therefore, international standards are needed to provide guidelines for information protection control that service providers and customers must implement in cloud services.

Therefore, ISO/IEC 27017 operates ISO/IEC 27002 and allows the organization that has established an information protection management system to establish and implement additional requirements so that international standards can be introduced to the organization.

ISO/IEC 27017:2015< ISO/IEC 27017:2015 >

[ Necessity of ISO/IEC 27017 ]

  • •  Responsibility between service provider and user can be clarified
  • •  Build a safer, trustworthy cloud environment

[ ISO/IEC 27017 Contents ]

  • Scope
  • Normative References
  • Definitions and abbreviations
  • Cloud sector-specific concepts
  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance
  • Annex A – Cloud service extended control set
  • Annex B – References on information security risk related to cloud computing
ISO/IEC 27017:2015< ISO/IEC 27017:2015 >

[ Additional controls compared to ISO/IEC 27002 ]

  • •  Who is responsible for what between the cloud service provider and the cloud customer
  • •  The removal or return of assets at the end of a contract.
  • •  Protection and separation of the customer's virtual environment.
  • •  Virtual machine configuration.
  • •  Administrative operations and procedures associated with the cloud environment.
  • •  Cloud customer monitoring of activity.
  • •  Virtual and cloud network environment alignment.

If you have any questions, please contact us at the following email address.

E-mail: info@igcert.org

댓글목록

등록된 댓글이 없습니다.