Search in Boards

Search the entire site bulletin board

References

Contact Us

Tel. +82 2 6749 0701

AM 9:00 ~ PM 6:00

Saturday,Sunday,Holiday :
Days Off

02.6749.0711
info@igcert.org

Resources

자료파일 배너


ISO/IEC 27017:2015 Information Technology – Security Techniques

Page Information

profile_image
Writer igc인증원
Comment 0Times Lookup 3,569psc Date Created 21-12-17 14:49

Contents

ISO/IEC 27017:2015 Information Technology - Security Techniques

– Code of practice for information security controls based on ISO/IEC 27002 for cloud services

[ ISO/IEC 27017 Introduction ]

Cloud computing, which has recently grown steeply, has been spotlighted as a new concept technology that can minimize physical limitations, starting with the concept of sharing resources.

However, numerous individuals' access and departure to one huge cloud can be repeated, and problems related to various personal information and assets can arise.

Therefore, international standards are needed to provide guidelines for information protection control that service providers and customers must implement in cloud services.

Therefore, ISO/IEC 27017 operates ISO/IEC 27002 and allows the organization that has established an information protection management system to establish and implement additional requirements so that international standards can be introduced to the organization.

ISO/IEC 27017:2015< ISO/IEC 27017:2015 >

[ Necessity of ISO/IEC 27017 ]

  • •  Responsibility between service provider and user can be clarified
  • •  Build a safer, trustworthy cloud environment

[ ISO/IEC 27017 Contents ]

  • Scope
  • Normative References
  • Definitions and abbreviations
  • Cloud sector-specific concepts
  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance
  • Annex A – Cloud service extended control set
  • Annex B – References on information security risk related to cloud computing

[ Additional controls compared to ISO/IEC 27002 ]

  • •  Who is responsible for what between the cloud service provider and the cloud customer
  • •  The removal or return of assets at the end of a contract.
  • •  Protection and separation of the customer's virtual environment.
  • •  Virtual machine configuration.
  • •  Administrative operations and procedures associated with the cloud environment.
  • •  Cloud customer monitoring of activity.
  • •  Virtual and cloud network environment alignment.

If you have any questions, please contact us at the following email address.

E-mail: info@igcert.org

Comment list

There are no registered comments.