Search in Boards

Search the entire site bulletin board

References

Contact Us

Tel. +82 2 6749 0701

AM 9:00 ~ PM 6:00

Saturday,Sunday,Holiday :
Days Off

02.6749.0711
info@igcert.org

Resources

자료파일 배너


ISO/IEC 27018 Information Technology – Security techniques

Page Information

profile_image
Writer igc인증원
Comment 0Times Lookup 3,467psc Date Created 22-03-15 16:19

Contents

ISO/IEC 27018 Information Technology – Security techniques

Code of practice for protection of personally identifiable information (PII)
in public clouds acting as PII processors

[ Introduction ISO/IEC 27018 ]

As much of our lives became richer online, various parts of our lives began to be shared online. As numerous people are involved online, personal identification has become essential to identify individuals online.

In addition, in cloud computing, where various sharing takes place, the need for such personal identification information and its security have become very important.

ISO/IEC 27018 is an international standard for protecting personal information for cloud services, especially for the protection of personal identification information.

ISO/IEC 27018 is based on ISO/IEC 27001 to establish an information protection management system and applies guidelines based on ISO/IEC 27002 in consideration of regulations for privacy protection within the information security environment of service providers.

In other words, we provide execution guidelines for the biggest purpose of protecting personal information in a cloud environment.

ISO/IEC 27018< ISO/IEC 27018 >

[ Necessity of ISO/IEC 27018 ]

  • •  Prevention of abuse and leakage of personally identifiable information
  • •  A more secure cloud service can be provided
  • •  Provide a reliable cloud
Information technology – Security techniques< Information technology – Security techniques >

[ ISO/IEC 27018 Requirements ]

  • Scope
  • Normative references
  • Terms and definitions
  • Overview
  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance
  • Annex A (normative) – Public cloud PII processor extended control set for PII protection

If you have any questions, please contact us at the following email address.

E-mail: info@igcert.org

Comment list

There are no registered comments.