ISO/IEC 27017:2015 – Code of practice for information security control…
Page Information
Contents
ISO/IEC 27017:2015 – Code of practice for information security
controls based on ISO/IEC 27002 for cloud services
[ ISO/IEC 27017 Introduction ]
Cloud computing, which has recently grown steeply, has been spotlighted as a new concept technology that can minimize physical limitations, starting with the concept of sharing resources.
However, numerous individuals' access and departure to one huge cloud can be repeated, and problems related to various personal information and assets can arise.
Therefore, international standards are needed to provide guidelines for information protection control that service providers and customers must implement in cloud services.
Therefore, ISO/IEC 27017 operates ISO/IEC 27002 and allows the organization that has established an information protection management system to establish and implement additional requirements so that international standards can be introduced to the organization.
< ISO/IEC 27017:2015 >
[ Necessity of ISO/IEC 27017 ]
- • Responsibility between service provider and user can be clarified
- • Build a safer, trustworthy cloud environment
[ ISO/IEC 27017 Contents ]
- Scope
- Normative References
- Definitions and abbreviations
- Cloud sector-specific concepts
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
- Annex A – Cloud service extended control set
- Annex B – References on information security risk related to cloud computing
< ISO/IEC 27017:2015 >
[ Additional controls compared to ISO/IEC 27002 ]
- • Who is responsible for what between the cloud service provider and the cloud customer
- • The removal or return of assets at the end of a contract.
- • Protection and separation of the customer's virtual environment.
- • Virtual machine configuration.
- • Administrative operations and procedures associated with the cloud environment.
- • Cloud customer monitoring of activity.
- • Virtual and cloud network environment alignment.
If you have any questions, please contact us at the following email address.
E-mail: info@igcert.org
- PreviousISO/TR 24971:2020 Medical Devices – Guidance on the application of ISO 14971 22.01.25
- NextISO 14064 Greenhouse Gas Emissions and Removals 22.01.05
Comment list
There are no registered comments.