Scribd Logo
Upload

Welcome to Scribd!

  • Cloud Security Standard

    Uploaded by

    anna lee
    414 views1 page
    iso

    Original Title

    27017 - Cloud Security Standard

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    iso

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    414 views1 page

    Cloud Security Standard

    Uploaded by

    anna lee
    iso

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    ISO/IEC 27017 cloud security Page 1 of 1

    ISO/IEC 27017 — Information technology — Security techniques


    — Code of practice for information security controls for cloud
    computing services based on ISO/IEC 27002 (DRAFT)

    This standard will provide guidance on the information security elements/aspects of cloud
    computing, recommending cloud-specific information security controls supplementing those
    recommended by ISO/IEC 27002 and indeed other ISO27k standards including ISO/IEC 27018 on
    the privacy aspects of cloud computing, ISO/IEC 27031 on business continuity, and ISO/IEC
    27036-4 on relationship management, as well as all the other ISO27k standards covering
    information security in general.

    Scope and purpose


    The standard will be a code of practice recommending relevant information security controls for
    cloud computing, based on and extending those recommended by ISO/IEC 27002.
    The decision to progress the cloud privacy and cloud relationship management standards in
    parallel implies that this standard will exclude those aspects ... but let’s wait and see how it turns
    out.
    The standard will offer information security advice for both cloud users/consumers/customers and
    cloud service providers. The working draft proposes controls for both parties side-by-side in each
    section.

    Status of the standard


    The standard is at Working Draft stage. Publication is very unlikely before 2014, quite possibly
    not until 2015.
    Over 200 pages of detailed comments from national bodies are being digested and integrated
    into the next draft. The comments are generally positive and helpful, but it inevitably takes time
    to discuss and agree so many through in-person committee meetings [SC27 is curiously reluctant
    to adopt collaborative working practices, many of which are cloud based. Perhaps the security
    risks are too scary?!]
    The standard will build on the revised version of ISO/IEC 27002 which is expected to be
    published towards the end of 2013.
    The project has widespread support from national standards bodies plus the Cloud Security
    Alliance among others. Seems everyone wants a seat on the cloud bandwagon ...

    Note: SC27 decided NOT to progress a separate cloud information security management system
    specification standard, judging that ISO/IEC 27001 is sufficient. Therefore, there are no plans to
    certify the security of cloud service providers specifically.

    Copyright © 2013 IsecT Ltd.

    http://www.iso27001security.com/html/27017.html 05/08/2013

    You might also like