Relier Pairs ISO 27017Version en ligne ACTIVITY ABOUT ISO 27017 par Michael Urrego 1 How many new security controls does this standard establish taking into account the structure of ISO 27001 and ISO 27002? 2 SaaS 3 Create, Store, Use, Share, Archive, Delete. 4 Risks in the Cloud 5 Levels that focus on comparing an estimated risk vs. a given risk and thus being able to establish the importance of these risks, in order to measure this classification is used. 6 They are a set of tools that serve to evaluate the operations that are carried out in the cloud within it. 7 PaaS 8 IaaS 9 Period in which the evaluation of incidents is carried out at the time when ISO 27017 is implemented 10 It is an implementation guide that provides guidelines and guidelines for the support of the security controls of customer information in the cloud services, taking into account that these guidelines are addressed to both customers and suppliers Access to applications and BD is aimed at end users such as email, file sharing or social networks. Every 3 years GRC (Governance Risk Management y Compliance) STAR (Security Trust Assurance Registry) Stages of data security life cycle ISO / IEC 27017: 2015 Information technology - Security techniques - Code of practice for information security controls based on ISO / IEC 27002 for cloud services Basic computing infrastructure for example virtual or physical machines. This standard establishes 7 new security controls taking into account those of the existing structure of ISO 27001 / ISO 27002 which are: • 6.3.1 Shared roles and responsibilities within a cloud computing environment • 8.1.5 Removal of client assets from cloud services • 9.5.1 Segregation in virtual computing environments • 9.5.2 Virtual machine hardening • 12.1.5 Administrator safety. • 12.4.5 Cloud service monitoring • 13.1.4 Alignment of security management for virtual and physical networks Low grade Middle Grade High grade Application development environment, such as OS, programming languages or BD. Loss of governance Bonding Insulation fault Regulatory Compliance Risks Management Interface Commitment Data Protection Unsure or incomplete data deletion Malicious Member
Créer jeu