Relacionar Columnas ISO 27017Versión en línea ACTIVITY ABOUT ISO 27017 por Michael Urrego 1 Levels that focus on comparing an estimated risk vs. a given risk and thus being able to establish the importance of these risks, in order to measure this classification is used. 2 PaaS 3 They are a set of tools that serve to evaluate the operations that are carried out in the cloud within it. 4 It is an implementation guide that provides guidelines and guidelines for the support of the security controls of customer information in the cloud services, taking into account that these guidelines are addressed to both customers and suppliers 5 Period in which the evaluation of incidents is carried out at the time when ISO 27017 is implemented 6 IaaS 7 SaaS 8 How many new security controls does this standard establish taking into account the structure of ISO 27001 and ISO 27002? 9 Create, Store, Use, Share, Archive, Delete. 10 Risks in the Cloud Loss of governance Bonding Insulation fault Regulatory Compliance Risks Management Interface Commitment Data Protection Unsure or incomplete data deletion Malicious Member ISO / IEC 27017: 2015 Information technology - Security techniques - Code of practice for information security controls based on ISO / IEC 27002 for cloud services Stages of data security life cycle Application development environment, such as OS, programming languages or BD. This standard establishes 7 new security controls taking into account those of the existing structure of ISO 27001 / ISO 27002 which are: • 6.3.1 Shared roles and responsibilities within a cloud computing environment • 8.1.5 Removal of client assets from cloud services • 9.5.1 Segregation in virtual computing environments • 9.5.2 Virtual machine hardening • 12.1.5 Administrator safety. • 12.4.5 Cloud service monitoring • 13.1.4 Alignment of security management for virtual and physical networks Every 3 years GRC (Governance Risk Management y Compliance) STAR (Security Trust Assurance Registry) Low grade Middle Grade High grade Basic computing infrastructure for example virtual or physical machines. Access to applications and BD is aimed at end users such as email, file sharing or social networks.
Crear