Matching Pairs ISO 27017Online version ACTIVITY ABOUT ISO 27017 by Michael Urrego 1 Levels that focus on comparing an estimated risk vs. a given risk and thus being able to establish the importance of these risks, in order to measure this classification is used. 2 PaaS 3 It is an implementation guide that provides guidelines and guidelines for the support of the security controls of customer information in the cloud services, taking into account that these guidelines are addressed to both customers and suppliers 4 Period in which the evaluation of incidents is carried out at the time when ISO 27017 is implemented 5 IaaS 6 Create, Store, Use, Share, Archive, Delete. 7 How many new security controls does this standard establish taking into account the structure of ISO 27001 and ISO 27002? 8 They are a set of tools that serve to evaluate the operations that are carried out in the cloud within it. 9 SaaS 10 Risks in the Cloud Access to applications and BD is aimed at end users such as email, file sharing or social networks. Low grade Middle Grade High grade This standard establishes 7 new security controls taking into account those of the existing structure of ISO 27001 / ISO 27002 which are: • 6.3.1 Shared roles and responsibilities within a cloud computing environment • 8.1.5 Removal of client assets from cloud services • 9.5.1 Segregation in virtual computing environments • 9.5.2 Virtual machine hardening • 12.1.5 Administrator safety. • 12.4.5 Cloud service monitoring • 13.1.4 Alignment of security management for virtual and physical networks Loss of governance Bonding Insulation fault Regulatory Compliance Risks Management Interface Commitment Data Protection Unsure or incomplete data deletion Malicious Member GRC (Governance Risk Management y Compliance) STAR (Security Trust Assurance Registry) ISO / IEC 27017: 2015 Information technology - Security techniques - Code of practice for information security controls based on ISO / IEC 27002 for cloud services Stages of data security life cycle Basic computing infrastructure for example virtual or physical machines. Application development environment, such as OS, programming languages or BD. Every 3 years
New game