תקן אבטחת מידע
ISO 27001
ISO 27017 Security standard for cloud services
The ISO 27017 standard deals with guidelines for the use of cloud services and provides specific guidelines for controls and treatment of information security risks in them. This standard is international and is an extension of the ISO 27001 standard for information security and is based on ISO 27002 which defines the responsibilities of end customers and service providers in cloud services, which makes it possible to make these services more secure.
Removal or return of cloud resources after contract ending between the supplier and the customer.
Security and separation between the client's environment and other environments in the cloud.
Configuring virtual machines.
Administrative actions and administrative procedures related to the cloud environment.
Synchronization and matching between the virtual environment and the network in the cloud.
The standard includes instructions for the cloud environment for 37 controls that appear in the ISO27002 standard. In addition to this, the standard includes instructions for 7 individual controls for cloud computing as detailed below:
Monitoring the client's activity in the cloud.
Who is responsible between the cloud service provider and the cloud service customer.
?How It Works
The steps of the process
Information gathering
Meetings with people, familiarization with processes and technologies: familiarization with organizational structure, business processes in the company, work procedures and information systems used in the company.
1
3
Correction and update
Treatment of gaps by a professional team with specializations in the relevant fields such as: content experts to write information security procedures, professional testers who will perform penetration tests.
2
Information analysis
Analysis of the existing situation in the company against the requirements of the standard for each of the sections. Presentation of gaps in a summary report with recommendations and prioritization for treatment.
4
External audit
An external audit is performed by one of the authorized institutes. The auditor goes through the SOA, the statement of applicability and supporting references and at the end issues a certificate of certification for compliance with the standard.