SlideShare ist ein Scribd-Unternehmen logo

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Schellman & Company
Schellman & Company

ISO 27017 /27018 is the first international code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). Discover: • Background of ISO 27017 and 27018 • Scope and Purpose • Comparison with ISO 27001 and 27002 • Future of ISO 27017 with ISO 27018 • Challenges and Benefits • Certification Process and Next Steps

Serviceleistungen
1 von 31
Downloaden Sie, um offline zu lesen
Locking Up Your Cloud Environment | 1 LOCKING UP YOUR CLOUD ENVIRONMENT An Introduction to ISO/IEC 27017 and ISO/IEC 27018
Locking Up Your Cloud Environment | 2 • Introduction • ISO 27017 Overview • ISO 27018 Overview • ISO 27017 and ISO 27018 Application • ISO 27017 and ISO 27018 Audit Approach • Market Acceptance of ISO 27017 and ISO 27018 • Q&A Agenda
Locking Up Your Cloud Environment | 3 RYAN MACKIE ISO Certification Practice Director
Locking Up Your Cloud Environment | 4 ISO 27017 Overview
Locking Up Your Cloud Environment | 5 • Based on ISO/IEC 27002 for cloud providers • December 15, 2015 • Applicable to the provision and use of cloud services • Supplement to ISO 27002 for cloud providers ISO 27017 Overview
Locking Up Your Cloud Environment | 6 • Alignment to ISO 27001 Annex A / ISO 27002 • Cloud server provider control guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27017 Design
Locking Up Your Cloud Environment | 7 • 35 supplemental controls to ISO 27001 Annex A – All domains but Information Security Aspects of Business Continuity – A5 (1), A6 (2), A7 (1), A8 (2), A9 (7), A10 (2), A11 (1), A12 (6), A13 (1), A14 (2), A15 (2), A16 (3), A18 (5) 27017 Depth – Supplemental Controls
Locking Up Your Cloud Environment | 8 • 7 extended controls (27017 Annex A) – Covers domains A6, A8, A9, A12, and A13 – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
Locking Up Your Cloud Environment | 9 27017 – How Unique? • Not very unique • Most CSPs are already designed to meet 27017 • Supplemental Control Example • Extended control
Locking Up Your Cloud Environment | 10 ISO 27018 Overview
Locking Up Your Cloud Environment | 11 • Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • Issued August 1, 2014 • Commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. • Supplement to ISO 27002 for public cloud providers ISO 27018 Overview
Locking Up Your Cloud Environment | 12 • Alignment to ISO 27001 Annex A / ISO 27002 • Public cloud PII protection control implementation guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27018 Design
Locking Up Your Cloud Environment | 13 • 14 supplemental controls to ISO 27001 Annex A – All domains but Asset Management; System Acquisition, Development, and Maintenance; Supplier Relationships; and Information Security Aspects of Business Continuity Management – A5 (1), A6 (1), A7 (1), A9 (2), A10 (1), A11 (1), A12 (4), A13 (1), A16 (1), A18 (1) 27018 Depth – Supplemental Controls
Locking Up Your Cloud Environment | 14 • 25 extended controls (based on 11 privacy principles of ISO/IEC 29100) – Covers: • Consent and Choice; Purpose legitimacy and specification; Data minimization; Use, retention and disclosure limitation; Openness, transparency and notice; Accountability; Information security; and Privacy compliance – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
Locking Up Your Cloud Environment | 15 • More unique than 27017 • Incorporation of privacy principles • Supplemental Control Example – A11.2.7– Secure disposal or re-use of equipment – Equipment containing storage media that may possibly contain PII should be treated as though it does • Extended control – A.4 – Data Minimization – Temporary files and documents should be erased or destroyed within a specified, documented period 27017 – How Unique?
Locking Up Your Cloud Environment | 16 ISO 27017 and ISO 27018 Application
Locking Up Your Cloud Environment | 17 • Modify the scope statement as applicable • Ensure appropriate inclusion through identification of: – Internal and external issues – Needs and expectations of interested parties – Interfaces and dependencies performed by the organization and those performed by other organization Design – Scope (Clause 4)
Locking Up Your Cloud Environment | 18 • Identification of supplemental and extended controls through the risk assessment process • Controls should be necessary to mitigate risk applicable to scope • Apply appropriate treatment if necessary Design – Risk Assessment (Clause 6)
Locking Up Your Cloud Environment | 19 • Incorporate supplemental / extended controls into the SOA • Justification of inclusion / exclusion still apply (for entire related standard) • Determine if the supplemental / extended control is in place Design – Statement of Applicability (Clause 6)
Locking Up Your Cloud Environment | 20 • Modify the information security objectives as appropriate • Ensure to measure any modification to the information security objectives Design – Objectives (Clause 6)
Locking Up Your Cloud Environment | 21 • Measure key supplemental / extended controls to ensure effectiveness • Ensure appropriate and proper criteria is applied • Include relevant personnel Monitoring – Measurement (Clause 9.1)
Locking Up Your Cloud Environment | 22 • Incorporation into audit plan / program • Assessment of results • Planned remediation Monitoring – Internal Audit (Clause 9.2)
Locking Up Your Cloud Environment | 23 ISO 27017 and ISO 27018 Audit Approach
Locking Up Your Cloud Environment | 24 • Stage 2 incorporation of 27017 and/or 27018 • Statement of applicability acts as a audit road map Initial Certification
Locking Up Your Cloud Environment | 25 • Perform regular maintenance review to ensure continued conformance and operating effectiveness of the ISMS • Apply heavier focus on inclusion of ISO 27017 and/or ISO 27018 Surveillance / Recertification
Locking Up Your Cloud Environment | 26 • Specifically focus on inclusion of ISO 27017 and/or ISO 27018 • Assess relevant elements of ISMS and supplemental / extended controls Scope Expansion
Locking Up Your Cloud Environment | 27 • Included as a part of the scope statement, related to SOA based on ISO 27017 and/or ISO 27018 • Available on certificate directory • No unique mark or certificate issued for ISO 27017 and/or ISO 27018 (i.e. unaccredited certificates) Inclusion on Certificate
Locking Up Your Cloud Environment | 28 Market Acceptance of ISO 27017 and ISO 27018
Locking Up Your Cloud Environment | 29 • Relatively new • Market adoption driven by customers and/or competitors • General cloud application v. CSA STAR Program ISO 27017
Locking Up Your Cloud Environment | 30 • Greater acceptance • Withdrawal of Safe Harbor • Greater interest in privacy and security, specifically for cloud services ISO 27018
Locking Up Your Cloud Environment | 31 Thank You

Empfohlen

ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxforam74
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 

Empfohlen

ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxforam74
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxMukesh Pant
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceIT Governance Ltd
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0IT Governance Ltd
 

Weitere ähnliche Inhalte

Was ist angesagt?

Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxMukesh Pant
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 

Was ist angesagt? (20)

Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptx
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 

Ähnlich wie Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceIT Governance Ltd
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0IT Governance Ltd
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Why_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxWhy_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxyeliga7878
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayColin Gray
 
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreAllison Wong
 
KH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson
 
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...IEVISION IT SERVICES Pvt. Ltd
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...IEVISION IT SERVICES Pvt. Ltd
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...acinfotec
 
Implementing ISO20000
Implementing ISO20000Implementing ISO20000
Implementing ISO20000NUS-ISS
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 

Ähnlich wie Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018 (20)

Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
Why_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxWhy_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptx
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin Gray
 
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
 
KH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 Baltimore
 
ISO 27001 definitions
ISO 27001 definitionsISO 27001 definitions
ISO 27001 definitions
 
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
 
Implementing ISO20000
Implementing ISO20000Implementing ISO20000
Implementing ISO20000
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
 

Mehr von Schellman & Company

Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 

Mehr von Schellman & Company (18)

Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Kürzlich hochgeladen

Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash PaymentCall Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Paymentaakahthapa70
 
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All StarCall Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All StarLipikasharma29
 
Trusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂EscortsLipikasharma29
 
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts ServiceBook Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Servicemonikaservice1
 
Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712
Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712
Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712Delhi Escorts Service
 
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncrthapariya601
 
NAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALLNAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALLNiteshKumar82226
 
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncrthapariya601
 
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCRCall Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCRsafdarjungdelhi1
 
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncrthapariya601
 
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...Ayesha Khan
 
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsLipikasharma29
 
Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474
Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474
Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474thapariya601
 
Call Girls In New Delhi Railway Station 9667422720 Top Quality Escorts Service
Call Girls In New Delhi Railway Station 9667422720 Top Quality Escorts ServiceCall Girls In New Delhi Railway Station 9667422720 Top Quality Escorts Service
Call Girls In New Delhi Railway Station 9667422720 Top Quality Escorts ServiceLipikasharma29
 
(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)riyaescorts54
 
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...delhincr993
 
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)ayushiverma1100
 
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...aakahthapa70
 
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝thapagita
 

Kürzlich hochgeladen (20)

Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash PaymentCall Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
Call Girls In {Aerocity Delhi} 9667938988 Cheap Price Your Budget & Cash Payment
 
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All StarCall Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
 
Trusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Rohini Delhi꧁❤ 9667422720 ❤꧂Escorts
 
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts ServiceBook Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
Book Call Girls in Anand Vihar Delhi 8800357707 Escorts Service
 
Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712
Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712
Call Girls In Sector 26, (Gurgaon) Call Us. 9711911712
 
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Munirka Delhi Ncr
 
NAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALLNAGPUR CALL GIRL 92628*71154 NAGPUR CALL
NAGPUR CALL GIRL 92628*71154 NAGPUR CALL
 
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Mahipalpur Delhi Ncr
 
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCRCall Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
Call Us ➥9911191017▻Young Call Girls In Guru Dronacharya Metro Station Delhi NCR
 
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
9643097474 Full Enjoy @24/7 Call Girls In Khirki Extension Delhi Ncr
 
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
Call Girls In Islamabad ***03255523555*** Red Hot Call Girls In Islamabad Esc...
 
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂EscortsTrusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
Trusted Call~Girls In Shahdara Delhi ꧁❤ 9667422720 ❤꧂Escorts
 
9953056974 Low Rate Call Girls In Badarpur Delhi NCR
9953056974 Low Rate Call Girls In Badarpur Delhi NCR9953056974 Low Rate Call Girls In Badarpur Delhi NCR
9953056974 Low Rate Call Girls In Badarpur Delhi NCR
 
Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474
Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474
Tibetan Call Girls In Majnu Ka Tilla Delhi 9643097474
 
Call Girls In New Delhi Railway Station 9667422720 Top Quality Escorts Service
Call Girls In New Delhi Railway Station 9667422720 Top Quality Escorts ServiceCall Girls In New Delhi Railway Station 9667422720 Top Quality Escorts Service
Call Girls In New Delhi Railway Station 9667422720 Top Quality Escorts Service
 
(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 88 (NOIDA ESCORTS)
 
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
9899855202 Call Girls In Goa This Ads Is Only For Those Clients Who Are Looki...
 
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
Call Us ≽ 9643900018 ≼ Call Girls In Lado Sarai (Delhi)
 
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
Call Girls In {Aerocity Delhi} 98733@20244 Indian Russian High Profile Girls ...
 
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
Call Girls In Dwarka Delhi 💯Call Us 🔝9711014705🔝
 

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

  • 1. Locking Up Your Cloud Environment | 1 LOCKING UP YOUR CLOUD ENVIRONMENT An Introduction to ISO/IEC 27017 and ISO/IEC 27018
  • 2. Locking Up Your Cloud Environment | 2 • Introduction • ISO 27017 Overview • ISO 27018 Overview • ISO 27017 and ISO 27018 Application • ISO 27017 and ISO 27018 Audit Approach • Market Acceptance of ISO 27017 and ISO 27018 • Q&A Agenda
  • 3. Locking Up Your Cloud Environment | 3 RYAN MACKIE ISO Certification Practice Director
  • 4. Locking Up Your Cloud Environment | 4 ISO 27017 Overview
  • 5. Locking Up Your Cloud Environment | 5 • Based on ISO/IEC 27002 for cloud providers • December 15, 2015 • Applicable to the provision and use of cloud services • Supplement to ISO 27002 for cloud providers ISO 27017 Overview
  • 6. Locking Up Your Cloud Environment | 6 • Alignment to ISO 27001 Annex A / ISO 27002 • Cloud server provider control guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27017 Design
  • 7. Locking Up Your Cloud Environment | 7 • 35 supplemental controls to ISO 27001 Annex A – All domains but Information Security Aspects of Business Continuity – A5 (1), A6 (2), A7 (1), A8 (2), A9 (7), A10 (2), A11 (1), A12 (6), A13 (1), A14 (2), A15 (2), A16 (3), A18 (5) 27017 Depth – Supplemental Controls
  • 8. Locking Up Your Cloud Environment | 8 • 7 extended controls (27017 Annex A) – Covers domains A6, A8, A9, A12, and A13 – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
  • 9. Locking Up Your Cloud Environment | 9 27017 – How Unique? • Not very unique • Most CSPs are already designed to meet 27017 • Supplemental Control Example • Extended control
  • 10. Locking Up Your Cloud Environment | 10 ISO 27018 Overview
  • 11. Locking Up Your Cloud Environment | 11 • Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • Issued August 1, 2014 • Commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. • Supplement to ISO 27002 for public cloud providers ISO 27018 Overview
  • 12. Locking Up Your Cloud Environment | 12 • Alignment to ISO 27001 Annex A / ISO 27002 • Public cloud PII protection control implementation guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27018 Design
  • 13. Locking Up Your Cloud Environment | 13 • 14 supplemental controls to ISO 27001 Annex A – All domains but Asset Management; System Acquisition, Development, and Maintenance; Supplier Relationships; and Information Security Aspects of Business Continuity Management – A5 (1), A6 (1), A7 (1), A9 (2), A10 (1), A11 (1), A12 (4), A13 (1), A16 (1), A18 (1) 27018 Depth – Supplemental Controls
  • 14. Locking Up Your Cloud Environment | 14 • 25 extended controls (based on 11 privacy principles of ISO/IEC 29100) – Covers: • Consent and Choice; Purpose legitimacy and specification; Data minimization; Use, retention and disclosure limitation; Openness, transparency and notice; Accountability; Information security; and Privacy compliance – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
  • 15. Locking Up Your Cloud Environment | 15 • More unique than 27017 • Incorporation of privacy principles • Supplemental Control Example – A11.2.7– Secure disposal or re-use of equipment – Equipment containing storage media that may possibly contain PII should be treated as though it does • Extended control – A.4 – Data Minimization – Temporary files and documents should be erased or destroyed within a specified, documented period 27017 – How Unique?
  • 16. Locking Up Your Cloud Environment | 16 ISO 27017 and ISO 27018 Application
  • 17. Locking Up Your Cloud Environment | 17 • Modify the scope statement as applicable • Ensure appropriate inclusion through identification of: – Internal and external issues – Needs and expectations of interested parties – Interfaces and dependencies performed by the organization and those performed by other organization Design – Scope (Clause 4)
  • 18. Locking Up Your Cloud Environment | 18 • Identification of supplemental and extended controls through the risk assessment process • Controls should be necessary to mitigate risk applicable to scope • Apply appropriate treatment if necessary Design – Risk Assessment (Clause 6)
  • 19. Locking Up Your Cloud Environment | 19 • Incorporate supplemental / extended controls into the SOA • Justification of inclusion / exclusion still apply (for entire related standard) • Determine if the supplemental / extended control is in place Design – Statement of Applicability (Clause 6)
  • 20. Locking Up Your Cloud Environment | 20 • Modify the information security objectives as appropriate • Ensure to measure any modification to the information security objectives Design – Objectives (Clause 6)
  • 21. Locking Up Your Cloud Environment | 21 • Measure key supplemental / extended controls to ensure effectiveness • Ensure appropriate and proper criteria is applied • Include relevant personnel Monitoring – Measurement (Clause 9.1)
  • 22. Locking Up Your Cloud Environment | 22 • Incorporation into audit plan / program • Assessment of results • Planned remediation Monitoring – Internal Audit (Clause 9.2)
  • 23. Locking Up Your Cloud Environment | 23 ISO 27017 and ISO 27018 Audit Approach
  • 24. Locking Up Your Cloud Environment | 24 • Stage 2 incorporation of 27017 and/or 27018 • Statement of applicability acts as a audit road map Initial Certification
  • 25. Locking Up Your Cloud Environment | 25 • Perform regular maintenance review to ensure continued conformance and operating effectiveness of the ISMS • Apply heavier focus on inclusion of ISO 27017 and/or ISO 27018 Surveillance / Recertification
  • 26. Locking Up Your Cloud Environment | 26 • Specifically focus on inclusion of ISO 27017 and/or ISO 27018 • Assess relevant elements of ISMS and supplemental / extended controls Scope Expansion
  • 27. Locking Up Your Cloud Environment | 27 • Included as a part of the scope statement, related to SOA based on ISO 27017 and/or ISO 27018 • Available on certificate directory • No unique mark or certificate issued for ISO 27017 and/or ISO 27018 (i.e. unaccredited certificates) Inclusion on Certificate
  • 28. Locking Up Your Cloud Environment | 28 Market Acceptance of ISO 27017 and ISO 27018
  • 29. Locking Up Your Cloud Environment | 29 • Relatively new • Market adoption driven by customers and/or competitors • General cloud application v. CSA STAR Program ISO 27017
  • 30. Locking Up Your Cloud Environment | 30 • Greater acceptance • Withdrawal of Safe Harbor • Greater interest in privacy and security, specifically for cloud services ISO 27018
  • 31. Locking Up Your Cloud Environment | 31 Thank You