SlideShare uma empresa Scribd logo

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Schellman & Company
Schellman & Company

ISO 27017 /27018 is the first international code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). Discover: • Background of ISO 27017 and 27018 • Scope and Purpose • Comparison with ISO 27001 and 27002 • Future of ISO 27017 with ISO 27018 • Challenges and Benefits • Certification Process and Next Steps

Serviços
1 de 31
Baixar para ler offline
Locking Up Your Cloud Environment | 1 LOCKING UP YOUR CLOUD ENVIRONMENT An Introduction to ISO/IEC 27017 and ISO/IEC 27018
Locking Up Your Cloud Environment | 2 • Introduction • ISO 27017 Overview • ISO 27018 Overview • ISO 27017 and ISO 27018 Application • ISO 27017 and ISO 27018 Audit Approach • Market Acceptance of ISO 27017 and ISO 27018 • Q&A Agenda
Locking Up Your Cloud Environment | 3 RYAN MACKIE ISO Certification Practice Director
Locking Up Your Cloud Environment | 4 ISO 27017 Overview
Locking Up Your Cloud Environment | 5 • Based on ISO/IEC 27002 for cloud providers • December 15, 2015 • Applicable to the provision and use of cloud services • Supplement to ISO 27002 for cloud providers ISO 27017 Overview
Locking Up Your Cloud Environment | 6 • Alignment to ISO 27001 Annex A / ISO 27002 • Cloud server provider control guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27017 Design
Locking Up Your Cloud Environment | 7 • 35 supplemental controls to ISO 27001 Annex A – All domains but Information Security Aspects of Business Continuity – A5 (1), A6 (2), A7 (1), A8 (2), A9 (7), A10 (2), A11 (1), A12 (6), A13 (1), A14 (2), A15 (2), A16 (3), A18 (5) 27017 Depth – Supplemental Controls
Locking Up Your Cloud Environment | 8 • 7 extended controls (27017 Annex A) – Covers domains A6, A8, A9, A12, and A13 – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
Locking Up Your Cloud Environment | 9 27017 – How Unique? • Not very unique • Most CSPs are already designed to meet 27017 • Supplemental Control Example • Extended control
Locking Up Your Cloud Environment | 10 ISO 27018 Overview
Locking Up Your Cloud Environment | 11 • Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • Issued August 1, 2014 • Commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. • Supplement to ISO 27002 for public cloud providers ISO 27018 Overview
Locking Up Your Cloud Environment | 12 • Alignment to ISO 27001 Annex A / ISO 27002 • Public cloud PII protection control implementation guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27018 Design
Locking Up Your Cloud Environment | 13 • 14 supplemental controls to ISO 27001 Annex A – All domains but Asset Management; System Acquisition, Development, and Maintenance; Supplier Relationships; and Information Security Aspects of Business Continuity Management – A5 (1), A6 (1), A7 (1), A9 (2), A10 (1), A11 (1), A12 (4), A13 (1), A16 (1), A18 (1) 27018 Depth – Supplemental Controls
Locking Up Your Cloud Environment | 14 • 25 extended controls (based on 11 privacy principles of ISO/IEC 29100) – Covers: • Consent and Choice; Purpose legitimacy and specification; Data minimization; Use, retention and disclosure limitation; Openness, transparency and notice; Accountability; Information security; and Privacy compliance – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
Locking Up Your Cloud Environment | 15 • More unique than 27017 • Incorporation of privacy principles • Supplemental Control Example – A11.2.7– Secure disposal or re-use of equipment – Equipment containing storage media that may possibly contain PII should be treated as though it does • Extended control – A.4 – Data Minimization – Temporary files and documents should be erased or destroyed within a specified, documented period 27017 – How Unique?
Locking Up Your Cloud Environment | 16 ISO 27017 and ISO 27018 Application
Locking Up Your Cloud Environment | 17 • Modify the scope statement as applicable • Ensure appropriate inclusion through identification of: – Internal and external issues – Needs and expectations of interested parties – Interfaces and dependencies performed by the organization and those performed by other organization Design – Scope (Clause 4)
Locking Up Your Cloud Environment | 18 • Identification of supplemental and extended controls through the risk assessment process • Controls should be necessary to mitigate risk applicable to scope • Apply appropriate treatment if necessary Design – Risk Assessment (Clause 6)
Locking Up Your Cloud Environment | 19 • Incorporate supplemental / extended controls into the SOA • Justification of inclusion / exclusion still apply (for entire related standard) • Determine if the supplemental / extended control is in place Design – Statement of Applicability (Clause 6)
Locking Up Your Cloud Environment | 20 • Modify the information security objectives as appropriate • Ensure to measure any modification to the information security objectives Design – Objectives (Clause 6)
Locking Up Your Cloud Environment | 21 • Measure key supplemental / extended controls to ensure effectiveness • Ensure appropriate and proper criteria is applied • Include relevant personnel Monitoring – Measurement (Clause 9.1)
Locking Up Your Cloud Environment | 22 • Incorporation into audit plan / program • Assessment of results • Planned remediation Monitoring – Internal Audit (Clause 9.2)
Locking Up Your Cloud Environment | 23 ISO 27017 and ISO 27018 Audit Approach
Locking Up Your Cloud Environment | 24 • Stage 2 incorporation of 27017 and/or 27018 • Statement of applicability acts as a audit road map Initial Certification
Locking Up Your Cloud Environment | 25 • Perform regular maintenance review to ensure continued conformance and operating effectiveness of the ISMS • Apply heavier focus on inclusion of ISO 27017 and/or ISO 27018 Surveillance / Recertification
Locking Up Your Cloud Environment | 26 • Specifically focus on inclusion of ISO 27017 and/or ISO 27018 • Assess relevant elements of ISMS and supplemental / extended controls Scope Expansion
Locking Up Your Cloud Environment | 27 • Included as a part of the scope statement, related to SOA based on ISO 27017 and/or ISO 27018 • Available on certificate directory • No unique mark or certificate issued for ISO 27017 and/or ISO 27018 (i.e. unaccredited certificates) Inclusion on Certificate
Locking Up Your Cloud Environment | 28 Market Acceptance of ISO 27017 and ISO 27018
Locking Up Your Cloud Environment | 29 • Relatively new • Market adoption driven by customers and/or competitors • General cloud application v. CSA STAR Program ISO 27017
Locking Up Your Cloud Environment | 30 • Greater acceptance • Withdrawal of Safe Harbor • Greater interest in privacy and security, specifically for cloud services ISO 27018
Locking Up Your Cloud Environment | 31 Thank You

Recomendados

ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Recomendados

ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceIT Governance Ltd
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0IT Governance Ltd
 

Mais conteúdo relacionado

Mais procurados

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 

Mais procurados (20)

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
 

Semelhante a Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceIT Governance Ltd
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0IT Governance Ltd
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Why_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxWhy_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxyeliga7878
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayColin Gray
 
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreAllison Wong
 
KH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson
 
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...IEVISION IT SERVICES Pvt. Ltd
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...IEVISION IT SERVICES Pvt. Ltd
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...acinfotec
 
Implementing ISO20000
Implementing ISO20000Implementing ISO20000
Implementing ISO20000NUS-ISS
 

Semelhante a Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018 (20)

Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
Why_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxWhy_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptx
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin Gray
 
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
 
KH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 Baltimore
 
ISO 27001 definitions
ISO 27001 definitionsISO 27001 definitions
ISO 27001 definitions
 
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
 
Implementing ISO20000
Implementing ISO20000Implementing ISO20000
Implementing ISO20000
 

Mais de Schellman & Company

Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 

Mais de Schellman & Company (18)

Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Último

Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...
Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...
Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...Sheetaleventcompany
 
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.riyadelhic riyadelhic
 
VAPI CALL GIRL 92628/71154 VAPI CALL GIR
VAPI CALL GIRL 92628/71154 VAPI CALL GIRVAPI CALL GIRL 92628/71154 VAPI CALL GIR
VAPI CALL GIRL 92628/71154 VAPI CALL GIRNiteshKumar82226
 
Best VIP Call Girls Noida Sector 23 Call Me: 8700611579
Best VIP Call Girls Noida Sector 23 Call Me: 8700611579Best VIP Call Girls Noida Sector 23 Call Me: 8700611579
Best VIP Call Girls Noida Sector 23 Call Me: 8700611579diyaspanoida
 
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...aakahthapa70
 
KAKINADA CALL GIRL 92628/71154 KAKINADA C
KAKINADA CALL GIRL 92628/71154 KAKINADA CKAKINADA CALL GIRL 92628/71154 KAKINADA C
KAKINADA CALL GIRL 92628/71154 KAKINADA CNiteshKumar82226
 
DIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GIDIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GINiteshKumar82226
 
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579diyaspanoida
 
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...riyasharma00119
 
Radhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts serviceRadhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts servicerahul222jai
 
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...aakahthapa70
 
Call Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near MeCall Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near MeIfra Zohaib
 
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...aakahthapa70
 
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 60009891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000teencall080
 
CALL GIRLS 9999288940 women seeking men Locanto No Advance North Goa
CALL GIRLS 9999288940 women seeking men Locanto No Advance North GoaCALL GIRLS 9999288940 women seeking men Locanto No Advance North Goa
CALL GIRLS 9999288940 women seeking men Locanto No Advance North Goadelhincr993
 
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579diyaspanoida
 
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...Pooja Nehwal
 
Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848Ifra Zohaib
 

Último (20)

Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...
Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...
Call Girl Rohini ❤️7065000506 Pooja@ Rohini Call Girls Near Me ❤️♀️@ Sexy Cal...
 
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
 
VAPI CALL GIRL 92628/71154 VAPI CALL GIR
VAPI CALL GIRL 92628/71154 VAPI CALL GIRVAPI CALL GIRL 92628/71154 VAPI CALL GIR
VAPI CALL GIRL 92628/71154 VAPI CALL GIR
 
Best VIP Call Girls Noida Sector 23 Call Me: 8700611579
Best VIP Call Girls Noida Sector 23 Call Me: 8700611579Best VIP Call Girls Noida Sector 23 Call Me: 8700611579
Best VIP Call Girls Noida Sector 23 Call Me: 8700611579
 
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
Call Girls In {{Laxmi Nagar Delhi}} 9667938988 Indian Russian High Profile Es...
 
KAKINADA CALL GIRL 92628/71154 KAKINADA C
KAKINADA CALL GIRL 92628/71154 KAKINADA CKAKINADA CALL GIRL 92628/71154 KAKINADA C
KAKINADA CALL GIRL 92628/71154 KAKINADA C
 
DIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GIDIGHA CALL GIRL 92628/1154 DIGHA CALL GI
DIGHA CALL GIRL 92628/1154 DIGHA CALL GI
 
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
 
➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR
➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR
➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR
 
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
 
Goa Call Girls 🥰 +91 9540619990 📍Service Girls In Goa
Goa Call Girls 🥰 +91 9540619990 📍Service Girls In GoaGoa Call Girls 🥰 +91 9540619990 📍Service Girls In Goa
Goa Call Girls 🥰 +91 9540619990 📍Service Girls In Goa
 
Radhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts serviceRadhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts service
 
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
 
Call Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near MeCall Girls | 😏💦 03274100048 | Call Girls Near Me
Call Girls | 😏💦 03274100048 | Call Girls Near Me
 
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
Call Girls In {{Connaught Place Delhi}}96679@38988 Indian Russian High Profil...
 
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 60009891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
9891550660 Call Girls In Noida Sector 62 Short 1500 Night 6000
 
CALL GIRLS 9999288940 women seeking men Locanto No Advance North Goa
CALL GIRLS 9999288940 women seeking men Locanto No Advance North GoaCALL GIRLS 9999288940 women seeking men Locanto No Advance North Goa
CALL GIRLS 9999288940 women seeking men Locanto No Advance North Goa
 
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
 
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
Call US Pooja📞 9892124323 ✅Call Girls In Mira Road ( Mumbai ) secure service...
 
Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848
 

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

  • 1. Locking Up Your Cloud Environment | 1 LOCKING UP YOUR CLOUD ENVIRONMENT An Introduction to ISO/IEC 27017 and ISO/IEC 27018
  • 2. Locking Up Your Cloud Environment | 2 • Introduction • ISO 27017 Overview • ISO 27018 Overview • ISO 27017 and ISO 27018 Application • ISO 27017 and ISO 27018 Audit Approach • Market Acceptance of ISO 27017 and ISO 27018 • Q&A Agenda
  • 3. Locking Up Your Cloud Environment | 3 RYAN MACKIE ISO Certification Practice Director
  • 4. Locking Up Your Cloud Environment | 4 ISO 27017 Overview
  • 5. Locking Up Your Cloud Environment | 5 • Based on ISO/IEC 27002 for cloud providers • December 15, 2015 • Applicable to the provision and use of cloud services • Supplement to ISO 27002 for cloud providers ISO 27017 Overview
  • 6. Locking Up Your Cloud Environment | 6 • Alignment to ISO 27001 Annex A / ISO 27002 • Cloud server provider control guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27017 Design
  • 7. Locking Up Your Cloud Environment | 7 • 35 supplemental controls to ISO 27001 Annex A – All domains but Information Security Aspects of Business Continuity – A5 (1), A6 (2), A7 (1), A8 (2), A9 (7), A10 (2), A11 (1), A12 (6), A13 (1), A14 (2), A15 (2), A16 (3), A18 (5) 27017 Depth – Supplemental Controls
  • 8. Locking Up Your Cloud Environment | 8 • 7 extended controls (27017 Annex A) – Covers domains A6, A8, A9, A12, and A13 – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
  • 9. Locking Up Your Cloud Environment | 9 27017 – How Unique? • Not very unique • Most CSPs are already designed to meet 27017 • Supplemental Control Example • Extended control
  • 10. Locking Up Your Cloud Environment | 10 ISO 27018 Overview
  • 11. Locking Up Your Cloud Environment | 11 • Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • Issued August 1, 2014 • Commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. • Supplement to ISO 27002 for public cloud providers ISO 27018 Overview
  • 12. Locking Up Your Cloud Environment | 12 • Alignment to ISO 27001 Annex A / ISO 27002 • Public cloud PII protection control implementation guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27018 Design
  • 13. Locking Up Your Cloud Environment | 13 • 14 supplemental controls to ISO 27001 Annex A – All domains but Asset Management; System Acquisition, Development, and Maintenance; Supplier Relationships; and Information Security Aspects of Business Continuity Management – A5 (1), A6 (1), A7 (1), A9 (2), A10 (1), A11 (1), A12 (4), A13 (1), A16 (1), A18 (1) 27018 Depth – Supplemental Controls
  • 14. Locking Up Your Cloud Environment | 14 • 25 extended controls (based on 11 privacy principles of ISO/IEC 29100) – Covers: • Consent and Choice; Purpose legitimacy and specification; Data minimization; Use, retention and disclosure limitation; Openness, transparency and notice; Accountability; Information security; and Privacy compliance – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
  • 15. Locking Up Your Cloud Environment | 15 • More unique than 27017 • Incorporation of privacy principles • Supplemental Control Example – A11.2.7– Secure disposal or re-use of equipment – Equipment containing storage media that may possibly contain PII should be treated as though it does • Extended control – A.4 – Data Minimization – Temporary files and documents should be erased or destroyed within a specified, documented period 27017 – How Unique?
  • 16. Locking Up Your Cloud Environment | 16 ISO 27017 and ISO 27018 Application
  • 17. Locking Up Your Cloud Environment | 17 • Modify the scope statement as applicable • Ensure appropriate inclusion through identification of: – Internal and external issues – Needs and expectations of interested parties – Interfaces and dependencies performed by the organization and those performed by other organization Design – Scope (Clause 4)
  • 18. Locking Up Your Cloud Environment | 18 • Identification of supplemental and extended controls through the risk assessment process • Controls should be necessary to mitigate risk applicable to scope • Apply appropriate treatment if necessary Design – Risk Assessment (Clause 6)
  • 19. Locking Up Your Cloud Environment | 19 • Incorporate supplemental / extended controls into the SOA • Justification of inclusion / exclusion still apply (for entire related standard) • Determine if the supplemental / extended control is in place Design – Statement of Applicability (Clause 6)
  • 20. Locking Up Your Cloud Environment | 20 • Modify the information security objectives as appropriate • Ensure to measure any modification to the information security objectives Design – Objectives (Clause 6)
  • 21. Locking Up Your Cloud Environment | 21 • Measure key supplemental / extended controls to ensure effectiveness • Ensure appropriate and proper criteria is applied • Include relevant personnel Monitoring – Measurement (Clause 9.1)
  • 22. Locking Up Your Cloud Environment | 22 • Incorporation into audit plan / program • Assessment of results • Planned remediation Monitoring – Internal Audit (Clause 9.2)
  • 23. Locking Up Your Cloud Environment | 23 ISO 27017 and ISO 27018 Audit Approach
  • 24. Locking Up Your Cloud Environment | 24 • Stage 2 incorporation of 27017 and/or 27018 • Statement of applicability acts as a audit road map Initial Certification
  • 25. Locking Up Your Cloud Environment | 25 • Perform regular maintenance review to ensure continued conformance and operating effectiveness of the ISMS • Apply heavier focus on inclusion of ISO 27017 and/or ISO 27018 Surveillance / Recertification
  • 26. Locking Up Your Cloud Environment | 26 • Specifically focus on inclusion of ISO 27017 and/or ISO 27018 • Assess relevant elements of ISMS and supplemental / extended controls Scope Expansion
  • 27. Locking Up Your Cloud Environment | 27 • Included as a part of the scope statement, related to SOA based on ISO 27017 and/or ISO 27018 • Available on certificate directory • No unique mark or certificate issued for ISO 27017 and/or ISO 27018 (i.e. unaccredited certificates) Inclusion on Certificate
  • 28. Locking Up Your Cloud Environment | 28 Market Acceptance of ISO 27017 and ISO 27018
  • 29. Locking Up Your Cloud Environment | 29 • Relatively new • Market adoption driven by customers and/or competitors • General cloud application v. CSA STAR Program ISO 27017
  • 30. Locking Up Your Cloud Environment | 30 • Greater acceptance • Withdrawal of Safe Harbor • Greater interest in privacy and security, specifically for cloud services ISO 27018
  • 31. Locking Up Your Cloud Environment | 31 Thank You