punyam academy
109 posts
Mar 06, 2024
1:52 AM
|
Effective implementation of ISO 27017 relies on a well-defined set of documents that address cloud-specific security considerations. Here's a closer look at some critical ISO 27017 documents:
- Risk Assessment for Cloud Services: Building upon the broader risk assessment conducted for the ISMS, this document focuses on cloud-specific risks. It should identify potential threats associated with shared responsibility models, data residency, and reliance on the CSP's security posture.
- Security Controls for Cloud Services: This document details the specific security controls chosen to mitigate cloud-related risks. These controls may address areas like encryption of data at rest and in transit, access management for cloud resources, and logging and monitoring practices within the cloud environment.
- Procedures for Cloud Service Use: Defined procedures guide employees on the appropriate use of cloud services. These procedures may cover aspects like data transfer protocols, acceptable use of cloud storage, and reporting security incidents within the cloud environment.
ISO 27017 Procedures
|
