SlideShare a Scribd company logo

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Schellman & Company
Schellman & Company

ISO 27017 /27018 is the first international code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). Discover: • Background of ISO 27017 and 27018 • Scope and Purpose • Comparison with ISO 27001 and 27002 • Future of ISO 27017 with ISO 27018 • Challenges and Benefits • Certification Process and Next Steps

1 of 31
Download to read offline
Locking Up Your Cloud Environment | 1 LOCKING UP YOUR CLOUD ENVIRONMENT An Introduction to ISO/IEC 27017 and ISO/IEC 27018
Locking Up Your Cloud Environment | 2 • Introduction • ISO 27017 Overview • ISO 27018 Overview • ISO 27017 and ISO 27018 Application • ISO 27017 and ISO 27018 Audit Approach • Market Acceptance of ISO 27017 and ISO 27018 • Q&A Agenda
Locking Up Your Cloud Environment | 3 RYAN MACKIE ISO Certification Practice Director
Locking Up Your Cloud Environment | 4 ISO 27017 Overview
Locking Up Your Cloud Environment | 5 • Based on ISO/IEC 27002 for cloud providers • December 15, 2015 • Applicable to the provision and use of cloud services • Supplement to ISO 27002 for cloud providers ISO 27017 Overview
Locking Up Your Cloud Environment | 6 • Alignment to ISO 27001 Annex A / ISO 27002 • Cloud server provider control guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27017 Design
Locking Up Your Cloud Environment | 7 • 35 supplemental controls to ISO 27001 Annex A – All domains but Information Security Aspects of Business Continuity – A5 (1), A6 (2), A7 (1), A8 (2), A9 (7), A10 (2), A11 (1), A12 (6), A13 (1), A14 (2), A15 (2), A16 (3), A18 (5) 27017 Depth – Supplemental Controls
Locking Up Your Cloud Environment | 8 • 7 extended controls (27017 Annex A) – Covers domains A6, A8, A9, A12, and A13 – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
Locking Up Your Cloud Environment | 9 27017 – How Unique? • Not very unique • Most CSPs are already designed to meet 27017 • Supplemental Control Example • Extended control
Locking Up Your Cloud Environment | 10 ISO 27018 Overview
Locking Up Your Cloud Environment | 11 • Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • Issued August 1, 2014 • Commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. • Supplement to ISO 27002 for public cloud providers ISO 27018 Overview
Locking Up Your Cloud Environment | 12 • Alignment to ISO 27001 Annex A / ISO 27002 • Public cloud PII protection control implementation guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27018 Design
Locking Up Your Cloud Environment | 13 • 14 supplemental controls to ISO 27001 Annex A – All domains but Asset Management; System Acquisition, Development, and Maintenance; Supplier Relationships; and Information Security Aspects of Business Continuity Management – A5 (1), A6 (1), A7 (1), A9 (2), A10 (1), A11 (1), A12 (4), A13 (1), A16 (1), A18 (1) 27018 Depth – Supplemental Controls
Locking Up Your Cloud Environment | 14 • 25 extended controls (based on 11 privacy principles of ISO/IEC 29100) – Covers: • Consent and Choice; Purpose legitimacy and specification; Data minimization; Use, retention and disclosure limitation; Openness, transparency and notice; Accountability; Information security; and Privacy compliance – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
Locking Up Your Cloud Environment | 15 • More unique than 27017 • Incorporation of privacy principles • Supplemental Control Example – A11.2.7– Secure disposal or re-use of equipment – Equipment containing storage media that may possibly contain PII should be treated as though it does • Extended control – A.4 – Data Minimization – Temporary files and documents should be erased or destroyed within a specified, documented period 27017 – How Unique?
Locking Up Your Cloud Environment | 16 ISO 27017 and ISO 27018 Application
Locking Up Your Cloud Environment | 17 • Modify the scope statement as applicable • Ensure appropriate inclusion through identification of: – Internal and external issues – Needs and expectations of interested parties – Interfaces and dependencies performed by the organization and those performed by other organization Design – Scope (Clause 4)
Locking Up Your Cloud Environment | 18 • Identification of supplemental and extended controls through the risk assessment process • Controls should be necessary to mitigate risk applicable to scope • Apply appropriate treatment if necessary Design – Risk Assessment (Clause 6)
Locking Up Your Cloud Environment | 19 • Incorporate supplemental / extended controls into the SOA • Justification of inclusion / exclusion still apply (for entire related standard) • Determine if the supplemental / extended control is in place Design – Statement of Applicability (Clause 6)
Locking Up Your Cloud Environment | 20 • Modify the information security objectives as appropriate • Ensure to measure any modification to the information security objectives Design – Objectives (Clause 6)
Locking Up Your Cloud Environment | 21 • Measure key supplemental / extended controls to ensure effectiveness • Ensure appropriate and proper criteria is applied • Include relevant personnel Monitoring – Measurement (Clause 9.1)
Locking Up Your Cloud Environment | 22 • Incorporation into audit plan / program • Assessment of results • Planned remediation Monitoring – Internal Audit (Clause 9.2)
Locking Up Your Cloud Environment | 23 ISO 27017 and ISO 27018 Audit Approach
Locking Up Your Cloud Environment | 24 • Stage 2 incorporation of 27017 and/or 27018 • Statement of applicability acts as a audit road map Initial Certification
Locking Up Your Cloud Environment | 25 • Perform regular maintenance review to ensure continued conformance and operating effectiveness of the ISMS • Apply heavier focus on inclusion of ISO 27017 and/or ISO 27018 Surveillance / Recertification
Locking Up Your Cloud Environment | 26 • Specifically focus on inclusion of ISO 27017 and/or ISO 27018 • Assess relevant elements of ISMS and supplemental / extended controls Scope Expansion
Locking Up Your Cloud Environment | 27 • Included as a part of the scope statement, related to SOA based on ISO 27017 and/or ISO 27018 • Available on certificate directory • No unique mark or certificate issued for ISO 27017 and/or ISO 27018 (i.e. unaccredited certificates) Inclusion on Certificate
Locking Up Your Cloud Environment | 28 Market Acceptance of ISO 27017 and ISO 27018
Locking Up Your Cloud Environment | 29 • Relatively new • Market adoption driven by customers and/or competitors • General cloud application v. CSA STAR Program ISO 27017
Locking Up Your Cloud Environment | 30 • Greater acceptance • Withdrawal of Safe Harbor • Greater interest in privacy and security, specifically for cloud services ISO 27018
Locking Up Your Cloud Environment | 31 Thank You

Recommended

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
Schellman & Company
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
Alvin Integrated Services [AIS]
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 

Recommended

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
Schellman & Company
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
Alvin Integrated Services [AIS]
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
Global Manager Group
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
Schellman & Company
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
Jerimi Soma
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
IT Governance Ltd
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
IT Governance Ltd
 

More Related Content

What's hot

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
HasnolAhmad2
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
Global Manager Group
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
Schellman & Company
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
Jerimi Soma
 

What's hot (20)

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
 

Similar to Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
IT Governance Ltd
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
IT Governance Ltd
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
Schellman & Company
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
Corporacion Colombia Digital
 
Why_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxWhy_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptx
yeliga7878
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin Gray
Colin Gray
 
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Allison Wong
 
KH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson
 
ISO 27001 definitions
ISO 27001 definitionsISO 27001 definitions
ISO 27001 definitions
Mouhammad Esayed
 
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
IEVISION IT SERVICES Pvt. Ltd
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
IEVISION IT SERVICES Pvt. Ltd
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
acinfotec
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
IEVISION IT SERVICES Pvt. Ltd
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
IEVISION IT SERVICES Pvt. Ltd
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
IEVISION IT SERVICES Pvt. Ltd
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Seetharam Kandarpa ASQ CMQ/OE, CPGP, CQA
 

Similar to Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018 (20)

Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
Why_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptxWhy_ISO_27001_Awareness_Presentation_EN.pptx
Why_ISO_27001_Awareness_Presentation_EN.pptx
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin Gray
 
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 BaltimoreKym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
Kym Henderson - ISO EVM Presentation IPMW 2019 Baltimore
 
KH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 BaltimoreKH ISO EVM Presentation IPMW 2019 Baltimore
KH ISO EVM Presentation IPMW 2019 Baltimore
 
ISO 27001 definitions
ISO 27001 definitionsISO 27001 definitions
ISO 27001 definitions
 
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
ISO 27001 Lead Auditor Training Course | ISO 27001 Lead Auditor Certification...
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
 
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management SystemsOverview of ISO 19011:2018 Guidelines for Auditing Management Systems
Overview of ISO 19011:2018 Guidelines for Auditing Management Systems
 

More from Schellman & Company

Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
Schellman & Company
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
Schellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
Schellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
Schellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
Schellman & Company
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
Schellman & Company
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
Schellman & Company
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Schellman & Company
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
Schellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
Schellman & Company
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
Schellman & Company
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
Schellman & Company
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
Schellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
Schellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
Schellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
Schellman & Company
 

More from Schellman & Company (17)

Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Recently uploaded

Greeting powerpoint slide for kids( 4-6 years old)
Greeting powerpoint slide for kids( 4-6 years old)Greeting powerpoint slide for kids( 4-6 years old)
Greeting powerpoint slide for kids( 4-6 years old)
lenguyenthaotrang663
 
WORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICEWORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICE
RKIMT
 
Copy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptxCopy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptx
Brokerreviewfx
 
Office Business Furnishings | Office Equipment
Office Business Furnishings | Office EquipmentOffice Business Furnishings | Office Equipment
Office Business Furnishings | Office Equipment
OFWD
 
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques SupplierAll Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
Trophy-World Malaysia Your #1 Rated Trophy Supplier
 
Solar Panel For Home Price List In india
Solar Panel For Home Price List In indiaSolar Panel For Home Price List In india
Solar Panel For Home Price List In india
janhaviconaxweb
 
x ray baggage scanner manufacturers in India
x ray baggage scanner manufacturers in Indiax ray baggage scanner manufacturers in India
x ray baggage scanner manufacturers in India
Gujar Industries India Pvt. Ltd
 
METS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdfMETS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdf
sandeepmetsuae
 
Bridging the Language Gap The Power of Simultaneous Interpretation in Rwanda
Bridging the Language Gap The Power of Simultaneous Interpretation in RwandaBridging the Language Gap The Power of Simultaneous Interpretation in Rwanda
Bridging the Language Gap The Power of Simultaneous Interpretation in Rwanda
Kasuku Translation Ltd
 
Satrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptx
Satrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptxSatrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptx
Satrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptx
RichoRamadhan2
 
DOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce ExcellenceDOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce Excellence
Himanshu
 
Discover How Long Do Aluminum Gutters Last?
Discover How Long Do Aluminum Gutters Last?Discover How Long Do Aluminum Gutters Last?
Discover How Long Do Aluminum Gutters Last?
SteveRiddle8
 
Citizen Air Conditioning Services|Air Conditioning Nyc
Citizen Air Conditioning Services|Air Conditioning NycCitizen Air Conditioning Services|Air Conditioning Nyc
Citizen Air Conditioning Services|Air Conditioning Nyc
citizenairconditioni
 
The Significance of Flowers in Our Lives
The Significance of Flowers in Our LivesThe Significance of Flowers in Our Lives
The Significance of Flowers in Our Lives
BISOU Flowers
 
Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...
Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...
Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...
Barrownz.in
 
USCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdf
USCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdfUSCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdf
USCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdf
Pin-iT Military Uniform Tools
 
Best Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA StudiesBest Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA Studies
SAGA Studies
 
Emmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A PhilanthropistEmmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A Philanthropist
Marina Costa
 
Best steel industrial company LLC in UAE
Best steel industrial company LLC in UAEBest steel industrial company LLC in UAE
Best steel industrial company LLC in UAE
alafnanmetals
 
3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada
Lakshay Gandhi
 

Recently uploaded (20)

Greeting powerpoint slide for kids( 4-6 years old)
Greeting powerpoint slide for kids( 4-6 years old)Greeting powerpoint slide for kids( 4-6 years old)
Greeting powerpoint slide for kids( 4-6 years old)
 
WORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICEWORK PERMIT IN NORWAY | WORK VISA SERVICE
WORK PERMIT IN NORWAY | WORK VISA SERVICE
 
Copy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptxCopy Trading Forex Brokers 2024 ptx
Copy Trading Forex Brokers 2024 ptx
 
Office Business Furnishings | Office Equipment
Office Business Furnishings | Office EquipmentOffice Business Furnishings | Office Equipment
Office Business Furnishings | Office Equipment
 
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques SupplierAll Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
 
Solar Panel For Home Price List In india
Solar Panel For Home Price List In indiaSolar Panel For Home Price List In india
Solar Panel For Home Price List In india
 
x ray baggage scanner manufacturers in India
x ray baggage scanner manufacturers in Indiax ray baggage scanner manufacturers in India
x ray baggage scanner manufacturers in India
 
METS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdfMETS Lab SASO Certificate Services in Dubai.pdf
METS Lab SASO Certificate Services in Dubai.pdf
 
Bridging the Language Gap The Power of Simultaneous Interpretation in Rwanda
Bridging the Language Gap The Power of Simultaneous Interpretation in RwandaBridging the Language Gap The Power of Simultaneous Interpretation in Rwanda
Bridging the Language Gap The Power of Simultaneous Interpretation in Rwanda
 
Satrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptx
Satrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptxSatrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptx
Satrya Jaya Mulia - Company Profile - 2024 - CS PROJECT.pptx
 
DOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce ExcellenceDOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce Excellence
 
Discover How Long Do Aluminum Gutters Last?
Discover How Long Do Aluminum Gutters Last?Discover How Long Do Aluminum Gutters Last?
Discover How Long Do Aluminum Gutters Last?
 
Citizen Air Conditioning Services|Air Conditioning Nyc
Citizen Air Conditioning Services|Air Conditioning NycCitizen Air Conditioning Services|Air Conditioning Nyc
Citizen Air Conditioning Services|Air Conditioning Nyc
 
The Significance of Flowers in Our Lives
The Significance of Flowers in Our LivesThe Significance of Flowers in Our Lives
The Significance of Flowers in Our Lives
 
Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...
Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...
Keyword Density Evolution: Elevating SEO Excellence, Leading as Top SEO Agenc...
 
USCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdf
USCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdfUSCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdf
USCG Quick Guide For Uniform Medals and Ribbons wear and placement.pdf
 
Best Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA StudiesBest Immigration Consultants in Amritsar- SAGA Studies
Best Immigration Consultants in Amritsar- SAGA Studies
 
Emmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A PhilanthropistEmmanuel Katto Uganda - A Philanthropist
Emmanuel Katto Uganda - A Philanthropist
 
Best steel industrial company LLC in UAE
Best steel industrial company LLC in UAEBest steel industrial company LLC in UAE
Best steel industrial company LLC in UAE
 
3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada3 Examples of new capital gains taxes in Canada
3 Examples of new capital gains taxes in Canada
 

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

  • 1. Locking Up Your Cloud Environment | 1 LOCKING UP YOUR CLOUD ENVIRONMENT An Introduction to ISO/IEC 27017 and ISO/IEC 27018
  • 2. Locking Up Your Cloud Environment | 2 • Introduction • ISO 27017 Overview • ISO 27018 Overview • ISO 27017 and ISO 27018 Application • ISO 27017 and ISO 27018 Audit Approach • Market Acceptance of ISO 27017 and ISO 27018 • Q&A Agenda
  • 3. Locking Up Your Cloud Environment | 3 RYAN MACKIE ISO Certification Practice Director
  • 4. Locking Up Your Cloud Environment | 4 ISO 27017 Overview
  • 5. Locking Up Your Cloud Environment | 5 • Based on ISO/IEC 27002 for cloud providers • December 15, 2015 • Applicable to the provision and use of cloud services • Supplement to ISO 27002 for cloud providers ISO 27017 Overview
  • 6. Locking Up Your Cloud Environment | 6 • Alignment to ISO 27001 Annex A / ISO 27002 • Cloud server provider control guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27017 Design
  • 7. Locking Up Your Cloud Environment | 7 • 35 supplemental controls to ISO 27001 Annex A – All domains but Information Security Aspects of Business Continuity – A5 (1), A6 (2), A7 (1), A8 (2), A9 (7), A10 (2), A11 (1), A12 (6), A13 (1), A14 (2), A15 (2), A16 (3), A18 (5) 27017 Depth – Supplemental Controls
  • 8. Locking Up Your Cloud Environment | 8 • 7 extended controls (27017 Annex A) – Covers domains A6, A8, A9, A12, and A13 – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
  • 9. Locking Up Your Cloud Environment | 9 27017 – How Unique? • Not very unique • Most CSPs are already designed to meet 27017 • Supplemental Control Example • Extended control
  • 10. Locking Up Your Cloud Environment | 10 ISO 27018 Overview
  • 11. Locking Up Your Cloud Environment | 11 • Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • Issued August 1, 2014 • Commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. • Supplement to ISO 27002 for public cloud providers ISO 27018 Overview
  • 12. Locking Up Your Cloud Environment | 12 • Alignment to ISO 27001 Annex A / ISO 27002 • Public cloud PII protection control implementation guidance • Not intended to be a unique control set – e.g. A6.1.2 – segregation of duties • Recommendations not Requirements – Should v Shall 27018 Design
  • 13. Locking Up Your Cloud Environment | 13 • 14 supplemental controls to ISO 27001 Annex A – All domains but Asset Management; System Acquisition, Development, and Maintenance; Supplier Relationships; and Information Security Aspects of Business Continuity Management – A5 (1), A6 (1), A7 (1), A9 (2), A10 (1), A11 (1), A12 (4), A13 (1), A16 (1), A18 (1) 27018 Depth – Supplemental Controls
  • 14. Locking Up Your Cloud Environment | 14 • 25 extended controls (based on 11 privacy principles of ISO/IEC 29100) – Covers: • Consent and Choice; Purpose legitimacy and specification; Data minimization; Use, retention and disclosure limitation; Openness, transparency and notice; Accountability; Information security; and Privacy compliance – Act as additional control to complement that of Annex A 27017 Depth – Extended Controls
  • 15. Locking Up Your Cloud Environment | 15 • More unique than 27017 • Incorporation of privacy principles • Supplemental Control Example – A11.2.7– Secure disposal or re-use of equipment – Equipment containing storage media that may possibly contain PII should be treated as though it does • Extended control – A.4 – Data Minimization – Temporary files and documents should be erased or destroyed within a specified, documented period 27017 – How Unique?
  • 16. Locking Up Your Cloud Environment | 16 ISO 27017 and ISO 27018 Application
  • 17. Locking Up Your Cloud Environment | 17 • Modify the scope statement as applicable • Ensure appropriate inclusion through identification of: – Internal and external issues – Needs and expectations of interested parties – Interfaces and dependencies performed by the organization and those performed by other organization Design – Scope (Clause 4)
  • 18. Locking Up Your Cloud Environment | 18 • Identification of supplemental and extended controls through the risk assessment process • Controls should be necessary to mitigate risk applicable to scope • Apply appropriate treatment if necessary Design – Risk Assessment (Clause 6)
  • 19. Locking Up Your Cloud Environment | 19 • Incorporate supplemental / extended controls into the SOA • Justification of inclusion / exclusion still apply (for entire related standard) • Determine if the supplemental / extended control is in place Design – Statement of Applicability (Clause 6)
  • 20. Locking Up Your Cloud Environment | 20 • Modify the information security objectives as appropriate • Ensure to measure any modification to the information security objectives Design – Objectives (Clause 6)
  • 21. Locking Up Your Cloud Environment | 21 • Measure key supplemental / extended controls to ensure effectiveness • Ensure appropriate and proper criteria is applied • Include relevant personnel Monitoring – Measurement (Clause 9.1)
  • 22. Locking Up Your Cloud Environment | 22 • Incorporation into audit plan / program • Assessment of results • Planned remediation Monitoring – Internal Audit (Clause 9.2)
  • 23. Locking Up Your Cloud Environment | 23 ISO 27017 and ISO 27018 Audit Approach
  • 24. Locking Up Your Cloud Environment | 24 • Stage 2 incorporation of 27017 and/or 27018 • Statement of applicability acts as a audit road map Initial Certification
  • 25. Locking Up Your Cloud Environment | 25 • Perform regular maintenance review to ensure continued conformance and operating effectiveness of the ISMS • Apply heavier focus on inclusion of ISO 27017 and/or ISO 27018 Surveillance / Recertification
  • 26. Locking Up Your Cloud Environment | 26 • Specifically focus on inclusion of ISO 27017 and/or ISO 27018 • Assess relevant elements of ISMS and supplemental / extended controls Scope Expansion
  • 27. Locking Up Your Cloud Environment | 27 • Included as a part of the scope statement, related to SOA based on ISO 27017 and/or ISO 27018 • Available on certificate directory • No unique mark or certificate issued for ISO 27017 and/or ISO 27018 (i.e. unaccredited certificates) Inclusion on Certificate
  • 28. Locking Up Your Cloud Environment | 28 Market Acceptance of ISO 27017 and ISO 27018
  • 29. Locking Up Your Cloud Environment | 29 • Relatively new • Market adoption driven by customers and/or competitors • General cloud application v. CSA STAR Program ISO 27017
  • 30. Locking Up Your Cloud Environment | 30 • Greater acceptance • Withdrawal of Safe Harbor • Greater interest in privacy and security, specifically for cloud services ISO 27018
  • 31. Locking Up Your Cloud Environment | 31 Thank You