expand for answer
ISO/IEC 27018
ISO/IEC 27018 addresses the privacy aspects of cloud computing for consumers and is the first international set of privacy controls in the cloud.
Similar items:
<p>NIST Cloud Computing Security Reference Architecture</p><p>The purpose of this document is to define a NIST Cloud Computing Security Reference Architecture (NCC-SRA)--a framework that: <br>1. Identifies a core set of Security Components that can be implemented in a Cloud Ecosystem to secure the environment, the operations, and the data migrated to the cloud; <br>2. Provides, for each Cloud Actor, the core set of Security Components that fall under their responsibilities depending on the deployment and service models; <br>3. Defines a security-centric formal architectural model that adds a security layer to the current NIST SP 500-292, "NIST Cloud Computing Reference Architecture"; and <br>4. Provides several approaches for analyzing the collected and aggregated data.</p>
[view]
[view]
<p>A security controls framework that provides mapping/cross relationships with the main industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA’s COBIT, and PCI-DSS</p><p>The CSA CCM (Cloud Controls Matrix) provides fundamental security principles that guide cloud vendors and assist prospective cloud customers in assessing the overall security risk of a cloud provider.<br></p>
[view]
[view]
<p>NIST 800-146, titled Cloud Computing Synopsis and Recommendations, reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, and provides an overview of major classes of cloud technology</p>
[view]
[view]
<p>Cloud sprawl is the uncontrolled proliferation of an organization's cloud instances, services or providers. Cloud sprawl typically occurs when an organization lacks visibility into or control over its cloud computing resources.</p>
[view]
[view]
<p>ISO/IEC 27034 Application Security Controls offers guidance on information security to those specifying, designing and programming or procuring, implementing and using application systems, in other words business and IT managers, developers and auditors, and ultimately the end-users of ICT. The aim is to ensure that computer applications deliver the desired or necessary level of security in support of the organization’s Information Security Management System, adequately addressing many ICT security risks.<br></p>
[view]
[view]
There are no comments yet.