Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?

CCAK V1 0 Comments

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?
A . ISO/IEC 27017:2015
B . ISO/IEC 27002
C . NIST SP 800-146
D . Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

Answer: A

Explanation:

ISO/IEC 27017:2015 is a standard that provides guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002, as well as additional controls with implementation guidance that specifically relate to cloud services1. ISO/IEC 27017:2015 is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 270011. ISO/IEC 27001 is a standard that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

ISO/IEC 27002 is a standard that provides a code of practice for information security controls, but it does not provide specific guidance for cloud services. NIST SP 800-146 is a publication that provides an overview of cloud computing, its characteristics, service models, deployment models, and security considerations, but it does not provide a standard for selecting controls for cloud services. CSA CCM is a framework that provides detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains, but it is not a standard that is based on ISO/IEC 27001.

Reference: ISO/IEC 27017:2015

[ISO/IEC 27001:2013]

[ISO/IEC 27002:2013]

[NIST SP 800-146]

[CSA CCM]

Latest CCAK Dumps Valid Version with 76 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CCAK PDF     CCAK Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments