This standard will provide guidance on the
privacy elements/aspects of public clouds. It will be accompanied by ISO/IEC 27017 covering the wider information
security angles.
The standard is not intended to duplicate or
modify ISO/IEC 27002 in relation to cloud
computing but will presumably add control objectives and controls relevant to
the protection of privacy and personal data in the cloud.
The project has widespread support from national
bodies plus the Cloud Security Alliance.
Content
The first Working Draft of this standard is similar in style to ISO/IEC 27015 (the information security management guidelines for financial services) in that it builds on ISO/IEC 27002, expanding on its advice in particular areas.
Status of the standard
The 1st WD is available to members of SC27 for review and contributions.
Publication is possible in 2013, especially
if it turns out that the revised version of ISO/IEC 27002 covers most of the
applicable security controls adequately without further elaboration.
Source:
0 yorum:
Yorum Gönder