CCAK · Question #10
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST as
The correct answer is D. ISO/IEC 27017. ISO/IEC 27017 is the cloud-specific extension to ISO/IEC 27002 that provides a code of practice for information security controls applicable to cloud services. It includes controls for both cloud service providers and cloud service customers, making it the ideal standard to consu
Question
An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
Options
- AISO/IEC 27701
- BISO/IEC 22301
- CISO/IEC 27002
- DISO/IEC 27017
How the community answered
(41 responses)- A10% (4)
- B7% (3)
- C2% (1)
- D80% (33)
Explanation
ISO/IEC 27017 is the cloud-specific extension to ISO/IEC 27002 that provides a code of practice for information security controls applicable to cloud services. It includes controls for both cloud service providers and cloud service customers, making it the ideal standard to consult when migrating infrastructure to the cloud within an existing ISO 27001 ISMS. ISO/IEC 27701 (A) addresses privacy management. ISO/IEC 22301 (B) covers business continuity. ISO/IEC 27002 (C) provides general security controls but lacks the cloud-specific guidance that ISO/IEC 27017 delivers.
Topics
Community Discussion
No community discussion yet for this question.