nerdexam
Isaca

CCAK · Question #10

An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST as

The correct answer is D. ISO/IEC 27017. ISO/IEC 27017 is the cloud-specific extension to ISO/IEC 27002 that provides a code of practice for information security controls applicable to cloud services. It includes controls for both cloud service providers and cloud service customers, making it the ideal standard to consu

Cloud Compliance

Question

An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

Options

  • AISO/IEC 27701
  • BISO/IEC 22301
  • CISO/IEC 27002
  • DISO/IEC 27017

How the community answered

(41 responses)
  • A
    10% (4)
  • B
    7% (3)
  • C
    2% (1)
  • D
    80% (33)

Explanation

ISO/IEC 27017 is the cloud-specific extension to ISO/IEC 27002 that provides a code of practice for information security controls applicable to cloud services. It includes controls for both cloud service providers and cloud service customers, making it the ideal standard to consult when migrating infrastructure to the cloud within an existing ISO 27001 ISMS. ISO/IEC 27701 (A) addresses privacy management. ISO/IEC 22301 (B) covers business continuity. ISO/IEC 27002 (C) provides general security controls but lacks the cloud-specific guidance that ISO/IEC 27017 delivers.

Topics

#ISO 27017#Cloud Security Controls#Cloud Migration#Information Security Standards

Community Discussion

No community discussion yet for this question.

Full CCAK Practice