ISO/IEC 27017 — Implementation
This is anindividual assignmentthat I did under the Enterprise Standards for Information Security module when I was in the 3rd year 2nd semester. It is basically a toolkit I prepared forISO/IEC 27017:2015standard. Here I will share an brief overview of toolkit implementation.
Acknowledgement
I thank Mr Kanishka Yapa, (Sri Lanka Institute of Information Technology) the lecturer in charge, for granting us a chance to conduct this toolkit implementation with guidance. This work was supported in part by the Research Groups Faculty of Computing, Department of Computer Systems Engineering under Grant Enterprise Standards for Information Security - IE3102.
A brief overview of ISO 27017
This security standard provides guidelines for information security controls applicable to the provision and use of cloud services. The objectives of operations security are to support the planning and sustaining of day-to-day processes that are critical concerning the security of information environments. As the name suggests, this is a standard related to cloud services.
Actually, it is an extension of ISO-27002 incorporating clauses specific to information security in the context of the cloud. This standard provides guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls supplementing the guidance in ISO/IEC 27002 and other ISO27k standards such as ISO 27001, etc.
The cloud service customers and the cloud service providers can refer to ISO/IEC 27002 and this Recommended International Standard ISO/IEC 27017 to select controls with the implementation guidance, and add other controls if necessary. This process can be done by performing an information security risk assessment and risk treatment in the organizational and business context where cloud services are used or provided. So, that's the basic understanding of the ISO 27017 standard.
Since It's a lengthy process, I'm not planning to discuss the implementation process from top to bottom here. Nevertheless, you can get a clear idea by referring above slides. You can send me an email requesting ISO/IEC 27017 toolkit. It includes Documentations, Excel workbooks and Presentations of the Guidance video, Business case, SOA, Checklist, DR, Policy,... and so on.
Stay with the Blog of Shehan for more updates!
