Scribd
Upload
161 views5 pages

Cloud Security Standards Guide

This document outlines several common cloud security standards: ISO-27001 provides a specification for an information security management system; ISO-27017 establishes security standards for cloud service providers and consumers; ISO-27018 relates to protecting personally identifiable information in public clouds; the General Data Protection Regulation sets privacy and data protection rules for the European Union; the Payment Card Industry Data Security Standard provides requirements for protecting cardholder data; System and Organization Controls reporting gives assurance on risk management transparency and trust issues; and the Health Insurance Portability and Accountability Act facilitates security services to safeguard medical information and maintain data privacy in the United States.

Uploaded by

Velan G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
161 views5 pages

Cloud Security Standards Guide

This document outlines several common cloud security standards: ISO-27001 provides a specification for an information security management system; ISO-27017 establishes security standards for cloud service providers and consumers; ISO-27018 relates to protecting personally identifiable information in public clouds; the General Data Protection Regulation sets privacy and data protection rules for the European Union; the Payment Card Industry Data Security Standard provides requirements for protecting cardholder data; System and Organization Controls reporting gives assurance on risk management transparency and trust issues; and the Health Insurance Portability and Accountability Act facilitates security services to safeguard medical information and maintain data privacy in the United States.

Uploaded by

Velan G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Cloud Security Standard

Cloud Security Standard :

 For identifying and responding to network threats, refers to security


standards and organizational norms.

 Furthermore, a cloud security framework lays out the policies, tools,


configurations, and procedures that must be followed to keep a cloud
platform secure. 

1. ISO-27001:
Any Organization that has sensitive information can benefit from
ISO 27001 implementation. ISO-27001 contains a specification for an
Information Security Management System(ISMS).
2. ISO-27017:

 ISO-27017 is a security standard established for cloud service providers and


consumers with the goal of reducing the risk of a security incident in the cloud.

 In addition, it is also a standard for cloud-based organizations that helps with


control recommendations and implementation. 

3. ISO-27018:

 This standard relates to the protection of personally identifiable information


(PII) in public clouds acting as PII processors.
 You should consider compliance against this standard if you are a SaaS
provider processing PII.
4. General Data Protection Regulation (GDPR)
 Data protection and privacy regulation for the European Union. 
 You need to consider this if you store or process any personal data of European
Union citizens.
 It is essential to consider that any market or company collaborating with the EU is
subject to its rule.

5. Payment Card Industry Data Security Standard (PCI DSS)


 Payment Card Industry Data Security Standard is a security of information that only
applies to the organization that handles significant card schemes.
 Specific to Organisations handling cardholder information.
 This standard provides baseline technical and operations requirements for protecting
cardholder data.
6. System and Organisation Controls (SOC) Reporting :
 SOC (System and Organization Controls) reporting gives inclusive assurance
(SOC 1, SOC 2, SOC 2+ and SOC 3) to users about transparency and trust issues
on risk management.
 SOC reports provide suggestions to improvise on some specific areas and
identify gaps that are lagging with potential.

7. Health Insurance Portability and Accountability Act (HIPAA) :


 Health Insurance Portability and Accountability Act (HIPAA)  is the United
States constitution that facilitates security services to safeguard medical
information and maintain data privacy. 

You might also like