There are several Information Security frameworks, standards, certifications and guides to maintain security in an organization.
Would you share which one is best for said purpose?
@ Sergio Castro, Thanks for your suggestions, I worked with Cloud Security Alliance in their Cloud Controls Matrix V.1.14 and at present, cloud organizations are implementing COBIT and ISO etc for their information security but these standards are for traditional IT not particular for Cloud Computing.
The CSA Matrix also taken from different standards and as per my research, these standards does not provide 100% information security measures to Cloud organizations.
@Jairo Gutierrez, Thanks alot for file sharing. let me study it but it is not information Security framework.
Thanks again buddy
@Sergio, Moreover, COBIT is IT governance framework and it has only few processes for Info Security.
There are lot of issues, to read about these, you have to study NIST SP 800-146 (Chapter 8)
some time, the cloud service provider is also a act as a cloud user because he also render some sort of services from external party.
So the controls defined by the NIST can also used by the CSP
Hi. Three special ISO standards 27017, 27036-4and 27018 are expected next year
I think ISO 27001:2013 is a very useful standard to follow to obtain a good level of security.
The Annex A (controls) permits to reach also a good cloud security level.
The Annex A is really crosswise in Information Technology.
I have presented in a paper (in press) as Annex A of ISO 27001 permits also to obtain an high level of security of a wifi infrastructure.
So i suggest to consider ISO 27001, ISO 27002 and CSA Cloud Controls Matrix.
Italy is becoming more sensitive to this issue, thanks to the current obligation about the electronic storage of invoices to general government.
Thanks Mr. Santarcangelo for your precious advice. Now in days, i am working on it.
Where is Annex A?
The ANNEX A is in the final pages of ISO 27001:2013. Annex A is a list of great importance to carry out checks and implementations related to information security. It is a list of 114 controls (best practices), grouped into 35 control objectives, which are grouped into 14 key points, labeled from A.5 to A.18. You can find the implementation of Annex A in the ISO 27002:2013.
I worked on ISO 27001:2005 to develop "SLA based information Security Metrics in Cloud Computing". My book on this title is also available on internet but i do not have ISO 27001:2013 version. Would you please send me on my mail box so i may also work on it.
Thanking you in anticipation
Congratulation for your paper! It is a very interesting analysis.
The ISO 27001:2013 is protected by Copyright and can be found on http://www.iso.org/iso/catalogue_detail?csnumber=54534 .
You can read the ANNEX A controls list at this blog : http://www.iso27001standard.com/blog/2014/02/10/overview-of-iso-270012013-annex-a/
I suggest you to take also the ISO 27002:2013 that is the implementation of the AnnexA's controls.
Best regards,
Vito.
Thanks Vito for your appreciation and Acknowledge. It is Book not paper. I will find out ISO 27001:20013 on internet :)
Warm Regards
Muhammad Imran Tariq
- Badges
- Science method