Norm: ISO/IEC 27036-4

Zuletzt bearbeitet am 15.04.2024 um 10:34:18.
Name:
ISO/IEC 27036-4
Titel (Deutsch):
Informationstechnik - IT-Sicherheitsverfahren - Informationssicherheit für Zulieferbeziehungen - Teil 4: Leitlinien für die Sicherheit von Cloud-Diensten
Titel (Englisch):
Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services
letzte Aktualisierung:
:2016-10
letzte Aktualisierung:
01.10.2016
Seiten:
21

Systematik

Beschreibung

Vermerk: Hinweis auf ISO/IEC 27036 (ff.)

Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Termsanddefinitions

4 Structure of this document

5 Key cloud concepts and security threats and risks

5.1 Characteristics of cloud computing
5.2 Cloud service threats and associated risks to the cloud service customer
5.3 Cloud service threats and associated risks for public cloud deployment model
5.4 Cloud service threats and associated risks for hybrid cloud deployment model
5.5 Cloud service threats and associated risks for private cloud deployment model

6 Information security controls in cloud service acquisition lifecycle

6.1 Agreement processes

6.1.1 Acquisition process
6.1.2 Supply process

6.2 Organizational project-enabling processes

6.3 Project processes

6.3.1 Project planning process
6.3.2 Project assessment and control process
6.3.3 Decision management process
6.3.4 Risk management process
6.3.5 Configuration management process
6.3.6 Information management process
6.3.7 Measurement process

6.4 Technical processes

6.4.1 Stakeholder requirements definition process
6.4.2 Requirements analysis process
6.4.3 Architectural design process
6.4.4 Implementation process
6.4.5 Integration process
6.4.6 Verification process
6.4.7 Transition process
6.4.8 Validation process
6.4.9 Operation process
6.4.10 Maintenance process
6.4.11 Disposal process

7 Information security controls in cloud service providers

7.1 Overview

7.1.1 Control sets related to cloud service deployment model
7.1.2 Setting information security controls at a cloud service provider

7.2 Public cloud deployment model

7.2.1 Infrastructure capabilities type
7.2.2 Platform capabilities type
7.2.3 Application capabilities type

7.3 Hybrid cloud deployment model

7.4 Private cloud deployment model

Annex A (informative) Information security standards for cloud providers

Bibliography