Normenverzeichnis » Norm: ISO/IEC 27036-4

Beschreibung

Vermerk: Hinweis auf ISO/IEC 27036 (ff.)

Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Termsanddefinitions

4 Structure of this document

5 Key cloud concepts and security threats and risks

5.1 Characteristics of cloud computing
5.2 Cloud service threats and associated risks to the cloud service customer
5.3 Cloud service threats and associated risks for public cloud deployment model
5.4 Cloud service threats and associated risks for hybrid cloud deployment model
5.5 Cloud service threats and associated risks for private cloud deployment model

6 Information security controls in cloud service acquisition lifecycle

6.1 Agreement processes

6.1.1 Acquisition process
6.1.2 Supply process

6.2 Organizational project-enabling processes

6.3 Project processes

6.3.1 Project planning process
6.3.2 Project assessment and control process
6.3.3 Decision management process
6.3.4 Risk management process
6.3.5 Configuration management process
6.3.6 Information management process
6.3.7 Measurement process

6.4 Technical processes

6.4.1 Stakeholder requirements definition process
6.4.2 Requirements analysis process
6.4.3 Architectural design process
6.4.4 Implementation process
6.4.5 Integration process
6.4.6 Verification process
6.4.7 Transition process
6.4.8 Validation process
6.4.9 Operation process
6.4.10 Maintenance process
6.4.11 Disposal process

7 Information security controls in cloud service providers

7.1 Overview

7.1.1 Control sets related to cloud service deployment model
7.1.2 Setting information security controls at a cloud service provider

7.2 Public cloud deployment model

7.2.1 Infrastructure capabilities type
7.2.2 Platform capabilities type
7.2.3 Application capabilities type

7.3 Hybrid cloud deployment model

7.4 Private cloud deployment model

Annex A (informative) Information security standards for cloud providers

Bibliography