- Processing integrity
ISO/IEC 27001 certification: ISO/IEC 27001 sets out standards that require management to examine the information security risks associated with a specific part of the organization’s assets. (Note: Certification is limited to the specified area within the organization). The objectives of this process are to ensure confidentiality, integrity and availability of information. The process must consider the vulnerabilities, threats and their potential impact, and plan a response to the identified risks. This response may be to avoid the risk, to transfer the risk or to implement a set of controls to manage the risks. The standard identifies 134 controls and provides detailed advice on this subject These controls cover the following areas:
- Organization and Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Maintenance and Control
- Information Security Incident Management
- Business Continuity Management.
Trust in the cloud depends upon an enterprise’s needs, the provider’s processes and independent auditing. Choose the right cloud service and delivery model based on business need and risk appetite. It is vital to understand the value and sensitivity of data moved to the cloud. Make sure that the service is clearly specified together with the controls. Remember to monitor the controls and understand what independent certifications and audit reports mean. Finally, “Trust but verify.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.