Question 16
UnclassifiedIsaca Certificate of Cloud Auditing Knowledge DUMPS BY Kelley 24-05-2024 8QA certscare - Page 4 Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an information security management system based on ISO/IEC 27001?
Correct answer: D
Explanation
ISO/IEC 27017:2015 is the cloud security standard that provides guidance for selecting and implementing controls for cloud services. It is intended to be used by organizations “for cloud services” when they “select controls” as part of an information security management system based on ISO/IEC 27001.
Why each option is right or wrong
A. ISO/IEC 27002
B. Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
C. NISTSP 800-146
D. ISO/IEC 27017:2015
ISO/IEC 27017:2015 is the cloud-specific extension to ISO/IEC 27002 and is expressly intended to provide guidance for cloud service security controls when an organization is implementing an ISMS under ISO/IEC 27001. The standard’s scope is to help cloud service customers and providers select and apply additional controls and implementation guidance for cloud services, rather than defining a standalone ISMS itself.