Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001?
The correct answer is:
**A. ISO/IEC 27017:2015**
ISO/IEC 27017:2015 is specifically designed to provide guidelines for information security controls applicable to cloud services, and it complements the implementation of an Information Security Management System (ISMS) based on ISO/IEC 27001. It offers additional cloud-specific guidance beyond the general controls outlined in ISO/IEC 27001 and ISO/IEC 27002, helping organizations select and apply controls tailored to cloud environments.
The ISO/IEC 27001 standard is broadly applicable to any organization, because it provides a specification for an Information Security Management System (ISMS). ISO/IEC 27002 describes controls that can be put in place to adhere to the ISO/IEC 27001 standard. Further building on these foundational pieces, ISO published ISO/IEC 27017, which provides guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls supplementing the guidance in ISO/IEC 27002. CCAK P# 134
A: ISO/IEC 27017:2015 - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CCAK Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Auditor2020
3 months agosai_murthy
10 months agoSAM6789
1 year, 7 months ago