Exam CCAK topic 1 question 104 discussion

The best option for implementing an Information Security Management System (ISMS) that covers both on-premise and cloud infrastructure is: **B. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.** ISO/IEC 27001 provides a framework for establishing, implementing, maintaining, and continually improving an ISMS, which is applicable to any organization regardless of its size or sector. It sets out the criteria for an ISMS and is the primary standard for information security management. ISO/IEC 27017 offers additional guidance on information security controls specifically tailored for cloud services. This standard is particularly useful when the ISMS scope includes cloud infrastructure, as it provides cloud-specific controls and additional guidance that complement the general controls found in ISO/IEC 27001. Together, ISO/IEC 27001 and ISO/IEC 27017 provide a comprehensive foundation for managing security in both on-premise and cloud environments.

D, As NIST will provide Cloud Specific Controls

B is the correct answer.

The ISO/IEC 27001 standard is broadly applicable to any organization, because it provides a specification for an Information Security Management System (ISMS). ISO/IEC 27002 describes controls that can be put in place to adhere to the ISO/IEC 27001 standard. Further building on these foundational pieces, ISO published ISO/IEC 27017, which provides guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls supplementing the guidance in ISO/IEC 27002. CCAK P# 134