Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a)
To certify cloud applications organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial services to the cloud. What are the security and privacy requirements to be addressed? This session will present the standards for ISO 27017 (cloud security) and ISO 27018 (PII protection in the cloud). Best practices are given for conducting Risk Assessments for newly-offered cloud services.