LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Cloud risks

  Quote
Guest
Guest user Created:   Mar 16, 2017 Last commented:   Mar 16, 2017

Cloud risks

We signed up for Conformio and are using the ISO 27001 Toolkit. We have defined the scope, listed the assets and are currently working through the threats and vulnerabilities. We have limited the scope to our main application that relies heavily on cloud services. My questions are as follows:
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 16, 2017

1. Do you have a list of threats and vulnerabilities for cloud services?

Answer: We have some examples available in the Risk Assessment Table that comes with the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit, and here are some examples of threats and vulnerabilities from this document:
- Threats: changes in legal jurisdiction, customer's management interface compromising, supply chain failure, unauthorized network access, and resource exhaustion
- Vulnerabilities: weak passwords, inadequate isolation between tenants, and inadequate supervision of external suppliers

Another source I can recommend you it the white paper "The Treacherous 12 - Cloud Computing Top Threats in 2016" from the Cloud Security Alliance (CSA) at this link https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

2. Would it be possible to talk through our list of assets and threats and vulnerabilities with you?

Answer: Sure. Included in your toolkit you have 2 web conferences with an expert + review of 5 documents you filled in. You just need to schedule a meeting with me at https://www.meetme.so/dejankosutic
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 16, 2017

Mar 16, 2017

Suggested Topics