Assign topic to the user
1. Do you have a list of threats and vulnerabilities for cloud services?
Answer: We have some examples available in the Risk Assessment Table that comes with the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit, and here are some examples of threats and vulnerabilities from this document:
- Threats: changes in legal jurisdiction, customer's management interface compromising, supply chain failure, unauthorized network access, and resource exhaustion
- Vulnerabilities: weak passwords, inadequate isolation between tenants, and inadequate supervision of external suppliers
Another source I can recommend you it the white paper "The Treacherous 12 - Cloud Computing Top Threats in 2016" from the Cloud Security Alliance (CSA) at this link https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
2. Would it be possible to talk through our list of assets and threats and vulnerabilities with you?
Answer: Sure. Included in your toolkit you have 2 web conferences with an expert + review of 5 documents you filled in. You just need to schedule a meeting with me at https://www.meetme.so/dejankosutic
Comment as guest or Sign in
Mar 16, 2017