News

Cloud Security Alliance teams with ISO on cloud security standards

SearchCloudSecurity Staff

The Cloud Security Alliance on Wednesday announced a partnership with the International Organization for Standardization to develop cloud security standards.

The partnership,

    Requires Free Membership to View

which was announced at the CSA Summit at Infosecurity Europe in London, involves the CSA, establishing a Category C liaison relationship with ISO/International Electrotechnical Commission’s Joint Technical Committee 1/Sub Committee 27 (JTC 1/SC27). According to the CSA, Category C liaisons are organizations that “make an effective technical contribution and participate actively” in the working groups under SC 27.

The CSA said it will initially collaborate on two projects with the SC 27: A new work item proposal for cloud security that reinforces work done on the Code of Practice for Information Security Management within the ISO/IEC 27002 standard, and a new section on information security for supplier relationships under the ISO/IEC 27036 standard.

“The security and privacy of cloud computing services are an ever-growing concern to users and consumers of these services,” SC 27 Chairman Walter Fumy said in a prepared statement. “ISO/IEC JTC 1/SC 27 is now embarking on the development of a series of standards that will address the security and privacy issues of cloud computing services.”

The cooperation with the CSA, he said, “adds significant value to this work … as it facilities an important communication channel for the promotion of cloud computing security standards amongst the security community.”

Dave Cullinane, CSA chairman of the board, said in a prepared statement: “By working closely with the ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now.”

The non-profit CSA is a coalition of security practitioners, industry experts and vendors. The group, which has more than 13,000 members, has published security guidance on the critical areas of focus for cloud computing, a paper on top cloud computing threats, and last fall released the CSA Governance, Risk Management and Compliance Stack. The GRC stack is a set of three free tools designed to help companies, cloud providers and others to assess both private and public clouds against industry standards, best practices and compliance requirements.

 


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: