Page 1051 - Cloud computing: From paradigm to operation

P. 1051

Security 7

Table of Contents

1 Scope
2 Normative references
2.1 Identical Recommendations | International Standards
2.2 Additional References

3 Definitions and abbreviations
3.1 Terms defined elsewhere
3.2 Abbreviations

4 Cloud sector-specific concepts
4.1 Overview
4.2 Supplier relationships in cloud services
4.3 Relationships between cloud service customers and cloud service providers
4.4 Managing information security risks in cloud services

4.5 Structure of this standard
5 Information security policies
5.1 Management direction for information security

6 Organization of information security
6.1 Internal organization
6.2 Mobile devices and teleworking
7 Human resource security

7.1 Prior to employment
7.2 During employment
7.3 Termination and change of employment

8 Asset management
8.1 Responsibility for assets
8.2 Information classification
8.3 Media handling
9 Access control

9.1 Business requirements of access control
9.2 User access management
9.3 User responsibilities
9.4 System and application access control

10 Cryptography
10.1 Cryptographic controls
11 Physical and environmental security
11.1 Secure areas
11.2 Equipment

12 Operations security
12.1 Operational procedures and responsibilities
12.2 Protection from malware

1043

1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056