Page 1069 - Cloud computing: From paradigm to operation
P. 1069

Security                                                   7


            11.2.3  Cabling security

            Control 11.2.3 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            11.2.4  Equipment maintenance

            Control 11.2.4 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            11.2.5  Removal of assets
            Control 11.2.5 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            11.2.6  Security of equipment and assets off-premises
            Control 11.2.6 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            11.2.7  Secure disposal or reuse of equipment

            Control 11.2.7 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.
            Implementation guidance for cloud services

                          Cloud service customer                           Cloud service provider

             The cloud service customer should request confirmation   The cloud service provider should ensure that
             that the cloud service provider has the policies and   arrangements are made for the secure disposal or reuse
             procedures for secure disposal or reuse of resources.   of resources (e.g., equipment, data storage, files,
                                                              memory) in a timely manner.

            Other information for cloud services

            Additional information about secure disposal can be found in ISO/IEC 27040.

            11.2.8  Unattended user equipment
            Control 11.2.8 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            11.2.9  Clear desk and clear screen policy

            Control 11.2.9 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.


            12      Operations security


            12.1    Operational procedures and responsibilities
            The objective specified in clause 12.1 of ISO/IEC 27002 applies.

            12.1.1  Documented operating procedures
            Control 12.1.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            12.1.2  Change management
            Control 12.1.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.




                                                                                                        1061
   1064   1065   1066   1067   1068   1069   1070   1071   1072   1073   1074