Page 1073 - Cloud computing: From paradigm to operation
P. 1073

Security                                                   7


            Implementation guidance for cloud services

                          Cloud service customer                          Cloud service provider

             The cloud service customer should request information   The cloud service provider should provide information
             about the clock synchronization used for the cloud   to the cloud service customer regarding the clock used
             service provider's systems.                      by the cloud service provider's systems, and information
                                                              about how the cloud service customer can synchronize
                                                              local clocks with the cloud service clock.

            Other information for cloud services
            It is necessary to consider clock synchronization of the cloud service customer's systems with cloud service
            provider's  systems,  which  run  the  cloud  services  used  by  the  cloud  service  customer.  Without  such
            synchronization, it can be difficult to reconcile events on the cloud service customer's systems with events
            on the cloud service provider's systems.

            12.5    Control of operational software

            The objective specified in clause 12.5 of ISO/IEC 27002 applies.

            12.5.1  Installation of software on operational systems
            Control 12.5.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            12.6    Technical vulnerability management
            The objective specified in clause 12.6 of ISO/IEC 27002 applies.

            12.6.1  Management of technical vulnerabilities
            Control 12.6.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.

            Implementation guidance for cloud services

                          Cloud service customer                          Cloud service provider
             The cloud service customer should request information   The cloud service provider should make available to the
             from the cloud service provider about the management   cloud service customer information about the
             of technical vulnerabilities that can affect the cloud   management of technical vulnerabilities that can affect
             services provided. The cloud service customer should   the cloud services provided.
             identify the technical vulnerabilities it will be
             responsible to manage, and clearly define a process for
             managing them.

            12.6.2  Restrictions on software installation

            Control 12.6.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.


            12.7    Information systems audit considerations
            The objective specified in clause 12.7 of ISO/IEC 27002 applies.

            12.7.1  Information systems audit controls
            Control 12.7.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.







                                                                                                        1065
   1068   1069   1070   1071   1072   1073   1074   1075   1076   1077   1078