Page 1087 - Cloud computing: From paradigm to operation
P. 1087

Security                                                   7


                                                        Annex B

                      References on information security risk related to cloud computing

                   (This annex does not form an integral part of this Recommendation | International Standard.)

            Proper use of the information security controls provided by this Recommendation | International Standard
            relies  on  the  organization's  information  security  risk  assessment  and  treatment.  Although  these  are
            important subjects, the focus of this Recommendation | International Standard is not on the approach to
            information security risk assessment and treatment. Following is a list of references that include descriptions
            of the risk sources and risks in the provision and use of cloud services. It should be noted that risk sources
            and  risks  vary  according  to  the  type  and  nature  of the  service  and  the  emerging  technologies  of  cloud
            computing. Users of this Recommendation | International Standard are recommended to refer to the current
            versions of the documents as necessary.

            Recommendation ITU-T X.1601 (2014), Security framework for cloud computing.
            Australian Government Information Management Office 2013, Summary of Checkpoints in: Privacy and
            Cloud Computing for Australian Government Agencies, Better Practice Guide, Version 1.1, February,
            pg. 8.http://www.finance.gov.au/files/2013/02/privacy-and-cloud-computing-for-australian-government-
            agencies-v1.1.pdf
            Australian Government Cyber Security Centre 2015, Cloud Computing Security for Tenants – April.
            http://www.asd.gov.au/publications/protect/Cloud_Computing_Security_for_Tenants.pdf
            Australian Government Cyber Security Centre 2015, Cloud Computing Security for Cloud Service Providers –
            April.
            http://www.asd.gov.au/publications/protect/Cloud_Computing_Security_for_Cloud_Service_Providers.pdf
            Cloud Security Alliance 2014, Cloud Controls Matrix – January.

            ENISA 2009, Cloud Computing Security Risk Assessment – November.
            ENISA 2009, Cloud Computing Information Assurance Framework – November.

            Hong Kong OGCIO 2013, Security & Privacy Checklist for Cloud Service Providers in Handling Personal
            Identifiable Information in Cloud Platforms – April.
            Hong Kong OGCIO 2013, Security Checklists for Cloud Service Consumers – January.

            ISACA 2012, Security Considerations for Cloud Computing – July.
            NIST, SP 800-144 2011, Guidelines on Security and Privacy in Public Cloud Computing – December.

            NIST, SP 800-146 2012, Cloud Computing Synopsis and Recommendations – May.
            SPRING Singapore 2012, Annex A: Virtualisation Security Risk Assessment of Singapore Technical Reference
            30:2012 Technical Reference for virtualisation security for servers – March.
            SPRING Singapore 2012, Annex A: Checklist of security and service level considerations when reviewing SaaS
            of Singapore Technical Reference 31:2012 Technical Reference for security and service level guidelines for
            the usage of public cloud computing services – March.
            SPRING Singapore 2013, Annex A: Cloud Service Provider Disclosure of Singapore Standard SS 584:2013
            Specification for Multi-Tiered Cloud Computing Security – August.












                                                                                                        1079
   1082   1083   1084   1085   1086   1087   1088   1089   1090   1091   1092