7                                                     Security


            SPRING Singapore 2012, Annex B: Checklist of security and service level considerations when reviewing IaaS
            of Singapore Technical Reference 31:2012 Technical Reference for security and service level guidelines for
            the usage of public cloud computing services – March.

            SPRING Singapore 2013, Singapore Standard SS 584:2013 Specification for Multi-Tiered Cloud Computing
            Security – August.

            SPRING Singapore 2012, Singapore Technical Reference 30:2012 Technical Reference for virtualisation
            security for servers – March.
            SPRING Singapore 2012, Singapore Technical Reference 31:2012 Technical Reference for security and
            service level guidelines for the usage of public cloud computing services – March.
            US Government FedRAMP PMO 2014, FedRAMP Security Controls Baseline Version 2.0 – June.




                                                     Bibliography

            –       Recommendation ITU-T X.805 (2003), Security architecture for systems providing end-to-end
                    communications.
            –       ISO/IEC 17203:2011, Information technology – Open Virtualization Format (OVF) specification.
            –       ISO/IEC 27001:2013, Information technology – Security techniques – Information security
                    management systems – Requirements.
            –       ISO/IEC 27005:2011, Information technology – Security techniques – Information security risk
                    management.
            –       ISO/IEC 27018:2014, Information technology – Security techniques – Code of practice for protection
                    of personally identifiable information (PII) in public clouds acting as PII processors.
            –       ISO/IEC 27036-1:2014, Information technology – Security techniques – Information security for
                    supplier relationships – Part 1: Overview and concepts.
            –       ISO/IEC 27036-2:2014, Information technology – Security techniques – Information security for
                    supplier relationships – Part 2: Requirements.
            –       ISO/IEC 27036-3:2013, Information technology – Security techniques – Information security for
                    supplier relationships – Part 3: Guidelines for information and communication technology supply
                    chain security.
            –       ISO/IEC CD 27036-4, Information technology – Security techniques – Information security for
                    supplier relationships – Part 4: Guidelines for security of cloud services – (Under development).
            –       ISO/IEC 27040:2015, Information technology – Security techniques – Storage security.
            –       ISO 19440:2007, Enterprise integration – Constructs for enterprise modelling.
            –       ISO 31000:2009, Risk management – Principles and guidelines.

            –       NIST, SP 800-145 2011, The NIST Definition of Cloud Computing.
            –       NIST 2009, Effectively and Securely Using the Cloud Computing Paradigm.
            –       ENISA 2009, Cloud Computing Benefits, risks and recommendations for information security.
            –       Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing V3.0.
            –       Cloud Security Alliance, Top Threats to Cloud Computing V1.0.
            –       Cloud Security Alliance, Domain 12: Guidance for Identity & Access Management V2.1.
            –       ISACA, Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives.
            –       ISACA, Cloud Computing Management Audit/Assurance Program.





            1080