Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • What Is ISO/IEC 27017?
  • Data Breach
  • Vulnerabilities

What Is ISO/IEC 27017?

4 years ago Joe Pettit
What Is ISO/IEC 27017?

More than a third of organizations suffered a serious cloud security incident in 2021. According to a survey of 300 cloud professionals covered by BetaNews, 36% of those respondents said that their organizations had suffered a severe cloud security data leak or breach in the past 12 months. Looking forward, eight in 10 survey participants said they were worried that they were vulnerable to a data breach related to a cloud misconfiguration. Slightly fewer (64%) said that the problem will remain the same or worsen over the next year.

To avoid falling victim to one of these types of incidents, organizations need to take a strategic approach to their cloud security. They can do so using ISO/IEC 27017. Let’s explore how below.

What Is ISO/IEC 27017?

Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 27017 lays out guidelines that support cloud service customers and cloud service providers (CSPS) in their implementation of information security controls. Some of those guidelines pertain to cloud service customers; some of them pertain to CSPs. Even then, the applicability of those guidelines vary depending on the results of their risk assessments and the specific nature of their security requirements.

By design, ISO 27017 complements the guidelines of ISO/IEC 27001/207702 with a focus on major control areas including asset management and return, access control, physical security, and compliance, per Continuum GRC. The International Standard does go on to suggest seven new controls, however. Advisera identifies these security measures as follows:

  • 6.3.1: Shared roles and responsibilities within a cloud computing environment
  • 8.1.5: Removal of cloud service customer assets
  • 9.5.1: Segregation in virtual computing environments
  • 9.5.2: Virtual machine hardening
  • 12.1.5: Administrator’s operational security
  • 12.4.5: Monitoring of cloud services
  • 13.1.4: Alignment of security management for virtual and physical networks

Why ISO/IEC 27017 Compliance Is Important…

Cloud service customers can reap several benefits by complying with ISO/IEC 27017. First, Renad Al Majd points out that they can grow their levels of customer confidence by demonstrating their interest in protecting their cloud-based systems and assets. Customers might be more inclined to do business with an organization if they know that they’re working to safeguard their data.

Cloud service providers can grow their reputations beyond the eyes of customers, as well. By adhering to ISO 27017, organizations can lay out a long-term investment strategy for growing their commitment to cloud security. Potential investors can then look to those organizations as responsible partners with which they can do business going forward.

Finally, organizations can use ISO/IEC 27017 to secure their reputation and business interests. By complying with the International Standard through the lens of a broader security program, they can reduce the risk of regulatory fines and penalties associated with other compliance programs such as the European Union’s General Data Protection Regulation (GDPR). Doing this will help them to avoid falling to a breach and suffering damage to their brand in the process.

…And Why Organizations Might Need Help Along the Way

Organizations might need help fulfilling the guidelines specified by ISO/IEC 27017, however. In the survey covered BetaNews, at least 20% of cloud professionals said that alert fatigue, false positives, and human error was hindering their cloud security efforts. More than a third (36%) of professionals said that they were struggling to hire and retain cloud security experts, while about the same proportion said that they were facing problems training their cloud teams on security.

These skills gap challenges aren’t unique to cloud security, either. In a 2020 survey, for instance, 83% of security professionals told Tripwire that they felt more overworked at the start of 2020 than they did in the beginning of 2019. Approximately the same percentage indicated that their teams were understaffed and that it had become more difficult for their organizations to hire trained talent over the past few years.

That’s Where Tripwire Can Help

Fortunately, organizations don’t need to work towards ISO/IEC 27017 compliance on their own. They can work with Tripwire to ensure their security in the cloud. Indeed, Tripwire’s file integrity monitoring (FIM), security configuration management (SCM), and vulnerability management (VM) capabilities apply to organizations’ assets where they’re on premises or in the cloud. Tripwire’s configuration management tool provides additional security coverage, helping customers to manage the configurations of their third-party Software-as-a-Service (SaaS) applications such as Salesforce and Zoom so that they can protect them against attacks—all while automating policy management for overworked security and compliance teams.

Streamline your cloud security efforts with Tripwire.

The post ” What Is ISO/IEC 27017?” appeared first on TripWire

Source:TripWire – Joe Pettit

Tags: Cloud, Compliance, Finance, TripWire, Zoom

Continue Reading

Previous Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability
Next New Emotet Variant Stealing Users’ Credit Card Information from Google Chrome

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

20 hours ago [email protected] (The Hacker News)

Recent Posts

  • APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
  • Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
  • Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
  • Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
  • OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT