資訊安全處理的規範 PCI 與 Cloud Security Guide

資訊安全處理的規範 PCI 與 Cloud Security Guide

CCM Domains

這篇文章主要介紹 Cloud Security 相關業界的標準與參考資料

Cloud Security Alliance 這個組織為非營利機構,由許多資安專家共同制定 Cloud Security 的相關規範與建議。

參考資料如下:

Cloud Security

https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf

https://cloudsecurityalliance.org/download/security-guidance-for-critical-areas-of-focus-in-cloud-computing-v3/

 

PCI 信用卡資料處理安全規範

https://www.pcisecuritystandards.org/security_standards/documents.php

https://www.pcisecuritystandards.org/documents/Prioritized_Approach_for_PCI_DSS_v3-1.pdf

https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf

 

Cloud Controls Matrix 包含哪些業界標準呢?

https://cloudsecurityalliance.org/research/ccm/

  • AICPA 2014 Trust Services Criteria
  • Canada PIPEDA (Personal Information Protection Electronic Documents Act)
  • COBIT 5.0
  • COPPA (Children’s Online Privacy Protection Act)
  • CSA Enterprise Architecture
  • ENISA (European Network Information and Security Agency) Information Assurance Framework
  • European Union Data Protection Directive 95/36/EC
  • FERPA (Family Education and Rights Privacy Act)
  • HIPAA/HITECH act and the Omnibus Rule
  • ISO/IEC 27001:2013
  • ITAR (International Traffic in Arms Regulation)
  • Mexico – Federal Law on Protection of Personal Data Held by Private Parties
  • NIST SP800-53 Rev 3 Appendix J
  • NZISM (New Zealand Information Security Manual)
  • ODCA (Open Data Center Alliance) Usage Model PAAS Interoperability Rev. 2.0
  • PCI DSS v3

Leave a Reply

Your email address will not be published.