Chapter 3: Detailed security objectives

Part 6.2 of the Code refers to ISO 27001 “domains” – i.e. the broad categories in Annex A of ISO 27001 that contain specific information security control sets and the individual controls within them.

For example, the ‘Human resource security’ domain (A.7) contains three control sets:

1.A.7.1 – Prior to employment;

2.A.7.2 – During employment; and

3.A.7.3 – Termination and change of employment.

Within those three control sets there are six individual security controls.

Some of the Code’s security objectives require the organisation to implement entire domains, while others are limited to specific control sets within those domains, but the Code uses ‘domain’ to refer to both. This book will use the terms ...

Get EU Code of Conduct for Cloud Service Providers - A guide to compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EU Code of Conduct for Cloud Service Providers - A guide to compliance by Alan Calder

CHAPTER 3: DETAILED SECURITY OBJECTIVES

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly