資訊安全處理的規範 PCI 與 Cloud Security Guide
這篇文章主要介紹 Cloud Security 相關業界的標準與參考資料
Cloud Security Alliance 這個組織為非營利機構,由許多資安專家共同制定 Cloud Security 的相關規範與建議。
參考資料如下:
Cloud Security
https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf
PCI 信用卡資料處理安全規範
https://www.pcisecuritystandards.org/security_standards/documents.php
https://www.pcisecuritystandards.org/documents/Prioritized_Approach_for_PCI_DSS_v3-1.pdf
https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
Cloud Controls Matrix 包含哪些業界標準呢?
https://cloudsecurityalliance.org/research/ccm/
- AICPA 2014 Trust Services Criteria
- Canada PIPEDA (Personal Information Protection Electronic Documents Act)
- COBIT 5.0
- COPPA (Children’s Online Privacy Protection Act)
- CSA Enterprise Architecture
- ENISA (European Network Information and Security Agency) Information Assurance Framework
- European Union Data Protection Directive 95/36/EC
- FERPA (Family Education and Rights Privacy Act)
- HIPAA/HITECH act and the Omnibus Rule
- ISO/IEC 27001:2013
- ITAR (International Traffic in Arms Regulation)
- Mexico – Federal Law on Protection of Personal Data Held by Private Parties
- NIST SP800-53 Rev 3 Appendix J
- NZISM (New Zealand Information Security Manual)
- ODCA (Open Data Center Alliance) Usage Model PAAS Interoperability Rev. 2.0
- PCI DSS v3