Certificate of Cloud Auditing Knowledge (CCAK) — Question 190

An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?

Answer options

• A. ISO/IEC 27701
• B. ISO/IEC 22301
• C. ISO/IEC 27002
• D. ISO/IEC 27017

Correct answer: D

Explanation

ISO/IEC 27017 is specifically designed to provide guidelines for information security controls to be implemented in cloud services, making it the most relevant standard for cloud migration. The other options, while relevant to information security, do not focus specifically on the cloud context, making them less suitable for guiding cloud-related controls.