Certificate of Cloud Auditing Knowledge (CCAK) — Question 71

Which of the following standards is designed to be used by organizations for cloud services that intend to select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001?

Answer options

• A. ISO/IEC 27017:2015
• B. CSA Cloud Control Matrix (CCM)
• C. NIST SP 800-146
• D. ISO/IEC 27002

Correct answer: A

Explanation

ISO/IEC 27017:2015 provides guidelines for information security controls applicable to the cloud environment, making it suitable for organizations implementing an Information Security Management System based on ISO/IEC 27001. The other options, while relevant to security and cloud controls, do not focus specifically on the selection of controls in conjunction with ISO/IEC 27001 like ISO/IEC 27017:2015 does.