Certified Cloud Security Professional (CCSP) — Question 368

With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.
Which standard from the ISO/IEC was designed specifically for cloud computing?

Answer options

• A. ISO/IEC 27001
• B. ISO/IEC 19889
• C. ISO/IEC 27001:2015
• D. ISO/IEC 27018

Correct answer: D

Explanation

ISO/IEC 27018 is the standard that focuses on the protection of personal data in the cloud, making it the correct answer. The other options, while related to information security, do not specifically target cloud computing and are therefore not the right choice for this context.