John Dimaria, CSSBB, HISP, MHISP, AMBCI, ISO, Product Manager, BSI Group
New technologies such as cloud computing have much improved the ability for organizations to electronically record, store, transfer and share information. While these technologies have shown to improve the compute and delivery of data, they also create serious questions about access and protection to this information. While it has been argued that privacy is a separate issue from security, that could not be farther from the truth. Security and Privacy together must form an overall information security management system that is holistic in nature and integrates the efforts around both security and privacy. ISO/IEC 27018 is the first international standard to focus on privacy in the cloud taking into consideration the regulatory requirements for the protection of Personally Identifiable Information (PII) and provides an auditable policy framework for privacy compliance. It establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in the cloud. This presentation will provide an overview of ISO/IEC 27018, best practices on its use, how it integrates with ISO/IEC 27001 and the recent release of ISO/IEC 27017.