Information Security

IT governance by the cloud service provider is a significant concern for a cloud service customer, then customers are advised to establish whether a provider complies with one or more of these governance and management standards.

Cloud service customers must be aware that compliance with standards does not ensure effective security. In addition to confirming compliance, cloud customers must continually review service provider security controls to ensure they are properly defined and enforced.

There are also some standards that deal specifically with governance and management of information security, including the identification of risks and the implementation of security controls to address these risks.

The ISO/IEC 27000 series [1 9] of standards is probably the most widely recognized and used
set of standards relating to the security of ICT (Information and Communication Technology) systems. The core standards are 27001 and 27002, with 27001 containing the requirements relating to an information security management system and 27002 describing a series of controls that address specific aspects of the information security management system.

ISO/IEC 27001 is an advisory standard that is meant to be interpreted and applied to all types and sizes of organization s according to the information security risks they face.
In practice, this flexibility gives users a lot of latitude to adopt the detailed information security controls that make sense to them but can make compliance testing more complex than some other formal certification schemes.

ISO/IEC 27002 is a collection of security controls (often referred to as best practices) that are often used as a security standard.

Cloud service customers often have a requirement to audit the IT systems and related processes that they use.

Audit requirements can stem from the regulatory environment that applies to the customer,
or they may arise from business policies or IT security policies adopted by the customer organization.

The requirement to audit is likely to apply to the use of cloud services as well as to the in-house systems of the customer. As a result, there is a need to audit the systems and processes of the cloud service provider.

Site Selection

24/7 Operation of Data Center - Temperature and Relative Humidity Control

Materials

General Paths of Access

Planning Detail

Computer Room

Entrance Rooms

Mechanical Room

Electrical Room and UPS Room

Fire Suppression Room

Circulation

Equipment Staging and Storage

Floor Slab

Computer Room Wall Construction

Fire-Rated Construction

Access Control Systems

Airborne Particles

Access Flooring System

Ceilings

Equipment Bracing System

Structural Building Code Compliance and Coordination

Structural Concerns Specific to Data Center Design

Introduction

Transformers

On Site Generation

Availability

Electrical Class Ratings

UPS System

Synchronization

UPS Output Switchboards

Ties and Interconnections

UPS Output Distribution

Power Distribution Units (PDUs)

Direct Current (DC) Power Systems

Computer Room Equipment Power Distribution

Load Management

Automation and Control, Monitoring

Bonding, Grounding, Lightning Protection, and Surge Suppression

Building Ground (Electrode) Ring

Labeling and Signage

Introduction

Data center network cabling design

Outside Plant Cabling Infrastructure

Aerial Service Pathways

Service Providers

Application cabling lengths

Telecommunications Cabling Infrastructure Classes

Cabling Topology

Cable Tray Support Systems

Overhead Cable Trays

Underfloor Cable Trays

Backbone Cabling

Cabling Types

Cabling Installation

Telecommunications and Computer Cabinets and Racks

Cabinet Airflow and Cabling Capacity

Cabinet and Rack Installation

Thermal Management in Cabinets

Introduction

Data center infrastructure Tiers

N - Base requirement

Concurrent maintainability and testing capability

Capacity and scalability

Isolation

Data center tiering

Secure Operation

Introduction

Cloud Deployment Model

Cloud Service Model

Facilities

Organization-Human resources

Cloud Infrastructure

Asset management and monitoring

Cloud Security

Physical Security

Network and Infrastructure Security

Applications and Database Security

Security and Compliance

Information Security

Security Operations and Management