Connect with us

Hi, what are you looking for?

Information Security

ISO/IEC 27070

Information technology — Security techniques — Criteria for establishing virtualized roots of trust [Draft]

Introduction

In trusted computing, a Hardware Security Module provides various cryptographic functions in a physically secure enclosure, however, this architecture is not well suited for cloud computing. System virtualization, mobility, and scalability in the cloud mean that systems cannot readily access and rely on fixed hardware like HSMs.

Scope and objectives

As part of the standard, information security controls will be specified that will enable and protect such a ‘virtualized root of trust.’

The content

There are two main sections in the draft standard: a functional view and an activity view.

The standard’s status

Currently, in Draft International Standard status, this standard is likely to be released by the end of this year.

Commentary

Typically, the term ‘trusted computing’ refers to secure systems intended for use by governments or militaries for processing highly confidential data.

Trusted computing environments are created in the cloud by leveraging dynamically created virtual machines, a concept called “virtualized roots of trust.” The implications for trust, risk and security are so vast that I am unable to imagine them.

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...