The ISO 27034-1 standard provides a very valuable framework for implementing cloud application security. The standard's underlying principles include the following:
- Security requirements are defined and analyzed throughout the application's life cycle and managed continually.
- Application risks are influenced by security requirement type and scope, which are driven by (1) business; (2) regulatory; and (3) technological domains.
- Application security controls and audit measurements costs should align with the targeted level of trust.
- Auditing process should verify that implemented controls are delivering management's targeted level of trust.
ISO 27034-1 also lays out the components, processes, and frameworks to help organizations acquire, implement, and use trustworthy applications, at an acceptable (or tolerable) security...