ISO27k-aligned security awareness service
ISO/IEC 27070
Creative security awareness materials

Creative security awareness materials for your ISMS

Copyright © 2018 IsecT Ltd.

ISO/IEC 27070 — Information technology — Security techniques —
Security requirements for establishing virtualized roots of trust (DRAFT)

Introduction

Whereas trusted computing generally involves a hardware security module providing cryptographic functions in a physically secure enclosure, the architecture is not well suited to cloud computing. In the cloud, systems are virtualized, mobile and scaleable, hence they cannot readily access and rely upon fixed hardware.

 

Scope and purpose

The standard will specify the information security aspects needed to secure ‘virtualized roots of trust’.

 

Contents

?

 

Status

The standard is at 2nd Working Draft stage.

 

Personal comments

‘Trusted computing’ typically refers to secure systems used for governmental and military/defense purposes, processing highly classified information.

‘Virtualized roots of trust’ appears to concern the provision of trustworthy computing environments in the cloud, where virtual machines are dynamically created to provide cloud services.  The trust, risk and security implications are, frankly, beyond my pay grade.

 

< Previous standard      ^ Up a level ^      Next standard >