|
+IAM-06.06B |
1. ÜbersichtIAM-06.06BWhen such an event is identified, the responsible personnel is automatically informed so that they can timely assess whether misuse has occurred and take corresponding action.Privileged access rights in the sense of the criterion are those that enable personnel of the cloud service provider to perform any of the following activities: 1. Read or write access to the cloud service customers data processed, stored or transmitted in the cloud service, unless such data is encrypted or the encryption can be deactivated for access by the cloud service provider; and 2. Changes to the operational and/or security configuration of the system components in the production environment, in particular the starting, stopping, deleting or deactivating of system components, if this can affect the confidentiality, integrity or availability of the cloud service customers data (also indirectly, e.g. by deactivating the logging and monitoring of security-relevant events). Responsible personnel for events that may indicate misuse can be e.g. the personnel of the cloud service provider's security operations centre. Misused privileged access rights can be treated e.g. as a security incident, cf. SIM-01.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|