| 3.2.2 | DE.CM-2: Is the physical IT equipment monitored to detect potential cloud security? | LOW | · ISA 62443-2-1:2009 4.3.3.3.8 · NIST SP 800-53 Rev. 4 CA-7, PE-3, PE-6, PE-20 | Cloud Provider/ Administrator/ Logging | Sub Metric | Met3.2.2 |
| 3.2.3 | DE.CM-3: Personnel activity is monitored to detect any breaches and non-repudiation activities? | LOW | · ISA 62443-3-3:2013 SR 6.2 · NIST SP 800-53 Rev. 4 AC-2, AU-12, AU-13, CA-7, CM-10, CM-11 | Administrator/ Logging | Sub Metric | Met3.2.3 |
| 3.2.7 | DE.CM-7: Is the cloud environment monitored for unauthorised users or connections? | MEDIUM | · NIST SP 800-53 Rev. 4 AU-12, CA-7, CM-3, CM-8, PE-3, PE-6, PE-20, SI-4 | Administrator/ Logging | Sub Metric | Met3.2.7 |
| 3.2.8 | DE.CM-8: Are vulnerability scans regularly performed on the cloud environment? | MEDIUM | · COBIT 5 BAI03.10 · ISA 62443-2-1:2009 4.2.3.1, 4.2.3.7 · ISO/IEC 27001:2013 A.12.6.1 · NIST SP 800-53 Rev. 4 RA-5 | Cloud Provider/ Administrator/ | Sub Metric | Met3.2.8 |
| 3.3 | Detection Processes (3.3): Threat detection methods and procedures are maintained and tested to ensure timely and adequate awareness of unusual or irregular events. |
|
|
| Metric | Met3.3 |
| 3.3.1 | DE.DP-1: Does the SME and cloud provider define the roles and responsibilities for all the users to enable accountability for their actions? | LOW | · CCS CSC 5 · COBIT 5 DSS05.01 · ISA 62443-2-1:2009 4.4.3.1 · ISO/IEC 27001:2013 A.6.1.1 · NIST SP 800-53 Rev. 4 CA-2, CA-7, PM-14 | Cloud Provider/ Administrator/ | Sub Metric | Met3.3.1 |
| 3.3.2 | DE.DP-2: Do the threat detection measures conform to all relevant requirements? | MEDIUM | · ISA 62443-2-1:2009 4.4.3.2 · ISO/IEC 27001:2013 A.18.1.4 · NIST SP 800-53 Rev. 4 CA-2, CA-7, PM-14, SI-4 | Cloud Provider/ Administrator/ | Sub Metric | Met3.3.2 |
| 3.3.3 | DE.DP-3: Are the above-mentioned measures tested? | LOW | · ISA 62443-3-3:2013 SR 3.3 · ISO/IEC 27001:2013 A.14.2.8 · NIST SP 800-53 Rev. 4 CA-2, CA-7, PE-3, PM-14, SI-3, SI-4 | Cloud Provider/ Administrator/ | Sub Metric | Met3.3.3 |
| 3.3.4 | DE.DP-4: Are the above-mentioned measures communicated to the SME personnel? | MEDIUM | · COBIT 5 APO12.06 · ISA 62443-2-1:2009 4.3.4.5.9 · ISA 62443-3-3:2013 SR 6.1 · ISO/IEC 27001:2013 A.16.1.2 · NIST SP 800-53 Rev. 4 AU-6, CA-2, CA-7, RA-5, SI-4 | Cloud Provider/ Administrator/ | Sub Metric | Met3.3.4 |
| 3.3.5 | DE.DP-5: Are the above-mentioned measures and processes continuously improved? | LOW | · COBIT 5 APO11.06, DSS04.05 · ISA 62443-2-1:2009 4.4.3.4 · ISO/IEC 27001:2013 A.16.1.6 · NIST SP 800-53 Rev. 4, CA-2, CA-7, PL-2, RA-5, SI-4, PM-14 | Cloud Provider/ Administrator/ | Sub Metric | Met3.3.5 |
| 4 | RESPOND TO SECURITY EVENTS IN THE CLOUD |
|
|
| Group Metric | Met4 |
| 4.1 | Response Planning (4.1): Response procedures and measures are executed and maintained, to ensure timely response to detected cloud security incidents. |
|
|
| Metric | Met4.1 |