ISO 27017: Guidelines for Information Security Controls in Cloud Services

C.

Create a new Service Account that should be able to list the Compute Engine instances in the project.

You want to follow Google-recommended practices.

The correct answer is C. ISO 27017.

ISO 27017 is an international standard that provides guidelines for information security controls applicable to the provision and use of cloud services. It is part of the ISO/IEC 27000 family of standards, which are a set of international standards for information security management systems (ISMS).

ISO 27017 specifically provides guidelines for cloud service providers (CSPs) and their customers on how to implement effective information security controls in a cloud environment. It addresses issues such as data protection, information security management, and the management of cloud-specific risks.

ISO 27001 and ISO 27002 are also part of the ISO/IEC 27000 family of standards, but they are not specifically focused on cloud security. ISO 27001 is a general standard for ISMS, while ISO 27002 provides a code of practice for information security management.

ISO 27018 is a privacy-specific standard that provides guidelines for the protection of personally identifiable information (PII) in public cloud environments. It is designed to help CSPs protect their customers' PII by implementing effective privacy controls.

In summary, while all four standards are important in the realm of information security, ISO 27017 is specifically focused on cloud security and provides guidelines for information security controls applicable to the provision and use of cloud services.