Auditing Cloud Computing: A Security and Privacy Guide

Auditing Cloud Computing: A Security and Privacy Guide

Ben Halpert

Language: English

Pages: 206

ISBN: 0470874740

Format: PDF / Kindle (mobi) / ePub


The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment

Many organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.

  • Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources
  • Reveals effective methods for evaluating the security and privacy practices of cloud services
  • A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)

Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.

Learning the Unix Operating System: A Concise Guide for the New User (5th Edition)

Wired (February 2016)

Evolutionary Computing in Advanced Manufacturing (Wiley-Scrivener)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cloud-Computing-Management-Audit-Assurance-Program.aspx. 8. www.cloudsecurityalliance.org/csaguide.pdf. 9. Review A6/CloudAudit at http://cloudaudit.org/ and also on the CSA web site. Also review effort by NIST to set guidance and standards through recently set up NIST working groups on cloud computing (http://collaborate.nist.gov/ twiki-cloud-computing/bin/view/CloudComputing/WebHome). 10. Taken from ECIIA/FERMA—Guidance 8th EU. 11. ENISA: Cloud Computing: Benefits, risks and recommendations for

Sometimes you’ll find an acceptable level of risk. Sometimes you’ll find the risk is too high and you will need to seek an alternate solution that meets your critical requirements. Either way, your organization can move forward with buy-in from key stakeholders. THE SYSTEM AND MANAGEMENT LIFECYCLE ONION Given the layered models around which cloud computing has coalesced, we present the system and infrastructure management lifecycle onion. Why an onion, rather than something more pleasingly

services to be monitored, metered, and used. This makes the driving criteria interoperability and consistency of the service offering (implying a limitation of customization for consumers). For regulators, the implications are the need for the ability to review and validate the policies (constraints) for the service, and audit of the usage in terms of protection and privacy. Associated characteristics are on-demand self-service, and broad network access. On-Demand Self-Service From a provider

stakeholders across the organization. BCP and DRP activities should be performed as a formal project, with a project manager and a cross-functional team. An organization may appoint an individual as a BCP and/or DRP coordinator to provide technical leadership. Smaller organizations may consider utilizing a consultant in this role during the initial development, testing, and training of the plans. Other team participants should include engineering, research and development, marketing, supply chain

vacuum; rather, they looked to the best practice framework (COSO) already in place. This allowed the PCAOB the ability to work quickly to set the guidelines and rules for audit; the use of existing best practices allowed for rapid adoption and buy-in. Ease of implementation is important when a security team is looking for widespread adoption of a framework across its business. What was the result? The development of a SOX compliance program and supporting industry, as well as a sense that the

Download sample

Download