Auditing Cloud Computing: A Security and Privacy Guide

Auditing Cloud Computing: A Security and Privacy Guide

Ben Halpert

Language: English

Pages: 206

ISBN: 0470874740

Format: PDF / Kindle (mobi) / ePub


The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment

Many organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.

  • Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources
  • Reveals effective methods for evaluating the security and privacy practices of cloud services
  • A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)

Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.

Linked Data: Structured data on the Web

Mastering VMware vSphere 6

Teach Yourself VISUALLY Windows 8

Linux Voice [UK], Issue 27 (June 2016)

MySQL (4th Edition)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

lifecycle management. It will help you understand how cloud computing alters the usual thinking around control and responsibility boundaries. Cloud Security Alliance The Cloud Security Alliance (CSA) has released a controls matrix4 tailored for cloud computing customers and providers: The Cloud Security Alliance Controls Matrix (CM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall

equivalent to traditional web hosting; questionnaires that are suitable for web hosting providers aren’t directly translatable to the cloud. And before you send your questionnaire to your provider, think about each item. Is it relevant? If not, remove it. IN SUMMARY Despite the hype, the shift from on-premise computing to the cloud fundamentally alters the way organizations develop and deliver information technology. C04 06/08/2011 10:0:10 Page 77 Notes & 77 It changes the ways you

associated with that data. a. Define the context for the overall solution. b. Next, define the context in terms of an atomic security continuum element. i. For each atomic security element: C06 06/10/2011 10:31:51 Page 123 A Cloud Information Asset Protection and Privacy Playbook & 123 1. Apply the data classification scheme and the Confidentiality, Integrity, Availability, Authentication, Authorization, Accounting, and Audit (CIAAAAA) to arrive at the information protection and privacy

are directly accessible, and the only configuration belongs to the organization. In the cloud, the perimeter is lost—specifically in Platform as a Service (PaaS) and Software C09 06/08/2011 172 10:52:54 & Page 172 Cloud Morphing as a Service (SaaS) deployments—due to multitenancy. A customer can configure security to their cloud services; however, the services are shared with other customers and the containment is lost. The perimeter is now at the data level. The applications managing

stores, and processes? Are information security investments and program activities aligned with the organization’s strategy, risk profile, and business needs? Is there a top-level information security governance committee representing senior management, key business stakeholders, IT management, Audit, and Risk and Compliance to assist the chief information security officer in setting direction for the information security program? Is the information security program’s effectiveness regularly

Download sample

Download

About admin