• No results found

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

Brochure

More information from http://www.researchandmarkets.com/reports/2213812/

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate

F&A

Description: The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud

computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.

- Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources

- Reveals effective methods for evaluating the security and privacy practices of cloud services

- A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)

Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.

Contents: Preface xiii

Chapter 1: Introduction to Cloud Computing 1 History 1

Defining Cloud Computing 2 Elasticity 2

Multitenancy 3 Economics 3 Abstraction 3

Cloud Computing Services Layers 4 Infrastructure as a Service 5 Platform as a Service 5 Software as a Service 6 Roles in Cloud Computing 6 Consumer 6

Provider 6 Integrator 7

(2)

Community 8 Public 9 Hybrid 9 Challenges 9 Availability 10 Data Residency 10 Multitenancy 11 Performance 11 Data Evacuation 12 Supervisory Access 12 In Summary 13

Chapter 2: Cloud-Based IT Audit Process 15 The Audit Process 16

Control Frameworks for the Cloud 18 ENISA Cloud Risk Assessment 20 FedRAMP 20

Entities Using COBIT 21 CSA Guidance 21

CloudAudit/A6—The Automated Audit, Assertion, Assessment, and Assurance API 22 Recommended Controls 22

Risk Management and Risk Assessment 26 Risk Management 27

Risk Assessment 27 Legal 28

In Summary 29

Chapter 3: Cloud-Based IT Governance 33 Governance in the Cloud 36

Understanding the Cloud 36 Security Issues in the Cloud 37

(3)

Malicious Insiders 39

Shared Technology Vulnerabilities 39 Data Loss/Leakage 40

Account, Service, and Traffic Hijacking 40 Unknown Risk Profile 40

Other Security Issues in the Cloud 41 Governance 41

IT Governance in the Cloud 44 Managing Service Agreements 44

Implementing and Maintaining Governance for Cloud Computing 46 Implementing Governance as a New Concept 46

Preliminary Tasks 46

Adopt a Governance Implementation Methodology 48 Extending IT Governance to the Cloud 49

In Summary 52

Chapter 4: System and Infrastructure Lifecycle Management for the Cloud 57 Every Decision Involves Making a Tradeoff 57

Example: Business Continuity/Disaster Recovery 59 What about Policy and Process Collisions? 60 The System and Management Lifecycle Onion 61 Mapping Control Methodologies onto the Cloud 62 Information Technology Infrastructure Library 63

Control Objectives for Information and Related Technology 64 National Institute of Standards and Technology 65

Cloud Security Alliance 66

Verifying Your Lifecycle Management 67 Always Start with Compliance Governance 67 Verification Method 68

Illustrative Example 70 Risk Tolerance 72

(4)

Questions That Matter 75 In Summary 76

Chapter 5: Cloud-Based IT Service Delivery and Support 79 Beyond Mere Migration 80

Architected to Share, Securely 80

Single-Tenant Offsite Operations (Managed Service Providers) 81 Isolated-Tenant Application Services (Application Service Providers) 81 Multitenant (Cloud) Applications and Platforms 82

Granular Privilege Assignment 82 Inherent Transaction Visibility 84 Centralized Community Creation 86 Coherent Customization 88

The Question of Location 90 Designed and Delivered for Trust 91 Fewer Points of Failure 91

Visibility and Transparency 93 In Summary 93

Chapter 6: Protection and Privacy of Information Assets in the Cloud 97 The Three Usage Scenarios 99

What Is a Cloud? Establishing the Context—Defining Cloud Solutions and their Characteristics 100 What Makes a Cloud Solution? 101

Understanding the Characteristics 104 Service Based 104

(5)

Service Termination and Rollback 106 Charge by Quality of Service and Use 106 Capability to Monitor and Quantify Use 106 Monitor and Enforce Service Policies 107 Compensation for Location Independence 107 Multitenancy 107

Authentication and Authorization 108 Confidentiality 108

Integrity 108 Authenticity 108 Availability 108

Accounting and Control 109

Collaboration Oriented Architecture 109 Federated Access and ID Management 109

The Cloud Security Continuum and a Cloud Security Reference Model 110

Cloud Characteristics, Data Classification, and Information Lifecycle Management 113 Cloud Characteristics and Privacy and the Protection of Information Assets 113 Information Asset Lifecycle and Cloud Models 114

Data Privacy in the Cloud 118

Data Classification in the Context of the Cloud 119 Regulatory and Compliance Implications 119

A Cloud Information Asset Protection and Privacy Playbook 121 In Summary 124

Chapter 7: Business Continuity and Disaster Recovery 129

Business Continuity Planning and Disaster Recovery Planning Overview 129 Problem Statement 130

The Planning Process 131 The Auditor’s Role 133

Augmenting Traditional Disaster Recovery with Cloud Services 135 Cloud Computing and Disaster Recovery: New Issues to Consider 136 Cloud Computing Continuity 136

(6)

In Summary 139

Chapter 8: Global Regulation and Cloud Computing 143 What is Regulation? 144

Federal Information Security Management Act 146 Sarbanes-Oxley Law 146

Health Information Privacy Accountability Act 146 Graham/Leach/Bliley Act 147

Privacy Laws 147

Why Do Regulations Occur? 148 Some Key Takeaways 149

The Real World—A Mixing Bowl 149 Some Key Takeaways 151

The Regulation Story 151 Privacy 153

International Export Law and Interoperable Compliance 154 Effective Audit 155

Identifying Risk 156 In Summary 156

Chapter 9: Cloud Morphing: Shaping the Future of Cloud Computing Security and Audit 161 Where Is the Data? 162

A Shift in Thinking 164 Cloud Security Alliance 165 CloudAudit 1.0 166

Cloud Morphing Strategies 166 Virtual Security 167

Data in the Cloud 168 Cloud Storage 169

Database Classes in the Cloud 171 Perimeter Security 171

(7)

Appendix: Cloud Computing Audit Checklist 175 About the Editor 181

About the Contributors 183 Index 191

Ordering: Order Online - http://www.researchandmarkets.com/reports/2213812/

Order by Fax - using the form below

Order by Post - print the order form below and send to Research and Markets,

(8)

Page 1 of 2

Fax Order Form

To place an order via fax simply print this form, fill in the information below and fax the completed form to 646-607-1907 (from USA) or +353-1-481-1716 (from Rest of World). If you have any questions please visit

http://www.researchandmarkets.com/contact/

Order Information

Please verify that the product information is correct.

Product Format

Please select the product format and quantity you require:

* Shipping/Handling is only charged once per order.

Contact Information

Please enter all the information below in BLOCK CAPITALS

Product Name: Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Web Address: http://www.researchandmarkets.com/reports/2213812/

Office Code: SC

Quantity

Hard Copy (Hard

Back): USD 73 + USD 29 Shipping/Handling

Title: Mr Mrs Dr Miss Ms Prof

First Name: Last Name:

Email Address: * Job Title: Organisation: Address: City:

Postal / Zip Code: Country:

Phone Number: Fax Number:

(9)

Page 2 of 2

Payment Information

Please indicate the payment method you would like to use by selecting the appropriate box.

Please fax this form to:

(646) 607-1907 or (646) 964-6609 - From USA

+353-1-481-1716 or +353-1-653-1571 - From Rest of World

Pay by credit card: You will receive an email with a link to a secure webpage to enter yourcredit card details.

Pay by check: Please post the check, accompanied by this form, to: Research and Markets,

Guinness Center, Taylors Lane, Dublin 8, Ireland.

Pay by wire transfer: Please transfer funds to:

Account number 833 130 83

Sort code 98-53-30

Swift code ULSBIE2D

IBAN number IE78ULSB98533083313083 Bank Address Ulster Bank,

27-35 Main Street, Blackrock, Co. Dublin, Ireland. If you have a Marketing Code please enter it below:

Marketing Code:

References

Download now ( PDF - 9 Page - 55.14 KB )

Related documents

Development of rural tourist destinations through the entrepreneuship in the Republic of Macedonia

Possibilities for regional development and good examples From European practice - Irish experience of rural development - possible lessons for Serbia, Development and

how to write a 12 essay in 10

Thesis of the Writing Lab to how to write a 12 essay in 10 days Presenting More for your whole how to write a 12 essay in 10 days search free will help and templates cover

A Wideband and High Gain Dual-Polarzied Antenna Design by a Frequency-Selective Surface for WLAN Application

Near its resonance frequency where the reflection coefficient of surface is about unity, the radiating source and FSS layer produce resonance condition in which the directivity of

2DE-Pattern: A Database for Inventory of Human

different proteoform profiles for each protein isoform entry in the database. All these

Does the current process to address labour rights violations of Migrant Domestic Workers in Hong Kong Provide an Effective Remedy?

It will: define the concept of an effective remedy; establish Hong Kong’s legal responsibility to provide an effective remedy for human rights violations as a party to International

Character Dossier

Lifepaths 1st Term Length Benefits Special Rules Hazardous Duty Rank 2nd Term Length Benefits Special Rules Hazardous Duty Rank 3rd Term Length Benefits

Heparin-binding protein (HBP) improves prediction of sepsis-related acute kidney injury

ACE: angiotensin-converting-enzyme inhibitor; AKI: acute kidney injury; ARB: angiotensin II receptor blockers; cfNRI: category-free net reclassification index; COPD:

Tryon Trekkers: An Evaluation of a STEM Based Afterschool Program for At-Risk Youth

Krishnamurthi, Bevan, and Coulon (2013), as part of the Afterschool Alliance, conducted a study to identify achievable outcomes of STEM afterschool programs. Specifically, the