Auditing Cloud Computing (eBook)
224 Seiten
John Wiley & Sons (Verlag)
978-1-118-11604-3 (ISBN)
practices in a cloud computing environment
Many organizations are reporting or projecting a significant
cost savings through the use of cloud computing--utilizing
shared computing resources to provide ubiquitous access for
organizations and end users. Just as many organizations, however,
are expressing concern with security and privacy issues for their
organization's data in the "cloud." Auditing Cloud Computing
provides necessary guidance to build a proper audit to ensure
operational integrity and customer data protection, among other
aspects, are addressed for cloud based resources.
* Provides necessary guidance to ensure auditors address security
and privacy aspects that through a proper audit can provide a
specified level of assurance for an organization's resources
* Reveals effective methods for evaluating the security and
privacy practices of cloud services
* A cloud computing reference for auditors and IT security
professionals, as well as those preparing for certification
credentials, such as Certified Information Systems Auditor
(CISA)
Timely and practical, Auditing Cloud Computing expertly
provides information to assist in preparing for an audit addressing
cloud computing security and privacy for both businesses and cloud
based service providers.
BEN HALPERT, CISSP, is an information security researcher and practitioner. He has keynoted and presented sessions at numerous conferences and was a contributing author to Readings and Cases in the Management of Information Security and the Encyclopedia of Information Ethics and Security. Halpert writes a monthly security column for Mobile Enterprise magazine as well as an IT blog (www.benhalpert.com). He is also an adjunct instructor and on the advisory board of numerous colleges and universities.
Preface.
Acknowledgements.
Chapter 1 Introduction to Cloud Computing.
History.
Defining Cloud Computing.
Cloud Computing Services Layers.
Roles in Cloud Computing.
Cloud Computing Deployment Models.
Challenges.
In Summary.
Chapter 2 Cloud Based IT Audit Process.
The Audit Process.
Control Frameworks for the Cloud.
Recommended Controls.
Risk Management and Risk Assessment.
In Summary.
Chapter 3 Cloud Based IT Governance.
Governance in the Cloud.
Understanding the Cloud.
Security Issues in the Cloud.
Governance.
IT Governance in the Cloud.
Implementing and Maintaining Governance for cloud Computing.
Implementing Governance as a New Concept.
In Summary.
Chapter 4 System and Infrastructure Lifecycle Management for the Cloud.
Every Decision Involves Making a Tradeoff.
Example: business continuity/disaster recovery.
What about Policy and Process Collisions?
The System and Management Lifecycle Onion.
Mapping Control Methodologies onto the Cloud.
ITIL.
COBIT.
NIST.
CSA.
Verifying Your Lifecycle Management.
Always Start with Compliance Governance.
Verification Method.
Illustrative Example
Risk Tolerance.
Special Considerations for Cross-Cloud Deployments.
The Cloud Provider's Perspective.
Questions that Matter.
In Summary.
Chapter 5 Cloud-Based IT Service Delivery and Support.
Beyond Mere Migration.
Architected to Share, Securely.
Single-Tenant Offsite Operations (Managed Service Providers).
Isolated-Tenant Application Services (Application Service Providers).
Multi-Tenant ("Cloud") Applications & Platforms.
The Question of Location.
Designed and Delivered for Trust.
Fewer Points of Failure.
Visibility and Transparency.
In Summary.
Chapter 6 Protection and Privacy of Information Assets in the Cloud.
The 3 Usage Scenarios.
What is a Cloud? Establishing the Context - Defining Cloud Solutions and their Characteristics.
What Makes a Cloud Solution?
Understanding the Characteristics.
The Cloud Security Continuum and a Cloud Security Reference Model.
Cloud Characteristics, Data Classification and Information Lifecycle Management.
Cloud Characteristics and Privacy and the Protection of Information Assets.
Information Asset Lifecycle and Cloud Models.
Data Privacy in the Cloud.
Data Classification in the context of the cloud.
Regulatory and Compliance implications.
A Cloud Information Asset Protection and Privacy Playbook.
In Summary.
Chapter 7 Business Continuity and Disaster Recovery.
Business Continuity Planning and Disaster Recovery Planning Overview.
Problem Statement.
The Planning Process.
Augmenting Traditional Disaster Recovery with Cloud Services.
Cloud Computing and Disaster Recovery: New Issues to Consider.
Cloud Computing Continuity.
Audit Points to Emphasize.
In Summary.
Chapter 8 Global Regulation and Cloud Computing.
What is Regulation?
FISMA - Federal Information Security Management Act.
SOX - Sarbanes/Oxley Law.
HIPAA - Health Information Privacy Accountability Act.
GLBA - Graham/Leach/Bliley Act.
Privacy Laws.
Why do Regulations Occur?
Some Key Takeaways.
The Real World - A Mixing Bowl.
Some Key Takeaways.
The Regulation Story.
Privacy.
International Export law and Interoperable Compliance.
Effective Audit.
Identifying Risk.
In Summary.
Chapter 9 Cloud Morphing.
Shaping the Future of Cloud Computing Security and Audit.
Where is the Data?
A Shift in Thinking.
Cloud Security Alliance (CSA).
CloudAudit 1.0.
Cloud Morphing Strategies.
Virtual Security.
Data in the Cloud.
Cloud Storage.
Database Classes in the Cloud.
Perimeter Security.
Cryptographic Protection of the Data.
In Summary.
Appendix Checklist.
About the Editor.
About the Contributors.
Index.
"To summarize, the book is a good review of the current situation in the field. Every CISO and CIO should be aware of the developments in the cloud regardless of the intention of actually implementing its use." (Blog.itgovernance.co.uk, April 2012)
| Erscheint lt. Verlag | 5.7.2011 |
|---|---|
| Reihe/Serie | Wiley Corporate F&A | Wiley Corporate F&A |
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Mathematik / Informatik ► Mathematik ► Finanz- / Wirtschaftsmathematik | |
| Recht / Steuern ► Wirtschaftsrecht | |
| Wirtschaft ► Betriebswirtschaft / Management | |
| Schlagworte | Accounting • Auditing • Rechnungswesen • Revision • Revision (Wirtsch.) |
| ISBN-10 | 1-118-11604-6 / 1118116046 |
| ISBN-13 | 978-1-118-11604-3 / 9781118116043 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Größe: 1,7 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
