Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A



Similar documents
Business Intelligence and the Cloud. Strategic Implementation Guide. Wiley and SAS Business Series

Next Generation Enterprise Mobility Management Market Insight

Analysis of the Global Enterprise Firewall Market

World Enterprise, Broadband, Mobile Video Transcoders Market

U.S. Call Center Software Markets

2015 U.S. Technical and Trade Schools Industry - Industry Report

Risk and Financial Management in Construction

Project Scheduling and Management for Construction. 4th Edition. RSMeans

Brochure More information from

Strategic Global Sourcing Best Practices

World Wireless Protocol Analyzers and Network Monitoring Systems

U.S. Mobile Device Management (MDM) Market 2012: Solving the Many Challenges in Enterprise Mobility

The Practical Guide to Project Management Documentation

Cloud Infrastructure Testing and Cloud-based Application Performance Monitoring Market

Global Big Data Analytics Market for Test and Measurement

ZOHO Company Profile, focussing on CRM Activities

Strategic Analysis of the Impact of Big Data on the European and North American Automotive Industry

Predictive Analytics for Human Resources. Wiley and SAS Business Series

Forms 1099 & W-9 Update - Current Year IRS Information Reporting Form Guidelines - Recorded Webinar

The Laboratory Quality Assurance System. A Manual of Quality Procedures and Forms. 3rd Edition

Public Cloud Computing Market for SMBs in India - Affordable Connectivity and Virtualization Technologies to Drive Adoption of Public Cloud

Administering Data Centers. Servers, Storage, and Voice over IP

Sarbanes-Oxley Ongoing Compliance Guide. Key Processes and Summary Checklists

"Personal Accident and Health Insurance Claims and Expenses in Morocco to 2018: Market Databook"

Global Opioid Dependence Drugs Market Highlights

Enterprise Performance Management Done Right. An Operating System for Your Organization. Wiley CIO

Global Multiple Sclerosis Epidemiology and Patient Flow Analysis

Global Multiple Myeloma Epidemiology and Patient Flow Analysis

Global Big Data Analytics Market

Global Haemophilia Epidemiology and Patient Flow Analysis

Analysis of the North American Automotive Wire and Cable Materials Market: Price-performance Index of Materials Will be Key in Driving Growth

Security Audit Program - ISO 28000, 27001, & ISO / HIPAA / SOX PCI-DSS Compliant

North American Video Conferencing Hosted and Managed Services Market: Growing Amidst a Long-term Transition and Economic Turbulence

Mobile Value-added Services (VAS) in the Cloud: Security Challenges, Market Opportunities and Forecasts

'Personal Accident and Health Insurance Premiums and Claims in Australia to 2018: Market Brief' contains

Vulnerability Management (VM) - Global Market Analysis

IP VPN Market Forecast in India to 2016

General Dynamics Corporation - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Strategic Analysis of Fleet Vehicle Leasing Market in Ireland

Personal Accident and Health Insurance Investments in Russia to 2018: Market Databook

Enterprise VoIP - Future Potential of the Indian Market for Managed VoIP Solutions

Global Physical Security Information Management Market Assessment

COSO Enterprise Risk Management. Establishing Effective Governance, Risk, and Compliance (GRC) Processes. 2nd Edition. Wiley Corporate F&A

1. Healthcare and Medical Device Connectivity and Interoperability

Personal Accident and Health Insurance Claims and Expenses in Belarus to 2016: Market Databook

'Personal Accident and Health Insurance Premiums and Claims in Kenya to 2018: Market Brief' contains

Effective Software Project Management

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management

Professional Alfresco. Practical Solutions for Enterprise Content Management

General Cable Corporation - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Enterprise Data Governance. Reference and Master Data Management Semantic Modeling

Personal Accident and Health Insurance Claims and Expenses in South Africa to 2017: Market Databook

Non-Life Insurance Premiums and Claims in Georgia to 2017: Market Brief

Building and Renovating Schools. Design, Construction Management, Cost Control. RSMeans

Non-Life Insurance Premiums and Claims in Brazil to 2018: Market Brief

Europe Rheumatoid Arthritis Market Highlights

U.S. Database Management System Software by Vertical Market

Essentials of Working Capital Management. Essentials Series

Trends and Opportunities in the UAE Life Insurance Industry to 2016: Market Profile

Cloud Infrastructure as a Service Market Update 2015

Global Learning Analytics Market: Research Report

Project Manager's Spotlight on Change Management

Corporate Performance Management Best Practices. A Case Study Approach to Accelerating CPM Results. Wiley Corporate F&A

Western European Storage Area Network (SAN) Market

Varma Mutual Pension Insurance Company - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Individual Life Insurance in Indonesia to 2019: Market Databook

Riemser Arzneimittel AG - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Master Data Management in Practice. Achieving True Customer MDM. Wiley Corporate F&A

BP p.l.c. (BP) Company Profile- Business Overview, Strategies, SWOT and Financial Analysis

Global and Chinese Polypropylene carbonate (PPC) Industry

Grupo PRISA - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

The Fundamentals of Organizational Behavior. What Managers Need to Know

Code of Practice for Cyber Security in the Built Environment

Excel 2013 Power Programming with VBA. Mr. Spreadsheet's Bookshelf

Nippon Life Insurance Company - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Analysis of the Brazilian Data Center Power Supplies Market

Estonia: Clay Tiles And Roofing - Market Report. Analysis And Forecast To 2020

Building the Agile Enterprise. The MK/OMG Press

Pacific Biosciences of California, Inc. - Mergers & Acquisitions (M&A), Partnerships & Alliances and Investment Report

Microsoft Dynamics CRM 2011 Administration Bible

Linkage Inc.'s Best Practices in Succession Planning

Payroll Services Industry in the U.S. - Market Research Report

Transcription:

Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. - Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources - Reveals effective methods for evaluating the security and privacy practices of cloud services - A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA) Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers. Contents: Preface xiii Chapter 1: Introduction to Cloud Computing 1 History 1 Defining Cloud Computing 2 Elasticity 2 Multitenancy 3 Economics 3 Abstraction 3 Cloud Computing Services Layers 4 Infrastructure as a Service 5 Platform as a Service 5 Software as a Service 6 Roles in Cloud Computing 6 Consumer 6 Provider 6 Integrator 7 Cloud Computing Deployment Models 8 Private 8

Community 8 Public 9 Hybrid 9 Challenges 9 Availability 10 Data Residency 10 Multitenancy 11 Performance 11 Data Evacuation 12 Supervisory Access 12 In Summary 13 Chapter 2: Cloud-Based IT Audit Process 15 The Audit Process 16 Control Frameworks for the Cloud 18 ENISA Cloud Risk Assessment 20 FedRAMP 20 Entities Using COBIT 21 CSA Guidance 21 CloudAudit/A6 The Automated Audit, Assertion, Assessment, and Assurance API 22 Recommended Controls 22 Risk Management and Risk Assessment 26 Risk Management 27 Risk Assessment 27 Legal 28 In Summary 29 Chapter 3: Cloud-Based IT Governance 33 Governance in the Cloud 36 Understanding the Cloud 36 Security Issues in the Cloud 37 Abuse and Nefarious Use of Cloud Computing 38 Insecure Application Programming Interfaces 39

Malicious Insiders 39 Shared Technology Vulnerabilities 39 Data Loss/Leakage 40 Account, Service, and Traffic Hijacking 40 Unknown Risk Profile 40 Other Security Issues in the Cloud 41 Governance 41 IT Governance in the Cloud 44 Managing Service Agreements 44 Implementing and Maintaining Governance for Cloud Computing 46 Implementing Governance as a New Concept 46 Preliminary Tasks 46 Adopt a Governance Implementation Methodology 48 Extending IT Governance to the Cloud 49 In Summary 52 Chapter 4: System and Infrastructure Lifecycle Management for the Cloud 57 Every Decision Involves Making a Tradeoff 57 Example: Business Continuity/Disaster Recovery 59 What about Policy and Process Collisions? 60 The System and Management Lifecycle Onion 61 Mapping Control Methodologies onto the Cloud 62 Information Technology Infrastructure Library 63 Control Objectives for Information and Related Technology 64 National Institute of Standards and Technology 65 Cloud Security Alliance 66 Verifying Your Lifecycle Management 67 Always Start with Compliance Governance 67 Verification Method 68 Illustrative Example 70 Risk Tolerance 72 Special Considerations for Cross-Cloud Deployments 73 The Cloud Provider s Perspective 74

Questions That Matter 75 In Summary 76 Chapter 5: Cloud-Based IT Service Delivery and Support 79 Beyond Mere Migration 80 Architected to Share, Securely 80 Single-Tenant Offsite Operations (Managed Service Providers) 81 Isolated-Tenant Application Services (Application Service Providers) 81 Multitenant (Cloud) Applications and Platforms 82 Granular Privilege Assignment 82 Inherent Transaction Visibility 84 Centralized Community Creation 86 Coherent Customization 88 The Question of Location 90 Designed and Delivered for Trust 91 Fewer Points of Failure 91 Visibility and Transparency 93 In Summary 93 Chapter 6: Protection and Privacy of Information Assets in the Cloud 97 The Three Usage Scenarios 99 What Is a Cloud? Establishing the Context Defining Cloud Solutions and their Characteristics 100 What Makes a Cloud Solution? 101 Understanding the Characteristics 104 Service Based 104 On-Demand Self-Service 104 Broad Network Access 104 Scalable and Elastic 105 Unpredictable Demand 105 Demand Servicing 105 Resource Pooling 105 Managed Shared Service 105 Auditability 105

Service Termination and Rollback 106 Charge by Quality of Service and Use 106 Capability to Monitor and Quantify Use 106 Monitor and Enforce Service Policies 107 Compensation for Location Independence 107 Multitenancy 107 Authentication and Authorization 108 Confidentiality 108 Integrity 108 Authenticity 108 Availability 108 Accounting and Control 109 Collaboration Oriented Architecture 109 Federated Access and ID Management 109 The Cloud Security Continuum and a Cloud Security Reference Model 110 Cloud Characteristics, Data Classification, and Information Lifecycle Management 113 Cloud Characteristics and Privacy and the Protection of Information Assets 113 Information Asset Lifecycle and Cloud Models 114 Data Privacy in the Cloud 118 Data Classification in the Context of the Cloud 119 Regulatory and Compliance Implications 119 A Cloud Information Asset Protection and Privacy Playbook 121 In Summary 124 Chapter 7: Business Continuity and Disaster Recovery 129 Business Continuity Planning and Disaster Recovery Planning Overview 129 Problem Statement 130 The Planning Process 131 The Auditor s Role 133 Augmenting Traditional Disaster Recovery with Cloud Services 135 Cloud Computing and Disaster Recovery: New Issues to Consider 136 Cloud Computing Continuity 136 Audit Points to Emphasize 138

In Summary 139 Chapter 8: Global Regulation and Cloud Computing 143 What is Regulation? 144 Federal Information Security Management Act 146 Sarbanes-Oxley Law 146 Health Information Privacy Accountability Act 146 Graham/Leach/Bliley Act 147 Privacy Laws 147 Why Do Regulations Occur? 148 Some Key Takeaways 149 The Real World A Mixing Bowl 149 Some Key Takeaways 151 The Regulation Story 151 Privacy 153 International Export Law and Interoperable Compliance 154 Effective Audit 155 Identifying Risk 156 In Summary 156 Chapter 9: Cloud Morphing: Shaping the Future of Cloud Computing Security and Audit 161 Where Is the Data? 162 A Shift in Thinking 164 Cloud Security Alliance 165 CloudAudit 1.0 166 Cloud Morphing Strategies 166 Virtual Security 167 Data in the Cloud 168 Cloud Storage 169 Database Classes in the Cloud 171 Perimeter Security 171 Cryptographic Protection of the Data 172 In Summary 173

Appendix: Cloud Computing Audit Checklist 175 About the Editor 181 About the Contributors 183 Index 191 Ordering: Order Online - http://www.researchandmarkets.com/reports/2213812/ Order by Fax - using the form below Order by Post - print the order form below and send to Research and Markets, Guinness Centre, Taylors Lane, Dublin 8, Ireland.

Page 1 of 2 Fax Order Form To place an order via fax simply print this form, fill in the information below and fax the completed form to 646-607-1907 (from USA) or +353-1-481-1716 (from Rest of World). If you have any questions please visit http://www.researchandmarkets.com/contact/ Order Information Please verify that the product information is correct. Product Name: Web Address: Office Code: Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A http://www.researchandmarkets.com/reports/2213812/ SC Product Format Please select the product format and quantity you require: Hard Copy (Hard Back): Quantity USD 73 + USD 29 Shipping/Handling * Shipping/Handling is only charged once per order. Contact Information Please enter all the information below in BLOCK CAPITALS Title: Mr Mrs Dr Miss Ms Prof First Name: Last Name: Email Address: * Job Title: Organisation: Address: City: Postal / Zip Code: Country: Phone Number: Fax Number: * Please refrain from using free email accounts when ordering (e.g. Yahoo, Hotmail, AOL)

Page 2 of 2 Payment Information Please indicate the payment method you would like to use by selecting the appropriate box. Pay by credit card: You will receive an email with a link to a secure webpage to enter your credit card details. Pay by check: Please post the check, accompanied by this form, to: Research and Markets, Guinness Center, Taylors Lane, Dublin 8, Ireland. Pay by wire transfer: Please transfer funds to: Account number 833 130 83 Sort code 98-53-30 Swift code IBAN number Bank Address ULSBIE2D IE78ULSB98533083313083 Ulster Bank, 27-35 Main Street, Blackrock, Co. Dublin, Ireland. If you have a Marketing Code please enter it below: Marketing Code: Please note that by ordering from Research and Markets you are agreeing to our Terms and Conditions at http://www.researchandmarkets.com/info/terms.asp Please fax this form to: (646) 607-1907 or (646) 964-6609 - From USA +353-1-481-1716 or +353-1-653-1571 - From Rest of World

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information