The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing―utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.
- Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources
- Reveals effective methods for evaluating the security and privacy practices of cloud services
- A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)
Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.
AUDITING CLOUD COMPUTING
A Security and Privacy Guide
Companies are increasingly looking to Cloud Computing to improve operational efficiency, reduce head counts, and help with the bottom line. But security and privacy concerns present a strong barrier to entry. In an age when the consequences and potential costs of mistakes could quickly become catastrophic for companies that handle confidential and private customer data, auditors and IT security professionals must develop better ways of evaluating the security and privacy practices of Cloud services. Auditing Cloud Computing presents a collection of white papers written by renowned thought leaders in the field of auditing Cloud Computing to show you how to audit your company's hosted services.
Providing a holistic view to this elastic, on-demand service, Auditing Cloud Computing is your one-stop reference to Cloud Computing and the many questions that may arise during preparation of an audit program or throughout the course of an audit or assessment. Edited by renowned information security researcher and practitioner Ben Halpert, this volume gathers a team of prominent Cloud experts who have labored to provide insight into many aspects that you and your organization will encounter during your foray into the Cloud.
Written for Cloud consumers, providers, and integrators, Auditing Cloud Computing explores:
- The history, relevant definitions, deployment models, and challenges of Cloud computing
- What you can expect when creating audit programs for Cloud environments
- How the industry efforts of CSA, NIST, ISACA, and ENISA have influenced security and compliance programs
- Implementing, extending, and maintaining a governance program for Cloud activities
- How to leverage existing lifecycle controls
- Cross-cloud deployments
- Cloud-based IT delivery and support
- How "radical simplification" and "securely shared" concepts apply to all Cloud deployment models, even private Clouds
- Architecture considerations for Cloud service delivery and support
- The Cloud security continuum
- Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
- Regulations along with Cloud-specific considerations
- Shaping the future of Cloud Computing security and audit
Learn how to conduct a proper audit to ensure the security and privacy of your company's data in the Cloud with the necessary guidance found in Auditing Cloud Computing.
