Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745) 下载 pdf 百度网盘 epub 免费 2025 电子版 mobi 在线

The auditor's guide to ensuring correct security and

privacy practices in a cloud computing environment

Many organizations are reporting or projecting a significant

cost savings through the use of cloud computing—utilizing shared

computing resources to provide ubiquitous access for organizations

and end users. Just as many organizations, however, are expressing

concern with security and privacy issues for their organization's

data in the "cloud." Auditing Cloud Computing provides

necessary guidance to build a proper audit to ensure operational

integrity and customer data protection, among other aspects, are

addressed for cloud based resources.

Provides necessary guidance to ensure auditors address security

and privacy aspects that through a proper audit can provide a

specified level of assurance for an organization's resources

Reveals effective methods for evaluating the security and

privacy practices of cloud services

A cloud computing reference for auditors and IT security

professionals, as well as those preparing for certification

credentials, such as Certified Information Systems Auditor

(CISA)

Timely and practical, Auditing Cloud Computing expertly

provides information to assist in preparing for an audit addressing

cloud computing security and privacy for both businesses and cloud

based service providers.

Preface xiii

Chapter 1: Introduction to Cloud Computing

History

Defining Cloud Computing

Elasticity

Multitenancy

Economics

Abstraction

Cloud Computing Services Layers

Infrastructure as a Service

Platform as a Service

Software as a Service

Roles in Cloud Computing

Consumer

Provider

Integrator

Cloud Computing Deployment Models

Private

Community

Public

Hybrid

Challenges

Availability

Data Residency

Multitenancy

Performance

Data Evacuation

Supervisory Access

In Summary

Chapter 2: Cloud-Based IT Audit Process

The Audit Process

Control Frameworks for the Cloud

ENISA Cloud Risk Assessment

FedRAMP

Entities Using COBIT

CSA Guidance

CloudAudit/A6—The Automated Audit, Assertion, Assessment, and

Assurance API

Recommended Controls

Risk Management and Risk Assessment

Risk Management

Risk Assessment

Legal

In Summary

Chapter 3: Cloud-Based IT Governance

Governance in the Cloud

Understanding the Cloud

Security Issues in the Cloud

Abuse and Nefarious Use of Cloud Computing

Insecure Application Programming Interfaces

Malicious Insiders

Shared Technology Vulnerabilities

Data Loss/Leakage

Account, Service, and Traffic Hijacking

Unknown Risk Profile

Other Security Issues in the Cloud

Governance

IT Governance in the Cloud

Managing Service Agreements

Implementing and Maintaining Governance for Cloud Computing

Implementing Governance as a New Concept

Preliminary Tasks

Adopt a Governance Implementation Methodology

Extending IT Governance to the Cloud

In Summary

Chapter 4: System and Infrastructure Lifecycle Management for the

Cloud

Every Decision Involves Making a Tradeoff

Example: Business Continuity/Disaster Recovery

What about Policy and Process Collisions?

The System and Management Lifecycle Onion

Mapping Control Methodologies onto the Cloud

Information Technology Infrastructure Library

Control Objectives for Information and Related Technology

National Institute of Standards and Technology

Cloud Security Alliance

Verifying Your Lifecycle Management

Always Start with Compliance Governance

Verification Method

Illustrative Example

Risk Tolerance

Special Considerations for Cross-Cloud Deployments

The Cloud Provider’s Perspective

Questions That Matter

In Summary

Chapter 5: Cloud-Based IT Service Delivery and Support

Beyond Mere Migration

Architected to Share, Securely

Single-Tenant Offsite Operations

(Managed Service Providers)

Isolated-Tenant Application Services

(Application Service Providers)

Multitenant (Cloud) Applications and Platforms

Granular Privilege Assignment

Inherent Transaction Visibility

Centralized Community Creation

Coherent Customization

The Question of Location

Designed and Delivered for Trust

Fewer Points of Failure

Visibility and Transparency

In Summary

Chapter 6: Protection and Privacy of Information Assets in the

Cloud

The Three Usage Scenarios

What Is a Cloud? Establishing the Context—Defining Cloud

Solutions and their Characteristics

What Makes a Cloud Solution?

Understanding the Characteristics

Service Based

On-Demand Self-Service

Broad Network Access

Scalable and Elastic

Unpredictable Demand

Demand Servicing

Resource Pooling

Managed Shared Service

Auditability

Service Termination and Rollback

Charge by Quality of Service and Use

Capability to Monitor and Quantify Use

Monitor and Enforce Service Policies

Compensation for Location Independence

Multitenancy

Authentication and Authorization

Confidentiality

Integrity

Authenticity

Availability

Accounting and Control

Collaboration Oriented Architecture

Federated Access and ID Management

The Cloud Security Continuum and a Cloud Security Reference

Model

Cloud Characteristics, Data Classification, and Information

Lifecycle Management

Cloud Characteristics and Privacy and the Protection

of Information Assets

Information Asset Lifecycle and Cloud Models

Data Privacy in the Cloud

Data Classification in the Context of the Cloud

Regulatory and Compliance Implications

A Cloud Information Asset Protection and Privacy Playbook

In Summary

Chapter 7: Business Continuity and Disaster Recovery

Business Continuity Planning and Disaster Recovery

Planning Overview

Problem Statement

The Planning Process

The Auditor’s Role

Augmenting Traditional Disaster Recovery with Cloud Services

Cloud Computing and Disaster Recovery: New Issues to Consider

Cloud Computing Continuity

Audit Points to Emphasize

In Summary

Chapter 8: Global Regulation and Cloud Computing

What is Regulation?

Federal Information Security Management Act

Sarbanes-Oxley Law

Health Information Privacy Accountability Act

Graham/Leach/Bliley Act

Privacy Laws

Why Do Regulations Occur?

Some Key Takeaways

The Real World—A Mixing Bowl

Some Key Takeaways

The Regulation Story

Privacy

International Export Law and Interoperable Compliance

Effective Audit

Identifying Risk

In Summary

Chapter 9: Cloud Morphing: Shaping the Future of Cloud Computing

Security and Audit

Where Is the Data?

A Shift in Thinking

Cloud Security Alliance

CloudAudit 1.0

Cloud Morphing Strategies

Virtual Security

Data in the Cloud

Cloud Storage

Database Classes in the Cloud

Perimeter Security

Cryptographic Protection of the Data

In Summary

Appendix: Cloud Computing Audit Checklist

About the Editor

About the Contributors

Index

BEN HALPERT, CISSP, is an information security

researcher and practitioner. He has keynoted and presented sessions

at numerous conferences and was a contributing author to

Readings and Cases in the Management of Information Security

and the Encyclopedia of Information Ethics and Security.

Halpert writes a monthly security column for Mobile Enterprise

magazine as well as an IT blog (www.benhalpert.com). He is also an

adjunct instructor and on the advisory board of numerous colleges

and universities.

暂无出版社相关信息，正在全力查找中！

暂无相关书籍摘录，正在全力查找中！

在线阅读地址：Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)在线阅读

在线听书地址：Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)在线收听

在线购买地址：Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)在线购买

暂无原文赏析，正在全力查找中！

书籍介绍

The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources Reveals effective methods for evaluating the security and privacy practices of cloud services A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA) Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.