You are previewing Auditing Cloud Computing: A Security and Privacy Guide.
O'Reilly logo
Auditing Cloud Computing: A Security and Privacy Guide

Book Description

The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment

Many organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.

  • Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources

  • Reveals effective methods for evaluating the security and privacy practices of cloud services

  • A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)

  • Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.

    Table of Contents

    1. Cover
    2. Title Page
    3. Copyright
    4. Dedication
    5. Preface
    6. Chapter 1: Introduction to Cloud Computing
      1. History
      2. Defining Cloud Computing
      3. Cloud Computing Services Layers
      4. Roles in Cloud Computing
      5. Cloud Computing Deployment Models
      6. Challenges
      7. In Summary
    7. Chapter 2: Cloud-Based IT Audit Process
      1. The Audit Process
      2. Control Frameworks for the Cloud
      3. Recommended Controls
      4. Risk Management and Risk Assessment
      5. In Summary
    8. Chapter 3: Cloud-Based IT Governance
      1. Governance in the Cloud
      2. Governance
      3. Implementing and Maintaining Governance for Cloud Computing
      4. In Summary
    9. Chapter 4: System and Infrastructure Lifecycle Management for the Cloud
      1. Every Decision Involves Making a Tradeoff
      2. What about Policy and Process Collisions?
      3. The System and Management Lifecycle Onion
      4. Mapping Control Methodologies onto the Cloud
      5. Verifying Your Lifecycle Management
      6. Risk Tolerance
      7. Special Considerations for Cross-Cloud Deployments
      8. The Cloud Provider's Perspective
      9. In Summary
    10. Chapter 5: Cloud-Based IT Service Delivery and Support
      1. Beyond Mere Migration
      2. Architected to Share, Securely
      3. The Question of Location
      4. Designed and Delivered for Trust
      5. In Summary
    11. Chapter 6: Protection and Privacy of Information Assets in the Cloud
      1. The Three Usage Scenarios
      2. What Is a Cloud? Establishing the Context—Defining Cloud Solutions and their Characteristics
      3. The Cloud Security Continuum and a Cloud Security Reference Model
      4. Cloud Characteristics, Data Classification, and Information Lifecycle Management
      5. Regulatory and Compliance Implications
      6. A Cloud Information Asset Protection and Privacy Playbook
      7. In Summary
    12. Chapter 7: Business Continuity and Disaster Recovery
      1. Business Continuity Planning and Disaster Recovery Planning Overview
      2. Augmenting Traditional Disaster Recovery with Cloud Services
      3. Cloud Computing and Disaster Recovery: New Issues to Consider
      4. In Summary
    13. Chapter 8: Global Regulation and Cloud Computing
      1. What is Regulation?
      2. Why Do Regulations Occur?
      3. The Real World—A Mixing Bowl
      4. The Regulation Story
      5. Effective Audit
      6. Identifying Risk
      7. In Summary
    14. Chapter 9: Cloud Morphing: Shaping the Future of Cloud Computing Security and Audit
      1. Where is the Data?
      2. A Shift in Thinking
      3. Cloud Morphing Strategies
      4. Data in the Cloud
      5. Cloud Storage
      6. Cryptographic Protection of the Data
      7. In Summary
    15. Appendix: Cloud Computing Audit Checklist
    16. About the Editor
    17. About the Contributors
    18. Index