Auditing Cloud Computing: A Security And Privacy Guide
商品資訊
系列名:Wiley Corporate F&A
ISBN13:9780470874745
出版社:John Wiley & Sons Inc
作者:Halpert
出版日:2011/07/15
裝訂/頁數:精裝/224頁
規格:23.5cm*15.9cm*2.5cm (高/寬/厚)
商品簡介
Many organizations are reporting or projecting a significant cost savings through the use of cloud computingutilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.
- Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources
- Reveals effective methods for evaluating the security and privacy practices of cloud services
- A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)
Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.
作者簡介
目次
Acknowledgements.
Chapter 1 Introduction to Cloud Computing.
History.
Defining Cloud Computing.
Cloud Computing Services Layers.
Roles in Cloud Computing.
Cloud Computing Deployment Models.
Challenges.
In Summary.
Chapter 2 Cloud Based IT Audit Process.
The Audit Process.
Control Frameworks for the Cloud.
Recommended Controls.
Risk Management and Risk Assessment.
In Summary.
Chapter 3 Cloud Based IT Governance.
Governance in the Cloud.
Understanding the Cloud.
Security Issues in the Cloud.
Governance.
IT Governance in the Cloud.
Implementing and Maintaining Governance for cloud Computing.
Implementing Governance as a New Concept.
In Summary.
Chapter 4 System and Infrastructure Lifecycle Management for the Cloud.
Every Decision Involves Making a Tradeoff.
Example: business continuity/disaster recovery.
What about Policy and Process Collisions?
The System and Management Lifecycle Onion.
Mapping Control Methodologies onto the Cloud.
ITIL.
COBIT.
NIST.
CSA.
Verifying Your Lifecycle Management.
Always Start with Compliance Governance.
Verification Method.
Illustrative Example
Risk Tolerance.
Special Considerations for Cross-Cloud Deployments.
The Cloud Provider's Perspective.
Questions that Matter.
In Summary.
Chapter 5 Cloud-Based IT Service Delivery and Support.
Beyond Mere Migration.
Architected to Share, Securely.
Single-Tenant Offsite Operations (Managed Service Providers).
Isolated-Tenant Application Services (Application Service Providers).
Multi-Tenant (“Cloud”) Applications & Platforms.
The Question of Location.
Designed and Delivered for Trust.
Fewer Points of Failure.
Visibility and Transparency.
In Summary.
Chapter 6 Protection and Privacy of Information Assets in the Cloud.
The 3 Usage Scenarios.
What is a Cloud? Establishing the Context – Defining Cloud Solutions and their Characteristics.
What Makes a Cloud Solution?
Understanding the Characteristics.
The Cloud Security Continuum and a Cloud Security Reference Model.
Cloud Characteristics, Data Classification and Information Lifecycle Management.
Cloud Characteristics and Privacy and the Protection of Information Assets.
Information Asset Lifecycle and Cloud Models.
Data Privacy in the Cloud.
Data Classification in the context of the cloud.
Regulatory and Compliance implications.
A Cloud Information Asset Protection and Privacy Playbook.
In Summary.
Chapter 7 Business Continuity and Disaster Recovery.
Business Continuity Planning and Disaster Recovery Planning Overview.
Problem Statement.
The Planning Process.
Augmenting Traditional Disaster Recovery with Cloud Services.
Cloud Computing and Disaster Recovery: New Issues to Consider.
Cloud Computing Continuity.
Audit Points to Emphasize.
In Summary.
Chapter 8 Global Regulation and Cloud Computing.
What is Regulation?
FISMA – Federal Information Security Management Act.
SOX – Sarbanes/Oxley Law.
HIPAA – Health Information Privacy Accountability Act.
GLBA – Graham/Leach/Bliley Act.
Privacy Laws.
Why do Regulations Occur?
Some Key Takeaways.
The Real World – A Mixing Bowl.
Some Key Takeaways.
The Regulation Story.
Privacy.
International Export law and Interoperable Compliance.
Effective Audit.
Identifying Risk.
In Summary.
Chapter 9 Cloud Morphing.
Shaping the Future of Cloud Computing Security and Audit.
Where is the Data?
A Shift in Thinking.
Cloud Security Alliance (CSA).
CloudAudit 1.0.
Cloud Morphing Strategies.
Virtual Security.
Data in the Cloud.
Cloud Storage.
Database Classes in the Cloud.
Perimeter Security.
Cryptographic Protection of the Data.
In Summary.
Appendix Checklist.
About the Editor.
About the Contributors.
Index.
主題書展
更多書展今日66折
您曾經瀏覽過的商品
購物須知
外文書商品之書封,為出版社提供之樣本。實際出貨商品,以出版社所提供之現有版本為主。部份書籍,因出版社供應狀況特殊,匯率將依實際狀況做調整。
無庫存之商品,在您完成訂單程序之後,將以空運的方式為你下單調貨。為了縮短等待的時間,建議您將外文書與其他商品分開下單,以獲得最快的取貨速度,平均調貨時間為1~2個月。
為了保護您的權益,「三民網路書店」提供會員七日商品鑑賞期(收到商品為起始日)。
若要辦理退貨,請在商品鑑賞期內寄回,且商品必須是全新狀態與完整包裝(商品、附件、發票、隨貨贈品等)否則恕不接受退貨。