Selamat datang di Scribd!

Cloud Computing IT Controls

Diunggah oleh

0% menganggap dokumen ini bermanfaat (0 suara)

56 tayangan6 halaman

This document outlines numerous IT security concerns regarding the use of cloud computing and questions for a cloud computing provider to address. The concerns cover issues such as data protection, identity management, physical security, availability, incident response, privacy, compliance with standards, and business continuity planning. The document seeks responses from a cloud provider to assure the customer that their security requirements and audit needs would be met.

Deskripsi Asli:

Hak Cipta

Format Tersedia

XLSX, PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai XLSX, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

56 tayangan6 halaman

Cloud Computing IT Controls

Diunggah oleh

sbudaa

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai XLSX, PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 6

Cari di dalam dokumen

IT Security Assessment of using Cloud Comput Control Area

Data Protection

Data on the Network

Vulnerability

Identity Management

Physical and personnel security

Availability

Incident response

Privacy

Business Continuity

Logs and audit trails

Compliance

Liability

Intellectual property End-of-service support

IT Security Assessment of using Cloud Computing Security Concerns

How do you separate my data from other customers' data? Where do you store my data? How strong is your encryption and data integrity? What kind of authentication and access control procedures are in place? Documentation for auditors specifying how you protect our data? What are your data leak prevention capabilities? (if applicable) Can you ensure that all my data is erased at the end of service? Can any third party (your service providers) access my data, and if so, how? Can you show evidence of your vulnerability management program? How often do you scan for vulnerabilities on your network and applications? Can I conduct an external vulnerability assessment on your network, and if so, how? What is your vulnerability remediation process? Can you integrate directly with my Development AD, and if so, how? How do you secure user IDs and access credentials? How do you handle user provisioning and deprovisioning Can you support SSO, and if so, which standards? Can you support federation, and if so, which standards? Is there restricted and monitored access to assets hosting my applications 24x7? If dedicated infrastructure is desired, can you ensure it is isolated? Do you perform background checks on all relevant personnel? How extensive? Do you document employee access to customer data? Have you gone through a SAS 70 audit, and if so, type I or type II? Can you share the audit result? Can you provide availability historical data? What is your downtime plan (e.g., service upgrade, patch, etc.)? What is your peak load, and do you have enough capacity for such a load? What is your procedure for handling a data breach? Can notification occur within a specified time period? In what format do notifications go out, and what info do they contain? How do you ensure that the vendors incident response procedures do not violate our own incident response requirements. Show me how you protect digital identities and credentials and use them in cloud applications. What data do you collect about me (logs, etc.)? How is it stored? How is the data used? How long will it be stored? Under what conditions might third parties, including government agencies, have access to my data? Can you guarantee that third-party access to shared logs and resources wont reveal critical information about my organization? Do you have any DR and BC planning documents, and if so, can we review them? Where are your recovery data centers located? What service-level guarantee can you offer under DR conditions? Can you accommodate timely forensic investigation Can we agree on provisions in the SLA for investigation? How long do you keep logs and audit trails? Can you keep them as long as we desire? Show evidence of tamper-proofing for logs and audit trails Are you SAS-70 compliant Are you ISO-27001 compliant

Are you PCI Compliant Are you Basil II Compliant What recourse actions (e.g., financial compensation, early exit of contracts, etc.) can we agree on in the event of a security incident or failure to meet Under what conditions . . . ? Can we stipulate in the SLA that all my data (or applications), including all replicated and redundant copies, are owned by me? Ensure that your service agreement does not lead you to relinquish any IP rights. Specify what the Amazon cloud will deliver at the end-of-service period.

Cloud Computing Response to Security Concerns

Anda mungkin juga menyukai

Cloud - Security - Checklist - 221216 - 134458
Dokumen8 halaman
Cloud - Security - Checklist - 221216 - 134458
Sumit Thatte
Belum ada peringkat
Security Architecture
Dokumen93 halaman
Security Architecture
Sapa
Belum ada peringkat
Introduction To Risk Management
Dokumen21 halaman
Introduction To Risk Management
Christine Ramil Eugenio
Belum ada peringkat
Internet Security Journal - Internet Security Principles by Obedience Munashe Kuguyo
Dokumen9 halaman
Internet Security Journal - Internet Security Principles by Obedience Munashe Kuguyo
Obedience Munashe Kuguyo
100% (15)
Websitehacking 170818085707
Dokumen180 halaman
Websitehacking 170818085707
amit tes
Belum ada peringkat
CSF 2.0 Organizational Profile Template Draft
Dokumen33 halaman
CSF 2.0 Organizational Profile Template Draft
Paul
Belum ada peringkat
Security Awareness Training
Dokumen25 halaman
Security Awareness Training
Daniel Idongesit
Belum ada peringkat
OWASP Security Culture-1.0
Dokumen26 halaman
OWASP Security Culture-1.0
Luiz Henrique Custódio
Belum ada peringkat
Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
Dari Everand
Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
Morey J. Haber
Belum ada peringkat
IoT in Manufacturing - GMAP Insider
Dokumen48 halaman
IoT in Manufacturing - GMAP Insider
mihirjayaraman
100% (1)
Meghna Reddy Kunta
Dokumen7 halaman
Meghna Reddy Kunta
asha bokade
Belum ada peringkat
Dominant Class
Dokumen7 halaman
Dominant Class
Anonymous BjZGGF2
Belum ada peringkat
Azure Penetration Testing Guide
Dokumen6 halaman
Azure Penetration Testing Guide
anantia
Belum ada peringkat
Technology Security Controls
Dokumen2 halaman
Technology Security Controls
renusai chitoori
Belum ada peringkat
Cloud IaaS - Security Considerations
Dokumen8 halaman
Cloud IaaS - Security Considerations
rajualr
Belum ada peringkat
1) Overview of The Cybersecurity Framework
Dokumen4 halaman
1) Overview of The Cybersecurity Framework
Arunim Aich
Belum ada peringkat
Regarding Alcohol/Drugs or Any Other Mind Altering Substances
Dokumen1 halaman
Regarding Alcohol/Drugs or Any Other Mind Altering Substances
aikramer
Belum ada peringkat
SIEM Process Flow
Dokumen1 halaman
SIEM Process Flow
hallarmemon
Belum ada peringkat
User Manual For ESP 12e Dev Kit
Dokumen17 halaman
User Manual For ESP 12e Dev Kit
Nathan Imig
100% (5)
ISO 270012005 Awareness
Dokumen37 halaman
ISO 270012005 Awareness
Tara Nondo
Belum ada peringkat
Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
Dokumen17 halaman
Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
Tina-Stewart
Belum ada peringkat
Data Leakage and Prevention
Dokumen27 halaman
Data Leakage and Prevention
Eco Frnd Nikhil Ch
Belum ada peringkat
Privileged Identity Management Best Practices PDF
Dokumen6 halaman
Privileged Identity Management Best Practices PDF
Prasad Kshirsagar
Belum ada peringkat
Bal 5
Dokumen4 halaman
Bal 5
Anonymous g8ysHPVlr1
Belum ada peringkat
Penetration Testing Training
Dokumen37 halaman
Penetration Testing Training
SaintMalik
Belum ada peringkat
Securosis Secrets Management JAN2018 FINAL
Dokumen20 halaman
Securosis Secrets Management JAN2018 FINAL
Salah Ayoubi
Belum ada peringkat
Cloud Computing Security Policy: Purpose
Dokumen4 halaman
Cloud Computing Security Policy: Purpose
Simone Giorgi
Belum ada peringkat
Introduction Aws Security
Dokumen13 halaman
Introduction Aws Security
Christian Bale
Belum ada peringkat
Cybersecurity Checklist: Hackercombat.c Om
Dokumen11 halaman
Cybersecurity Checklist: Hackercombat.c Om
Alberto Madrid
Belum ada peringkat
Version 9.1 MP Post Ref Guide Changes
Dokumen86 halaman
Version 9.1 MP Post Ref Guide Changes
Minh Phương
Belum ada peringkat
PCI DSS Quick Reference Guide: For Merchants and Other Entities Involved in Payment Card Processing
Dokumen40 halaman
PCI DSS Quick Reference Guide: For Merchants and Other Entities Involved in Payment Card Processing
Arturo De Lira Delgado
Belum ada peringkat
PRES PUBLIC v2 QualysGuard - Vulnerability - Management
Dokumen24 halaman
PRES PUBLIC v2 QualysGuard - Vulnerability - Management
Production First Floor
Belum ada peringkat
Cloud Computing Notes
Dokumen134 halaman
Cloud Computing Notes
Sohail Khan
Belum ada peringkat
OWASP Vulnerability Management Guide
Dokumen20 halaman
OWASP Vulnerability Management Guide
tarzi01
Belum ada peringkat
Owasp Top 10 Mobile Risks
Dokumen46 halaman
Owasp Top 10 Mobile Risks
AlfonsoGuzmanAlvarez
Belum ada peringkat
APAC Privacy - Australia - FINAL (2017!10!10)
Dokumen14 halaman
APAC Privacy - Australia - FINAL (2017!10!10)
Michael Rogers
Belum ada peringkat
BSI ISOIEC27001 Assessment Checklist UK en
Dokumen3 halaman
BSI ISOIEC27001 Assessment Checklist UK en
DanushkaPerera
Belum ada peringkat
Web Application Security Checklist V1
Dokumen4 halaman
Web Application Security Checklist V1
Md. Mehedi Hasan
Belum ada peringkat
Alpha Group Appsec Testing Propoal
Dokumen10 halaman
Alpha Group Appsec Testing Propoal
Indian Opinion
Belum ada peringkat
OWASP 2010 Top 10 Cheat Sheet
Dokumen2 halaman
OWASP 2010 Top 10 Cheat Sheet
obay_osman
Belum ada peringkat
Protect Your Organization From Ransomware
Dokumen1 halaman
Protect Your Organization From Ransomware
Esk Imou
Belum ada peringkat
Api Security
Dokumen5 halaman
Api Security
Na
Belum ada peringkat
Bsimm 12
Dokumen31 halaman
Bsimm 12
Adel 507
Belum ada peringkat
Security Policies 919
Dokumen14 halaman
Security Policies 919
questnvr73
Belum ada peringkat
AWS Cloud Security Checklist
Dokumen18 halaman
AWS Cloud Security Checklist
Nadeem Ahmed
Belum ada peringkat
API Security
Dokumen1 halaman
API Security
NITHISHKUMAR.S
Belum ada peringkat
Simplified: Security
Dokumen31 halaman
Simplified: Security
Alexandru Buruc
Belum ada peringkat
Privileged Access Manager Faq Generic
Dokumen8 halaman
Privileged Access Manager Faq Generic
HitachiID
Belum ada peringkat
Identity and Access Management 1
Dokumen6 halaman
Identity and Access Management 1
catudayja
Belum ada peringkat
IMP Penetration Test
Dokumen4 halaman
IMP Penetration Test
Mohamed A. Shishtawy
100% (1)
Annotated Bibliography and Definitions
Dokumen3 halaman
Annotated Bibliography and Definitions
Mallory Hytrek
Belum ada peringkat
FatimahAlghamdi 2022 Staticspeed Vunerability Report
Dokumen33 halaman
FatimahAlghamdi 2022 Staticspeed Vunerability Report
planeta zesk
Belum ada peringkat
Web Security
Dokumen60 halaman
Web Security
Bùi Thị Kiều
Belum ada peringkat
Design Principles: 1. Principle of Least Privilege
Dokumen3 halaman
Design Principles: 1. Principle of Least Privilege
ASHUTOSH SONI
Belum ada peringkat
Sophos MSP Pricing Jul2021 Latam
Dokumen113 halaman
Sophos MSP Pricing Jul2021 Latam
Danny Carrasco
Belum ada peringkat
CISSP ISSAP DomainRefresh
Dokumen8 halaman
CISSP ISSAP DomainRefresh
Ivan Kasparek
Belum ada peringkat
Dynamic Application Security Testing A Complete Guide - 2019 Edition
Dari Everand
Dynamic Application Security Testing A Complete Guide - 2019 Edition
Gerardus Blokdyk
Belum ada peringkat
Insider Threat Management A Complete Guide - 2020 Edition
Dari Everand
Insider Threat Management A Complete Guide - 2020 Edition
Gerardus Blokdyk
Belum ada peringkat
Overview of ISO 27K
Dokumen8 halaman
Overview of ISO 27K
Suhas Agawane
Belum ada peringkat
Email Security
Dokumen13 halaman
Email Security
pardeep bains
Belum ada peringkat
Ransomware Defense BDA
Dokumen55 halaman
Ransomware Defense BDA
Astana Zld
Belum ada peringkat
Ossec Manual
Dokumen195 halaman
Ossec Manual
jrangelsanchez
Belum ada peringkat
Info Sheet: Cloud Controls Matrix v3.0.1
Dokumen2 halaman
Info Sheet: Cloud Controls Matrix v3.0.1
Antonella Gonzalez
Belum ada peringkat
Lab Rats Inc.: Roject LAN
Dokumen38 halaman
Lab Rats Inc.: Roject LAN
api-542433757
Belum ada peringkat
ProxySG SWG Gen2 Initial Configuration Guide
Dokumen60 halaman
ProxySG SWG Gen2 Initial Configuration Guide
dbf75
Belum ada peringkat
Aamir Hussain Khan
Dokumen3 halaman
Aamir Hussain Khan
Muhammad Fahad
Belum ada peringkat
Dummy 123
Dokumen4 halaman
Dummy 123
ho ho ho
Belum ada peringkat
Module A: The FreeBSD System
Dokumen64 halaman
Module A: The FreeBSD System
Poornima Eg
Belum ada peringkat
4 Lerman
Dokumen2 halaman
4 Lerman
zzztimbo
Belum ada peringkat
Collaborate in Qlik Sense
Dokumen65 halaman
Collaborate in Qlik Sense
amine ennar
Belum ada peringkat
Operating Systems Lab DA-2: Assignment - 2
Dokumen16 halaman
Operating Systems Lab DA-2: Assignment - 2
Rishitej rao Kulakarni
Belum ada peringkat
PIC MikroBootloader Manual
Dokumen1 halaman
PIC MikroBootloader Manual
Mekkati Mekkati
Belum ada peringkat
WAGO Lighting Management 60396209 PDF
Dokumen24 halaman
WAGO Lighting Management 60396209 PDF
Serdar Aksoy
Belum ada peringkat
Dynamic Data Exchange
Dokumen3 halaman
Dynamic Data Exchange
Ahmed khaled mohamed seada
Belum ada peringkat
Ch01 - Introduction To Information Security
Dokumen52 halaman
Ch01 - Introduction To Information Security
TAN KIAN HON
Belum ada peringkat
Mern - Ducat
Dokumen6 halaman
Mern - Ducat
Cynthia Hr Radical Move
Belum ada peringkat
Debug 1214
Dokumen5 halaman
Debug 1214
Wahyu Saskara
Belum ada peringkat
Cyclomatic Complexity-Practice Questions
Dokumen11 halaman
Cyclomatic Complexity-Practice Questions
marrisha26
Belum ada peringkat
Reg
Dokumen2 halaman
Reg
loctranhoang
Belum ada peringkat
Beginner's Guide To Bitcoin Mining
Dokumen2 halaman
Beginner's Guide To Bitcoin Mining
Shareb Jafar
Belum ada peringkat
Siva Kumar
Dokumen5 halaman
Siva Kumar
Indresh Singh Saluja
Belum ada peringkat
Track 2 - NSQL Still Valuable Even in The Modern UX
Dokumen51 halaman
Track 2 - NSQL Still Valuable Even in The Modern UX
Vicente RJ
Belum ada peringkat
HPE MSA Gen6 Virtual Storage Technical Reference Guide-A00103247enw
Dokumen32 halaman
HPE MSA Gen6 Virtual Storage Technical Reference Guide-A00103247enw
Hernan Herrera
Belum ada peringkat
Module 1 Introduction - DBMS
Dokumen43 halaman
Module 1 Introduction - DBMS
Swathi Gudivada
Belum ada peringkat
CV VadimFink Eng PDF
Dokumen2 halaman
CV VadimFink Eng PDF
Anonymous OyxNZHsiw
Belum ada peringkat
Log
Dokumen9 halaman
Log
WIDIA NUR Azizah
Belum ada peringkat
MM TAXBRA Migracao Batch
Dokumen3 halaman
MM TAXBRA Migracao Batch
Márcio Nascimento
Belum ada peringkat
Gsa Lte Ecosystem Report 231112
Dokumen4 halaman
Gsa Lte Ecosystem Report 231112
Sunil Sharma
Belum ada peringkat
Clarion Max668rvd (ET)
Dokumen52 halaman
Clarion Max668rvd (ET)
Giovanni Manzolillo
Belum ada peringkat
8600-320 Workbook Air
Dokumen30 halaman
8600-320 Workbook Air
Mohammad Nazah
Belum ada peringkat