{"product_id":"auditing-cloud-computing-a-security-and-privacy-guide-hardback-9780470874745","title":"Auditing Cloud Computing; A Security and Privacy Guide (Hardback) 9780470874745","description":"\u003cfont face=\"Georgia\"\u003e\r\n\u003cp\u003e\u003cfont size=\"6\"\u003eAuditing Cloud Computing\u003c\/font\u003e\u003cbr\u003e\r\n\u003cfont size=\"5\"\u003eA Security and Privacy Guide\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\r\n\r\n\r\n\u003cp\u003e\u003cfont size=\"4\"\u003eBen Halpert (Author)\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003e9780470874745, Wiley\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003eHardback, published 26 August 2011\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003e224 pages\u003cbr\u003e23.6 x 16 x 2.1 cm, 0.399 kg\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\r\n\r\n\u003cp align=\"justify\"\u003e\u003cem\u003e\u003cfont size=\"3\"\u003e\"To summarize, the book is a good review of the current situation in the field. Every CISO and CIO should be aware of the developments in the cloud regardless of the intention of actually implementing its use.\" (Blog.itgovernance.co.uk, April 2012)\u003c\/font\u003e\u003c\/em\u003e\u003c\/p\u003e\r\n\r\n\u003cp align=\"justify\"\u003e\u003cstrong\u003e\u003cfont size=\"3\"\u003e\u003cb\u003eThe auditor's guide to ensuring correct security and privacy practices in a cloud computing environment\u003c\/b\u003e  \u003cp\u003eMany organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the \"cloud.\" \u003ci\u003eAuditing Cloud Computing\u003c\/i\u003e provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eProvides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources\u003c\/li\u003e \u003cli\u003eReveals effective methods for evaluating the security and privacy practices of cloud services\u003c\/li\u003e \u003cli\u003eA cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA)\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eTimely and practical, \u003ci\u003eAuditing Cloud Computing\u003c\/i\u003e expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.\u003c\/p\u003e\u003c\/font\u003e\u003c\/strong\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003ePreface xiii  \u003cp\u003e\u003cb\u003eChapter 1: Introduction to Cloud Computing 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHistory 1\u003c\/p\u003e \u003cp\u003eDefining Cloud Computing 2\u003c\/p\u003e \u003cp\u003eElasticity 2\u003c\/p\u003e \u003cp\u003eMultitenancy 3\u003c\/p\u003e \u003cp\u003eEconomics 3\u003c\/p\u003e \u003cp\u003eAbstraction 3\u003c\/p\u003e \u003cp\u003eCloud Computing Services Layers 4\u003c\/p\u003e \u003cp\u003eInfrastructure as a Service 5\u003c\/p\u003e \u003cp\u003ePlatform as a Service 5\u003c\/p\u003e \u003cp\u003eSoftware as a Service 6\u003c\/p\u003e \u003cp\u003eRoles in Cloud Computing 6\u003c\/p\u003e \u003cp\u003eConsumer 6\u003c\/p\u003e \u003cp\u003eProvider 6\u003c\/p\u003e \u003cp\u003eIntegrator 7\u003c\/p\u003e \u003cp\u003eCloud Computing Deployment Models 8\u003c\/p\u003e \u003cp\u003ePrivate 8\u003c\/p\u003e \u003cp\u003eCommunity 8\u003c\/p\u003e \u003cp\u003ePublic 9\u003c\/p\u003e \u003cp\u003eHybrid 9\u003c\/p\u003e \u003cp\u003eChallenges 9\u003c\/p\u003e \u003cp\u003eAvailability 10\u003c\/p\u003e \u003cp\u003eData Residency 10\u003c\/p\u003e \u003cp\u003eMultitenancy 11\u003c\/p\u003e \u003cp\u003ePerformance 11\u003c\/p\u003e \u003cp\u003eData Evacuation 12\u003c\/p\u003e \u003cp\u003eSupervisory Access 12\u003c\/p\u003e \u003cp\u003eIn Summary 13\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Cloud-Based IT Audit Process 15\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Audit Process 16\u003c\/p\u003e \u003cp\u003eControl Frameworks for the Cloud 18\u003c\/p\u003e \u003cp\u003eENISA Cloud Risk Assessment 20\u003c\/p\u003e \u003cp\u003eFedRAMP 20\u003c\/p\u003e \u003cp\u003eEntities Using COBIT 21\u003c\/p\u003e \u003cp\u003eCSA Guidance 21\u003c\/p\u003e \u003cp\u003eCloudAudit\/A6—The Automated Audit, Assertion, Assessment, and Assurance API 22\u003c\/p\u003e \u003cp\u003eRecommended Controls 22\u003c\/p\u003e \u003cp\u003eRisk Management and Risk Assessment 26\u003c\/p\u003e \u003cp\u003eRisk Management 27\u003c\/p\u003e \u003cp\u003eRisk Assessment 27\u003c\/p\u003e \u003cp\u003eLegal 28\u003c\/p\u003e \u003cp\u003eIn Summary 29\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: Cloud-Based IT Governance 33\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGovernance in the Cloud 36\u003c\/p\u003e \u003cp\u003eUnderstanding the Cloud 36\u003c\/p\u003e \u003cp\u003eSecurity Issues in the Cloud 37\u003c\/p\u003e \u003cp\u003eAbuse and Nefarious Use of Cloud Computing 38\u003c\/p\u003e \u003cp\u003eInsecure Application Programming Interfaces 39\u003c\/p\u003e \u003cp\u003eMalicious Insiders 39\u003c\/p\u003e \u003cp\u003eShared Technology Vulnerabilities 39\u003c\/p\u003e \u003cp\u003eData Loss\/Leakage 40\u003c\/p\u003e \u003cp\u003eAccount, Service, and Traffic Hijacking 40\u003c\/p\u003e \u003cp\u003eUnknown Risk Profile 40\u003c\/p\u003e \u003cp\u003eOther Security Issues in the Cloud 41\u003c\/p\u003e \u003cp\u003eGovernance 41\u003c\/p\u003e \u003cp\u003eIT Governance in the Cloud 44\u003c\/p\u003e \u003cp\u003eManaging Service Agreements 44\u003c\/p\u003e \u003cp\u003eImplementing and Maintaining Governance for Cloud Computing 46\u003c\/p\u003e \u003cp\u003eImplementing Governance as a New Concept 46\u003c\/p\u003e \u003cp\u003ePreliminary Tasks 46\u003c\/p\u003e \u003cp\u003eAdopt a Governance Implementation Methodology 48\u003c\/p\u003e \u003cp\u003eExtending IT Governance to the Cloud 49\u003c\/p\u003e \u003cp\u003eIn Summary 52\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: System and Infrastructure Lifecycle Management for the Cloud 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEvery Decision Involves Making a Tradeoff 57\u003c\/p\u003e \u003cp\u003eExample: Business Continuity\/Disaster Recovery 59\u003c\/p\u003e \u003cp\u003eWhat about Policy and Process Collisions? 60\u003c\/p\u003e \u003cp\u003eThe System and Management Lifecycle Onion 61\u003c\/p\u003e \u003cp\u003eMapping Control Methodologies onto the Cloud 62\u003c\/p\u003e \u003cp\u003eInformation Technology Infrastructure Library 63\u003c\/p\u003e \u003cp\u003eControl Objectives for Information and Related Technology 64\u003c\/p\u003e \u003cp\u003eNational Institute of Standards and Technology 65\u003c\/p\u003e \u003cp\u003eCloud Security Alliance 66\u003c\/p\u003e \u003cp\u003eVerifying Your Lifecycle Management 67\u003c\/p\u003e \u003cp\u003eAlways Start with Compliance Governance 67\u003c\/p\u003e \u003cp\u003eVerification Method 68\u003c\/p\u003e \u003cp\u003eIllustrative Example 70\u003c\/p\u003e \u003cp\u003eRisk Tolerance 72\u003c\/p\u003e \u003cp\u003eSpecial Considerations for Cross-Cloud Deployments 73\u003c\/p\u003e \u003cp\u003eThe Cloud Provider’s Perspective 74\u003c\/p\u003e \u003cp\u003eQuestions That Matter 75\u003c\/p\u003e \u003cp\u003eIn Summary 76\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Cloud-Based IT Service Delivery and Support 79\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBeyond Mere Migration 80\u003c\/p\u003e \u003cp\u003eArchitected to Share, Securely 80\u003c\/p\u003e \u003cp\u003eSingle-Tenant Offsite Operations (Managed Service Providers) 81\u003c\/p\u003e \u003cp\u003eIsolated-Tenant Application Services (Application Service Providers) 81\u003c\/p\u003e \u003cp\u003eMultitenant (Cloud) Applications and Platforms 82\u003c\/p\u003e \u003cp\u003eGranular Privilege Assignment 82\u003c\/p\u003e \u003cp\u003eInherent Transaction Visibility 84\u003c\/p\u003e \u003cp\u003eCentralized Community Creation 86\u003c\/p\u003e \u003cp\u003eCoherent Customization 88\u003c\/p\u003e \u003cp\u003eThe Question of Location 90\u003c\/p\u003e \u003cp\u003eDesigned and Delivered for Trust 91\u003c\/p\u003e \u003cp\u003eFewer Points of Failure 91\u003c\/p\u003e \u003cp\u003eVisibility and Transparency 93\u003c\/p\u003e \u003cp\u003eIn Summary 93\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Protection and Privacy of Information Assets in the Cloud 97\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Three Usage Scenarios 99\u003c\/p\u003e \u003cp\u003eWhat Is a Cloud? Establishing the Context—Defining Cloud Solutions and their Characteristics 100\u003c\/p\u003e \u003cp\u003eWhat Makes a Cloud Solution? 101\u003c\/p\u003e \u003cp\u003eUnderstanding the Characteristics 104\u003c\/p\u003e \u003cp\u003eService Based 104\u003c\/p\u003e \u003cp\u003eOn-Demand Self-Service 104\u003c\/p\u003e \u003cp\u003eBroad Network Access 104\u003c\/p\u003e \u003cp\u003eScalable and Elastic 105\u003c\/p\u003e \u003cp\u003eUnpredictable Demand 105\u003c\/p\u003e \u003cp\u003eDemand Servicing 105\u003c\/p\u003e \u003cp\u003eResource Pooling 105\u003c\/p\u003e \u003cp\u003eManaged Shared Service 105\u003c\/p\u003e \u003cp\u003eAuditability 105\u003c\/p\u003e \u003cp\u003eService Termination and Rollback 106\u003c\/p\u003e \u003cp\u003eCharge by Quality of Service and Use 106\u003c\/p\u003e \u003cp\u003eCapability to Monitor and Quantify Use 106\u003c\/p\u003e \u003cp\u003eMonitor and Enforce Service Policies 107\u003c\/p\u003e \u003cp\u003eCompensation for Location Independence 107\u003c\/p\u003e \u003cp\u003eMultitenancy 107\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization 108\u003c\/p\u003e \u003cp\u003eConfidentiality 108\u003c\/p\u003e \u003cp\u003eIntegrity 108\u003c\/p\u003e \u003cp\u003eAuthenticity 108\u003c\/p\u003e \u003cp\u003eAvailability 108\u003c\/p\u003e \u003cp\u003eAccounting and Control 109\u003c\/p\u003e \u003cp\u003eCollaboration Oriented Architecture 109\u003c\/p\u003e \u003cp\u003eFederated Access and ID Management 109\u003c\/p\u003e \u003cp\u003eThe Cloud Security Continuum and a Cloud Security Reference Model 110\u003c\/p\u003e \u003cp\u003eCloud Characteristics, Data Classification, and Information Lifecycle Management 113\u003c\/p\u003e \u003cp\u003eCloud Characteristics and Privacy and the Protection of Information Assets 113\u003c\/p\u003e \u003cp\u003eInformation Asset Lifecycle and Cloud Models 114\u003c\/p\u003e \u003cp\u003eData Privacy in the Cloud 118\u003c\/p\u003e \u003cp\u003eData Classification in the Context of the Cloud 119\u003c\/p\u003e \u003cp\u003eRegulatory and Compliance Implications 119\u003c\/p\u003e \u003cp\u003eA Cloud Information Asset Protection and Privacy Playbook 121\u003c\/p\u003e \u003cp\u003eIn Summary 124\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Business Continuity and Disaster Recovery 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBusiness Continuity Planning and Disaster Recovery Planning Overview 129\u003c\/p\u003e \u003cp\u003eProblem Statement 130\u003c\/p\u003e \u003cp\u003eThe Planning Process 131\u003c\/p\u003e \u003cp\u003eThe Auditor’s Role 133\u003c\/p\u003e \u003cp\u003eAugmenting Traditional Disaster Recovery with Cloud Services 135\u003c\/p\u003e \u003cp\u003eCloud Computing and Disaster Recovery: New Issues to Consider 136\u003c\/p\u003e \u003cp\u003eCloud Computing Continuity 136\u003c\/p\u003e \u003cp\u003eAudit Points to Emphasize 138\u003c\/p\u003e \u003cp\u003eIn Summary 139\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Global Regulation and Cloud Computing 143\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is Regulation? 144\u003c\/p\u003e \u003cp\u003eFederal Information Security Management Act 146\u003c\/p\u003e \u003cp\u003eSarbanes-Oxley Law 146\u003c\/p\u003e \u003cp\u003eHealth Information Privacy Accountability Act 146\u003c\/p\u003e \u003cp\u003eGraham\/Leach\/Bliley Act 147\u003c\/p\u003e \u003cp\u003ePrivacy Laws 147\u003c\/p\u003e \u003cp\u003eWhy Do Regulations Occur? 148\u003c\/p\u003e \u003cp\u003eSome Key Takeaways 149\u003c\/p\u003e \u003cp\u003eThe Real World—A Mixing Bowl 149\u003c\/p\u003e \u003cp\u003eSome Key Takeaways 151\u003c\/p\u003e \u003cp\u003eThe Regulation Story 151\u003c\/p\u003e \u003cp\u003ePrivacy 153\u003c\/p\u003e \u003cp\u003eInternational Export Law and Interoperable Compliance 154\u003c\/p\u003e \u003cp\u003eEffective Audit 155\u003c\/p\u003e \u003cp\u003eIdentifying Risk 156\u003c\/p\u003e \u003cp\u003eIn Summary 156\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Cloud Morphing: Shaping the Future of Cloud Computing Security and Audit 161\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhere Is the Data? 162\u003c\/p\u003e \u003cp\u003eA Shift in Thinking 164\u003c\/p\u003e \u003cp\u003eCloud Security Alliance 165\u003c\/p\u003e \u003cp\u003eCloudAudit 1.0 166\u003c\/p\u003e \u003cp\u003eCloud Morphing Strategies 166\u003c\/p\u003e \u003cp\u003eVirtual Security 167\u003c\/p\u003e \u003cp\u003eData in the Cloud 168\u003c\/p\u003e \u003cp\u003eCloud Storage 169\u003c\/p\u003e \u003cp\u003eDatabase Classes in the Cloud 171\u003c\/p\u003e \u003cp\u003ePerimeter Security 171\u003c\/p\u003e \u003cp\u003eCryptographic Protection of the Data 172\u003c\/p\u003e \u003cp\u003eIn Summary 173\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix: Cloud Computing Audit Checklist 175\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAbout the Editor 181\u003c\/p\u003e \u003cp\u003eAbout the Contributors 183\u003c\/p\u003e \u003cp\u003eIndex 191\u003c\/p\u003e\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003eSubject Areas: Finance \u0026amp; accounting [\u003ca title=\"See our other books on Finance \u0026amp; accounting\" href=\"https:\/\/freshlyprintedbooks.co.uk\/search?q=%22Finance%20\u0026amp;%20accounting%20%5BKF%5D%22\"\u003eKF\u003c\/a\u003e]\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\r\n\u003c\/font\u003e","brand":"Wiley","offers":[{"title":"Brand New","offer_id":52278058058008,"sku":"9780470874745","price":34.29,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0730\/2037\/5320\/files\/9780470874745.jpg?v=1781457781","url":"https:\/\/freshlyprintedbooks.co.uk\/products\/auditing-cloud-computing-a-security-and-privacy-guide-hardback-9780470874745","provider":"Freshly Printed Books","version":"1.0","type":"link"}