免费下载书籍地址:PDF下载地址
精美图片
Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)书籍详细信息
- ISBN:9780470874745
- 作者:暂无作者
- 出版社:暂无出版社
- 出版时间:2012-01
- 页数:206
- 价格:443.20
- 纸张:胶版纸
- 装帧:精装
- 开本:16开
- 语言:未知
- 丛书:暂无丛书
- TAG:暂无
- 豆瓣评分:暂无豆瓣评分
内容简介:
The auditor's guide to ensuring correct security and
privacy practices in a cloud computing environment
Many organizations are reporting or projecting a significant
cost savings through the use of cloud computing—utilizing shared
computing resources to provide ubiquitous access for organizations
and end users. Just as many organizations, however, are expressing
concern with security and privacy issues for their organization's
data in the "cloud." Auditing Cloud Computing provides
necessary guidance to build a proper audit to ensure operational
integrity and customer data protection, among other aspects, are
addressed for cloud based resources.
Provides necessary guidance to ensure auditors address security
and privacy aspects that through a proper audit can provide a
specified level of assurance for an organization's resources
Reveals effective methods for evaluating the security and
privacy practices of cloud services
A cloud computing reference for auditors and IT security
professionals, as well as those preparing for certification
credentials, such as Certified Information Systems Auditor
(CISA)
Timely and practical, Auditing Cloud Computing expertly
provides information to assist in preparing for an audit addressing
cloud computing security and privacy for both businesses and cloud
based service providers.
书籍目录:
Preface xiii
Chapter 1: Introduction to Cloud Computing
History
Defining Cloud Computing
Elasticity
Multitenancy
Economics
Abstraction
Cloud Computing Services Layers
Infrastructure as a Service
Platform as a Service
Software as a Service
Roles in Cloud Computing
Consumer
Provider
Integrator
Cloud Computing Deployment Models
Private
Community
Public
Hybrid
Challenges
Availability
Data Residency
Multitenancy
Performance
Data Evacuation
Supervisory Access
In Summary
Chapter 2: Cloud-Based IT Audit Process
The Audit Process
Control Frameworks for the Cloud
ENISA Cloud Risk Assessment
FedRAMP
Entities Using COBIT
CSA Guidance
CloudAudit/A6—The Automated Audit, Assertion, Assessment, and
Assurance API
Recommended Controls
Risk Management and Risk Assessment
Risk Management
Risk Assessment
Legal
In Summary
Chapter 3: Cloud-Based IT Governance
Governance in the Cloud
Understanding the Cloud
Security Issues in the Cloud
Abuse and Nefarious Use of Cloud Computing
Insecure Application Programming Interfaces
Malicious Insiders
Shared Technology Vulnerabilities
Data Loss/Leakage
Account, Service, and Traffic Hijacking
Unknown Risk Profile
Other Security Issues in the Cloud
Governance
IT Governance in the Cloud
Managing Service Agreements
Implementing and Maintaining Governance for Cloud Computing
Implementing Governance as a New Concept
Preliminary Tasks
Adopt a Governance Implementation Methodology
Extending IT Governance to the Cloud
In Summary
Chapter 4: System and Infrastructure Lifecycle Management for the
Cloud
Every Decision Involves Making a Tradeoff
Example: Business Continuity/Disaster Recovery
What about Policy and Process Collisions?
The System and Management Lifecycle Onion
Mapping Control Methodologies onto the Cloud
Information Technology Infrastructure Library
Control Objectives for Information and Related Technology
National Institute of Standards and Technology
Cloud Security Alliance
Verifying Your Lifecycle Management
Always Start with Compliance Governance
Verification Method
Illustrative Example
Risk Tolerance
Special Considerations for Cross-Cloud Deployments
The Cloud Provider’s Perspective
Questions That Matter
In Summary
Chapter 5: Cloud-Based IT Service Delivery and Support
Beyond Mere Migration
Architected to Share, Securely
Single-Tenant Offsite Operations
(Managed Service Providers)
Isolated-Tenant Application Services
(Application Service Providers)
Multitenant (Cloud) Applications and Platforms
Granular Privilege Assignment
Inherent Transaction Visibility
Centralized Community Creation
Coherent Customization
The Question of Location
Designed and Delivered for Trust
Fewer Points of Failure
Visibility and Transparency
In Summary
Chapter 6: Protection and Privacy of Information Assets in the
Cloud
The Three Usage Scenarios
What Is a Cloud? Establishing the Context—Defining Cloud
Solutions and their Characteristics
What Makes a Cloud Solution?
Understanding the Characteristics
Service Based
On-Demand Self-Service
Broad Network Access
Scalable and Elastic
Unpredictable Demand
Demand Servicing
Resource Pooling
Managed Shared Service
Auditability
Service Termination and Rollback
Charge by Quality of Service and Use
Capability to Monitor and Quantify Use
Monitor and Enforce Service Policies
Compensation for Location Independence
Multitenancy
Authentication and Authorization
Confidentiality
Integrity
Authenticity
Availability
Accounting and Control
Collaboration Oriented Architecture
Federated Access and ID Management
The Cloud Security Continuum and a Cloud Security Reference
Model
Cloud Characteristics, Data Classification, and Information
Lifecycle Management
Cloud Characteristics and Privacy and the Protection
of Information Assets
Information Asset Lifecycle and Cloud Models
Data Privacy in the Cloud
Data Classification in the Context of the Cloud
Regulatory and Compliance Implications
A Cloud Information Asset Protection and Privacy Playbook
In Summary
Chapter 7: Business Continuity and Disaster Recovery
Business Continuity Planning and Disaster Recovery
Planning Overview
Problem Statement
The Planning Process
The Auditor’s Role
Augmenting Traditional Disaster Recovery with Cloud Services
Cloud Computing and Disaster Recovery: New Issues to Consider
Cloud Computing Continuity
Audit Points to Emphasize
In Summary
Chapter 8: Global Regulation and Cloud Computing
What is Regulation?
Federal Information Security Management Act
Sarbanes-Oxley Law
Health Information Privacy Accountability Act
Graham/Leach/Bliley Act
Privacy Laws
Why Do Regulations Occur?
Some Key Takeaways
The Real World—A Mixing Bowl
Some Key Takeaways
The Regulation Story
Privacy
International Export Law and Interoperable Compliance
Effective Audit
Identifying Risk
In Summary
Chapter 9: Cloud Morphing: Shaping the Future of Cloud Computing
Security and Audit
Where Is the Data?
A Shift in Thinking
Cloud Security Alliance
CloudAudit 1.0
Cloud Morphing Strategies
Virtual Security
Data in the Cloud
Cloud Storage
Database Classes in the Cloud
Perimeter Security
Cryptographic Protection of the Data
In Summary
Appendix: Cloud Computing Audit Checklist
About the Editor
About the Contributors
Index
作者介绍:
BEN HALPERT, CISSP, is an information security
researcher and practitioner. He has keynoted and presented sessions
at numerous conferences and was a contributing author to
Readings and Cases in the Management of Information Security
and the Encyclopedia of Information Ethics and Security.
Halpert writes a monthly security column for Mobile Enterprise
magazine as well as an IT blog (www.benhalpert.com). He is also an
adjunct instructor and on the advisory board of numerous colleges
and universities.
出版社信息:
暂无出版社相关信息,正在全力查找中!
书籍摘录:
暂无相关书籍摘录,正在全力查找中!
在线阅读/听书/购买/PDF下载地址:
在线阅读地址:Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)在线阅读
在线听书地址:Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)在线收听
在线购买地址:Auditing Cloud Computing: A Security And Privacy Guide(ISBN=9780470874745)在线购买
原文赏析:
暂无原文赏析,正在全力查找中!
其它内容:
书籍介绍
The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources Reveals effective methods for evaluating the security and privacy practices of cloud services A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA) Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.
书籍真实打分
故事情节:9分
人物塑造:4分
主题深度:6分
文字风格:5分
语言运用:9分
文笔流畅:6分
思想传递:9分
知识深度:7分
知识广度:3分
实用性:8分
章节划分:7分
结构布局:5分
新颖与独特:7分
情感共鸣:7分
引人入胜:8分
现实相关:5分
沉浸感:8分
事实准确性:4分
文化贡献:4分
网站评分
书籍多样性:5分
书籍信息完全性:5分
网站更新速度:4分
使用便利性:5分
书籍清晰度:3分
书籍格式兼容性:6分
是否包含广告:4分
加载速度:5分
安全性:6分
稳定性:4分
搜索功能:3分
下载便捷性:6分
下载点评
- 微信读书(617+)
- 排版满分(677+)
- 全格式(432+)
- 无盗版(352+)
- 体验还行(413+)
- 体验好(243+)
- 字体合适(294+)
- 种类多(114+)
- 三星好评(190+)
- 强烈推荐(187+)
下载评价
网友 饶***丽:下载方式特简单,一直点就好了。
网友 仰***兰:喜欢!很棒!!超级推荐!
网友 寿***芳:可以在线转化哦
网友 苍***如:什么格式都有的呀。
网友 屠***好:还行吧。
网友 宫***凡:一般般,只能说收费的比免费的强不少。
网友 孔***旋:很好。顶一个希望越来越好,一直支持。
网友 田***珊:可以就是有些书搜不到
网友 冉***兮:如果满分一百分,我愿意给你99分,剩下一分怕你骄傲