Cloud AuditingAmazon.com’s AWS,Terremark, Inc. &Cloud Security Alliance’s Star Registry       Valdez Ladd, MBA, MS ISM, CI...
Which Service Model?“Software as a service (or SaaS) is a way of delivering applicationsover the Internet—as a service.Ins...
Which Service Model?
AWS Security and     Compliance CenterAPPENDIX A – CSA CONSENSUS ASSESSMENTS      INITIATIVE QUESTIONNAIRE V1.1
AWS Security and Compliance Centerhttp://aws.amazon.com/security/#features              pages 15-38
AWS Security and     Compliance CenterAPPENDIX A – CSA CONSENSUS ASSESSMENTS      INITIATIVE QUESTIONNAIRE V1.1
Cloud Security Alliance’sCloud Controls Matrix v1.3         09/20/2012
TERREMARKEnterprise-class IT with Data centers inNorth America, Latin America, Europe      and the Asia-Pacific region
TerreMark
Cloud Security Alliance’sCloud Controls Matrix v1.3
CLOUD AUDIT & IT SERVICE MANAGEMENT         (ITIL to the Rescue?)
Questions?                         By Valdez Ladd,               MBA, MS ISM, CISSP, CISA                       Education ...
Cloud Audit - InfoSecCon ISSA Raleigh,NC 2012
Upcoming SlideShare
Loading in …5
×

Cloud Audit - InfoSecCon ISSA Raleigh,NC 2012

604 views
539 views

Published on

Cloud Audit tools was Valdez Ladd's Flash (15 minute) presentation for the InfoSecCon conference hosted by the ISSA Raleigh, NC chapter on October 18, 2012. Its goal was to bring awareness for IT security auditors and administrators on how to conduct cloud assessments without re-inventing the security processes and procedures theme selves.
Too often this is a reactive process with little funding and even less time for IT security and audit professionals to insure that corporate integrity, availability and privacy are properly accounted for, authorized and merged within the business processes that enable the corporation's business strategy.

The main tools for this were the Cloud Security Alliance's STAR Registry and their Control Matrix to map audit requirements for cloud computing projects within the corporation. A final area was that cloud service providers are often using ITIL service framework for service operations and that it provided a common language to map cloud services operations and cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS and IaaS to

The two primary use cases were Amazon.com's EC2 (elastic cloud compute)and storage along with Verizon, Inc.'s Terremark Infrastructure and Cloud Services.


LEGEND OF ABBREVIATION:

SaaS (Software as a Service)
PaaS (Platform as a Service}
IaaS (Infrastructure as a Service)
Information Technology Infrastructure Library (ITIL)

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
604
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cloud Audit - InfoSecCon ISSA Raleigh,NC 2012

  1. 1. Cloud AuditingAmazon.com’s AWS,Terremark, Inc. &Cloud Security Alliance’s Star Registry Valdez Ladd, MBA, MS ISM, CISSP, CISA
  2. 2. Which Service Model?“Software as a service (or SaaS) is a way of delivering applicationsover the Internet—as a service.Instead of installing and maintaining software, you simply access it viathe Internet, freeing yourself from complex software and hardwaremanagement.”www.salesforce.com
  3. 3. Which Service Model?
  4. 4. AWS Security and Compliance CenterAPPENDIX A – CSA CONSENSUS ASSESSMENTS INITIATIVE QUESTIONNAIRE V1.1
  5. 5. AWS Security and Compliance Centerhttp://aws.amazon.com/security/#features pages 15-38
  6. 6. AWS Security and Compliance CenterAPPENDIX A – CSA CONSENSUS ASSESSMENTS INITIATIVE QUESTIONNAIRE V1.1
  7. 7. Cloud Security Alliance’sCloud Controls Matrix v1.3 09/20/2012
  8. 8. TERREMARKEnterprise-class IT with Data centers inNorth America, Latin America, Europe and the Asia-Pacific region
  9. 9. TerreMark
  10. 10. Cloud Security Alliance’sCloud Controls Matrix v1.3
  11. 11. CLOUD AUDIT & IT SERVICE MANAGEMENT (ITIL to the Rescue?)
  12. 12. Questions? By Valdez Ladd, MBA, MS ISM, CISSP, CISA Education Director ISSA Raleigh, NC chapter www.linkedin.com/in/valdezladd Twitter: valdez_zoro

×