Be the first to like this
Cloud Audit tools was Valdez Ladd's Flash (15 minute) presentation for the InfoSecCon conference hosted by the ISSA Raleigh, NC chapter on October 18, 2012. Its goal was to bring awareness for IT security auditors and administrators on how to conduct cloud assessments without re-inventing the security processes and procedures theme selves.
Too often this is a reactive process with little funding and even less time for IT security and audit professionals to insure that corporate integrity, availability and privacy are properly accounted for, authorized and merged within the business processes that enable the corporation's business strategy.
The main tools for this were the Cloud Security Alliance's STAR Registry and their Control Matrix to map audit requirements for cloud computing projects within the corporation. A final area was that cloud service providers are often using ITIL service framework for service operations and that it provided a common language to map cloud services operations and cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS and IaaS to
The two primary use cases were Amazon.com's EC2 (elastic cloud compute)and storage along with Verizon, Inc.'s Terremark Infrastructure and Cloud Services.
LEGEND OF ABBREVIATION:
SaaS (Software as a Service)
PaaS (Platform as a Service}
IaaS (Infrastructure as a Service)
Information Technology Infrastructure Library (ITIL)