Information Technology Reference
In-Depth Information
5.
Conidentiality
: Cloud requirements for confidentiality are con-
cerned with protecting data during transfers between entities. A
policy defines the requirements for ensuring the confidentiality of
data by preventing unauthorized disclosure of information being
sent between two end points. The policy should specify who can
exchange information and what type of data can be exchanged.
Related issues include intellectual property rights, access control,
encryption, inference, anonymity, and covert channels. These pol-
icy statements should translate into requirements that address the
following:
a. Mechanisms that should be applied to enforce authorization
b. What form of information is provided to the user and what the
user can view
c. The means of identity establishment
d.
What other types of confidentiality utilities should be used
6.
Auditing
: Cloud requirements for auditing include the following:
a. Determination of the audit's scope
b.
Determination of the audit's objectives
c. Validation of the audit plan
d.
Identification of necessary resources
e.
Conduct of the audit
f.
Documentation of the audit
g.
Validation of the audit results
h. Report of final results
The audit should also consider organizational characteristics such as super-
visory issues, institutional ethics, compensation policies, organizational
history, and the business environment. In particular, the following ele-
ments of the cloud system management should be considered:
1. Organizational roles and responsibilities
a. Separation of duties
2. IS management
a. Qualifications of IS staff
b.
IS training
3. Third party-provided services
a. Managing of contracts
b.
Service-level agreements (SLAs)
Search WWH ::
Custom Search