Information Technology Reference
In-Depth Information
4. Infrastructure Management
a. Capacity management
b. Database administration
c. Information system security management
d. Business continuity management
5. Quality management and assurance standards
6. Change management
7. Problem management
8. Project management
a. Performance management and indicators
9. Economic performance
10. Expense management and monitoring
The cloud policy decomposition for the audit component is recursive in that
the audit has to address the cloud system security policy, standards, guide-
lines, and procedures. It should also delineate the three basic types of con-
trols, which are preventive, detective, and corrective; and it should provide
the basis for a qualitative audit risk assessment that includes the following:
• Identification of all relevant assets
• Valuation of the assets
• Identification of threats
• Identification of regulatory requirements
• Identification of organizational risk requirements
• Identification of the likelihood of threat occurrence
• Definition of organizational entities or subgroupings
• Review of previous audits
• Determination of audit budget constraints
Users are greatly concerned about the legal framework for
enforcing cloud computing security. The cloud technology has
moved much faster than cloud security and privacy legislation,
so users have legitimate concerns regarding the ability to defend
their rights. Because the data centers of a cloud system may be located
in several countries, it is difficult to understand which laws apply—the
laws of the country where information is stored and processed, the
laws of the countries where the information crossed from the user to
the data center, or the laws of the country where the user is located.
Search WWH ::
Custom Search