Information Technology Reference
In-Depth Information
TABLE 19.2
Cloud Computing Provisioning IT Certification Standards
Standard
Remit
Control Objectives for Information
and Related Technology (COBIT)
A set of process declarations that describe how IT
should be managed by an organization.
National Institute of Standards and
Testing (NIST) SP 800-53
The quality assurance of secure information provision
to US government agencies, being audited against the
Federal Information Security Management Act
(FIMSA).
Federal Risk and Authorization
Management Program
(FedRAMP)
Quality assurance is achieved by collectively achieving
multiple certifications that are compliant with FIMSA.
This is intended for large IT infrastructures where
compliance can be a largely repetitive process.
ISO/IEC 27001:2005—Information
Technology, security techniques,
information security management
systems—requirements
Security controls to assure the quality of information
service provision.
Statement on Standards for
Attestation Engagements (SSAE)
No. 16, Reporting on Controls at a
Service Organization
This standard supersedes the Statement on Auditing
Standards (SAS) No. 70. Service Organizations. SSAE
16 describes controls for organizations that provide
services to users, including an assessment of the
reliability and consistency of process execution.
Generally Accepted Privacy
Principles (GAPP)
This standard is primarily concerned with information
privacy policies and practices.
19.8 Summary
This chapter dealt with the security characteristics and challenges of cloud
computing environments. The chapter started with an introduction to the
requirements of governance and security for an enterprise. It described the
various dimensions of security essential for an enterprise followed by a pri-
ority list of security concerns related to the operations of cloudware appli-
cations. The later part of the chapter briefly sketched aspects of security
solutions at the Operating System (OS) and Virtual Machine (VM) levels. In
the end, it described issues related to the assessment and selection of a cloud
service provider (CSP).
Search WWH ::
Custom Search