This question concerns auditing a cloud computing deployment that uses the publi

Question

This question concerns auditing a cloud computing deployment that uses the public model. 1.Explain the role auditing plays in the context of achieving trustworthy systems. 2.Explain the complexities of auditing a cloud computing deployment that uses the public model? 3.Analyze the degree to which auditing tools and procedures used in cloud computing (especially with respect to the public model) produce trustworthy audits? What recommendations have experts made to improve these public cloud auditing tools and procedures?

Explanation / Answer

SOLUTION 1:

The part auditing plays in the context of achieving trustworthy systems are :

Building security checkpoints all through the item and engineering arrangement i.e. architecture solution development lifecycle
Designing items or product to meet perceived global security guidelines, inside a protected store network, prepare or secure supply chain process .
Providing timely patches & updates to maintain trustworthiness and adherence to norms all through an item or product lifecycles.
Collaborating with different organizations and establishments over the business in the regions of danger knowledge, episode reaction, and advancement of always intense and powerful measures.

-------------------------------------------------------------------------------------------------------------------------------------------

SOLUTION 2:

A disruptive technology , similar to distributed computing, can affect "how" to review

• Understanding the extent of the computing environment
– Do you utilize an indistinguishable lattice for open mists from for private mists? (inner versus outside)
– The idea of an edge in a multi-inhabitant environment doesn't bode well any longer
– Where does the cloud begin and stop?

• Can your present hazard evaluation catch the dangers accurately?

• Sample determination
– What is the widespread populace from which to pick an example from?
– What might your example determination approach be in a very dynamic environment?
– A preview in time may depend if it's a high or low pinnacle point in time

• Audit trails
– How would you "test" authentic information if there was no review trail?

• Other

– Educating the review panel
– Overcoming inside obstructions confining the early contribution of inward review as a 'hazard counsel' to the business and IT.

----------------------------------------------------------------------------------------------------------------------------------

SOLUTION 3:

— Footnote 1 of TSP segment 100, Trust Services Principles, Criteria,
what's more, Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy contains the accompanying meaning of a framework:
• A framework /SYSTEM comprises of five key parts sorted out to accomplish a predefined objective. The five parts are arranged as takes after:
o Infrastructure — The physical and equipment segments of a framework (offices, hardware, and systems)
o Software — The projects and working programming of a framework (frameworks, applications, and utilities)
o People — The workforce required in the operation and utilization of a framework (engineers, administrators, clients, and directors)
o Procedures — The robotized and manual systems required in the operation of a framework
o Data — The data utilized and bolstered by a framework (exchange streams, records, databases, and tables).

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.