Auditing cloud computing : a security and privacy guide / (Record no. 205241)
[ view plain ]
000 -LEADER | |
---|---|
fixed length control field | 08214cam a2200757Ia 4500 |
001 - CONTROL NUMBER | |
control field | ocn747412460 |
003 - CONTROL NUMBER IDENTIFIER | |
control field | OCoLC |
005 - DATE AND TIME OF LATEST TRANSACTION | |
control field | 20171116112940.0 |
006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS | |
fixed length control field | m o d |
007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
fixed length control field | cr cn||||||||| |
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
fixed length control field | 110418s2011 njua ob 001 0 eng d |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9781118269091 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 1118269098 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9781118116036 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 1118116038 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9781118116043 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 1118116046 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9781118116029 |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 111811602X |
Qualifying information | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
Canceled/invalid ISBN | 9780470874745 |
Qualifying information | (print) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
Canceled/invalid ISBN | 0470874740 |
Qualifying information | (print) |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | AU@ |
System control number | 000053396245 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | CHNEW |
System control number | 000607104 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | DEBBG |
System control number | BV041167590 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | DEBBG |
System control number | BV041558921 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | DEBBG |
System control number | BV042032057 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | DEBSZ |
System control number | 372700403 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | DEBSZ |
System control number | 414175247 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | DKDLA |
System control number | 820120-katalog:000588414 |
029 1# - OTHER SYSTEM CONTROL NUMBER (OCLC) | |
OCLC library identifier | NZ1 |
System control number | 14693208 |
035 ## - SYSTEM CONTROL NUMBER | |
System control number | (OCoLC)747412460 |
Canceled/invalid control number | (OCoLC)821030850 |
-- | (OCoLC)876268681 |
037 ## - SOURCE OF ACQUISITION | |
Stock number | CL0500000409 |
Source of stock number/acquisition | Safari Books Online |
037 ## - SOURCE OF ACQUISITION | |
Stock number | F889EE2A-CF12-4647-85E0-03258F227FC1 |
Source of stock number/acquisition | OverDrive, Inc. |
Note | http://www.overdrive.com |
040 ## - CATALOGING SOURCE | |
Original cataloging agency | E7B |
Language of cataloging | eng |
Description conventions | pn |
Transcribing agency | E7B |
Modifying agency | OCLCQ |
-- | YDXCP |
-- | WAU |
-- | CDX |
-- | N$T |
-- | B24X7 |
-- | DG1 |
-- | TEFOD |
-- | REDDC |
-- | OCLCQ |
-- | DEBSZ |
-- | OCLCQ |
-- | DKDLA |
-- | OCLCO |
-- | UMI |
-- | DEBBG |
-- | OCLCO |
-- | NLGGC |
-- | TEFOD |
-- | EBLCP |
-- | OCLCQ |
-- | OCLCO |
-- | OCLCQ |
-- | DG1 |
-- | ELW |
049 ## - LOCAL HOLDINGS (OCLC) | |
Holding library | MAIN |
050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
Classification number | HF5548.37 |
Item number | .A93 2011eb |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | COM |
Subject category code subdivision | 060040 |
Source | bisacsh |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | COM |
Subject category code subdivision | 043050 |
Source | bisacsh |
072 #7 - SUBJECT CATEGORY CODE | |
Subject category code | COM |
Subject category code subdivision | 053000 |
Source | bisacsh |
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER | |
Classification number | 005.8 |
Edition number | 22 |
245 00 - TITLE STATEMENT | |
Title | Auditing cloud computing : a security and privacy guide / |
Statement of responsibility, etc. | [edited by] Ben Halpert. |
Medium | [electronic resource] |
260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) | |
Place of publication, distribution, etc. | Hoboken, N.J. : |
Name of publisher, distributor, etc. | John Wiley & Sons, |
Date of publication, distribution, etc. | ©2011. |
300 ## - PHYSICAL DESCRIPTION | |
Extent | 1 online resource (xvi, 206 pages) : |
Other physical details | illustrations. |
336 ## - CONTENT TYPE | |
Content type term | text |
Content type code | txt |
Source | rdacontent |
337 ## - MEDIA TYPE | |
Media type term | computer |
Media type code | c |
Source | rdamedia |
338 ## - CARRIER TYPE | |
Carrier type term | online resource |
Carrier type code | cr |
Source | rdacarrier |
490 1# - SERIES STATEMENT | |
Series statement | [Wiley corporate F & A] ; |
Volume/sequential designation | 21 |
504 ## - BIBLIOGRAPHY, ETC. NOTE | |
Bibliography, etc | Includes bibliographical references and index. |
505 0# - FORMATTED CONTENTS NOTE | |
Formatted contents note | Preface xiii Chapter 1: Introduction to Cloud Computing 1 History 1 Defining Cloud Computing 2 Elasticity 2 Multitenancy 3 Economics 3 Abstraction 3 Cloud Computing Services Layers 4 Infrastructure as a Service 5 Platform as a Service 5 Software as a Service 6 Roles in Cloud Computing 6 Consumer 6 Provider 6 Integrator 7 Cloud Computing Deployment Models 8 Private 8 Community 8 Public 9 Hybrid 9 Challenges 9 Availability 10 Data Residency 10 Multitenancy 11 Performance 11 Data Evacuation 12 Supervisory Access 12 In Summary 13 Chapter 2: Cloud-Based IT Audit Process 15 The Audit Process 16 Control Frameworks for the Cloud 18 ENISA Cloud Risk Assessment 20 FedRAMP 20 Entities Using COBIT 21 CSA Guidance 21 CloudAudit/A6 -- The Automated Audit, Assertion, Assessment, and Assurance API 22 Recommended Controls 22 Risk Management and Risk Assessment 26 Risk Management 27 Risk Assessment 27 Legal 28 In Summary 29 Chapter 3: Cloud-Based IT Governance 33 Governance in the Cloud 36 Understanding the Cloud 36 Security Issues in the Cloud 37 Abuse and Nefarious Use of Cloud Computing 38 Insecure Application Programming Interfaces 39 Malicious Insiders 39 Shared Technology Vulnerabilities 39 Data Loss/Leakage 40 Account, Service, and Traffic Hijacking 40 Unknown Risk Profile 40 Other Security Issues in the Cloud 41 Governance 41 IT Governance in the Cloud 44 Managing Service Agreements 44 Implementing and Maintaining Governance for Cloud Computing 46 Implementing Governance as a New Concept 46 Preliminary Tasks 46 Adopt a Governance Implementation Methodology 48 Extending IT Governance to the Cloud 49 In Summary 52 Chapter 4: System and Infrastructure Lifecycle Management for the Cloud 57 Every Decision Involves Making a Tradeoff 57 Example: Business Continuity/Disaster Recovery 59 What about Policy and Process Collisions? 60 The System and Management Lifecycle Onion 61 Mapping Control Methodologies onto the Cloud62 Information Technology Infrastructure Library 63 Control Objectives for Information and Related Technology 64 National Institute of Standards and Technology 65 Cloud Security Alliance 66 Verifying Your Lifecycle Management 67 Always Start with Compliance Governance 67 Verification Method 68 Illustrative Example 70 Risk Tolerance 72 Special Considerations for Cross-Cloud Deployments 73 The Cloud Provider's Perspective 74 Questions That Matter 75 In Summary 76 Chapter 5: Cloud-Based IT Service Delivery and Support 79 Beyond Mere Migration 80 Architected to Share, Securely 80 Single-Tenant Offsite Operations (Managed Service Providers) 81 Isolated-Tenant Application Services (Application Service Providers) 81 Multitenant (Cloud) Applications and Platforms 82 Granular Privilege Assignment 82 Inherent Transaction Visibility 84 Centralized Community Creation 86 Coherent Customization 88 The Question of Location 90 Designed and Delivered for Trust 91 Fewer Points of Failure91 Visibility and Transparency 93 In Summary 93 Chapter 6: Protection and Privacy of Information Assets in the Cloud 97 The Three Usage Scenarios 99 What Is a Cloud? Establishing the Context -- Defining Cloud Solutions and their Characteristics 100 What Makes a Cloud Solution? 101 Understanding the Characteristics 104 Service Based 104 On-Demand Self-Service 104 Broad Network Access 104 Scalable and Elastic 105 Unpredictable Demand 105 Demand Servicing 105 Resource Pooling 105 Managed Shared Service 105 Auditability 105 Service Termination and Rollback 106 Charge by Quality of Service and Use 106 Capability to Monitor and Quantify Use 106 Monitor and Enforce Service Policies 107 Compensation for Location Independence 107 Multitenancy 107 Authentication and Authorization 108 Confidentiality 108 Integrity 108 Authenticity 108 Availability 108 Accounting and Control 109 Collaboration Oriented Architecture 109 Federated Access and ID Management 10. |
520 ## - SUMMARY, ETC. | |
Summary, etc. | "The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment. Many organizations are reporting or projecting a significant cost savings through the use of cloud computing--utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources. Reveals effective methods for evaluating the security and privacy practices of cloud services. A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA). Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers"-- |
Assigning source | Provided by publisher. |
588 0# - SOURCE OF DESCRIPTION NOTE | |
Source of description note | Print version record. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Business enterprises |
General subdivision | Computer networks |
-- | Security measures. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Cloud computing |
General subdivision | Security measures. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Information technology |
General subdivision | Security measures. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | Data protection. |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | COMPUTERS |
General subdivision | Internet |
-- | Security. |
Source of heading or term | bisacsh |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | COMPUTERS |
General subdivision | Networking |
-- | Security. |
Source of heading or term | bisacsh |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
Topical term or geographic name as entry element | COMPUTERS |
General subdivision | Security |
-- | General. |
Source of heading or term | bisacsh |
655 #4 - INDEX TERM--GENRE/FORM | |
Genre/form data or focus term | Electronic books. |
655 #7 - INDEX TERM--GENRE/FORM | |
Genre/form data or focus term | Electronic books. |
Source of term | local |
700 1# - ADDED ENTRY--PERSONAL NAME | |
Personal name | Halpert, Ben, |
Dates associated with a name | 1986- |
776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
Relationship information | Print version: |
Title | Auditing cloud computing. |
Place, publisher, and date of publication | Hoboken, N.J. : Wiley, ©2011 |
International Standard Book Number | 9780470874745 |
Record control number | (DLC) 2011016626 |
-- | (OCoLC)698587265 |
830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE | |
Uniform title | Wiley corporate F & A ; |
Volume number/sequential designation | 21. |
856 40 - ELECTRONIC LOCATION AND ACCESS | |
Uniform Resource Identifier | http://onlinelibrary.wiley.com/book/10.1002/9781118269091 |
Public note | Wiley Online Library |
942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
Source of classification or shelving scheme | |
Koha item type | Books |
No items available.