El tema de Seguridad en la nube está recibiendo preocupación preferente en distintos ámbitos, incluida la SEC, Al respecto, hemos seleccionado este material que es nuevo.
ISACA ha publicado recientemente una guía con 13 ítemes. El documento completo está disponible para los miembros de ISACA y para quienes no lo son, pueden comprarlo.
Va el enunciado original en inglés
ISACA Outlines Steps for Controls, Assurance in the Cloud
ROLLING MEADOWS, ILL. (APRIL 21, 2014)
BY DANIELLE LEE
ISACA has issued a new guide of practical steps for assurance and control in the cloud, Controls and Assurance in the Cloud: Using COBIT 5.
The guide, meant to help companies find value in and adopt cloud solutions, also focuses on avoiding information security challenges.
According to the ISACA (formerly known as the Information Systems Audit and Control Association), these 13 items often lead to cloud challenges:
1. Location of data
2. Commingled data
3. Security policy/procedure transparency (or lack thereof)
4. Cloud data ownership
5. Lock-in with cloud service provider’s proprietary application program interfaces
6. Record protection for forensic audits
7. Identity and access management
8. Screening of other cloud computing clients
9. Compliance requirements
10. Data disposal
12. Service provider viability
13. Backup and rollout capabilities
The publication provides the following tools to meet these challenges and provide effective governance and management of cloud initiatives:
– Cloud risk scenarios
– Contractual provisions
– A cloud governance checklist
– A practical approach to measuring cloud ROI
– A cloud computing assurance program
– A process capability assessment
– Questions boards of directors need to consider
“Cloud initiatives transform business and need to be treated holistically, including addressing governance, risk management, operational, assurance and security considerations,” stated Phil Lageschulte, partner at KPMG and chair of ISACA’s guidance and practices committee. “This guide looks at all of those areas and helps companies ensure that their cloud initiatives are not only delivering value and meeting business goals—but also managing the new and potentially elevated risks.”
Controls and Assurance in the Cloud is a complete update to ISACA’s earlier IT Control Objectives for Cloud Computing. The book, which ISACA members can download free of charge, is available atwww.isaca.org/controls-and-assurance-in-the-cloud.