Checklist for cloud PDF

Title Checklist for cloud
Author Chan Sarat
Course Audit checklist - Cloud
Institution University of Puthisastra
Pages 2
File Size 152.9 KB
File Type PDF
Total Downloads 40
Total Views 136
Preview
CLICK TO PREVIEW PDF
Summary

This is my personal preparation for cloud audit checklist...

Description

A. Cloud computing audit checklist: This checklist will focus on the general control over cloud computing environment and include below: 1. The contractual compliance between the service provider and customer 2. Incident Response, Notification and Remediation 3. Identity and Access Management 4. Data security, privacy and integrity 5. Virtualization No

Audit questions

1

What is cloud computing service model delivery implementation? Software-as-a-Service (SaaS)? Platform-as-a-Service (PaaS)? Infrastructure-as-a-Service (IaaS)? What is cloud computing deployment method? Private cloud – operated solely for an enterprise? Public cloud- made available to general public? Community cloud- shared by several enterprises? Hybrid cloud- A composition of two or more clouds? Are there any SLAs that support the business requirement has been defined, accepted by the service provider and monitored? Does the legal compliance with local and cross-border laws are defined as a component of the contract? Does the right to audit is included within the contract? Does the data protection responsibilities with service provider are clearly established? Does the incident notifications, responses and remediation are documented, timely, address the risk of the incident, escalated as necessary and formally closed? Does the contract SLAs describe specific definitions of incidents (data breaches, security violations) and events (suspicious activities) and the actions to be initiated by and the responsibilities of both parties? Does the issue monitoring processes are implemented and actively used by the service provider to documented and report all defined incidents? Does the cloud provider have a physical security control in place? Are those physical security control policies or procedures have been documented? Does the data disposal procedure clearly define in the contract to ensure that a mandatory data wipe carried out under the enterprise’s supervision when contract expiration or any event ending the contract? When applications are developed in a PaaS environment, does the application disposal include objects, source and backups are properly defined in the contract? Do the schedule software changes/release, patch update has been included in the SLAs? Does the user access management control is in place to prevent information assets from unauthorized entities?

2

3 4 5 6 7

8

9

10 11 12

13

14 15

Ye s

N o

N/A

Audit comments

16

17

18

19 20 21 22 23 24 25 26

Does the new user, termination and access permission changes of cloud-based applications and operating platforms are managed in a timely and controlled manner, according to internal user access policies? Does the appropriate control for user management are in place to: Prevent shared user IDs? Provide adequate segregation of duties to prevent service provider staff from obtaining customer identities? Provide user activity logging history functions? Provide monitoring functions to alert customer of unauthorized authentication activities? For IaaS, does the dedicated VPNs or other recognized standard authentications formats in conjunction with SSL are implemented between the service provider and customer installation? Does the data in transit are encrypted over networks with private key known only to the customer? Does data stored in the live production database on cloud system are encrypted? Do the data backups policies and procedures for data backups of cloud-based data is in place? Does the data backups are encrypted to prevent unauthorized access and disclosure of confidential data? Does the tests of data restoration are performed on a routine basis? Does the disaster and recovery plan is in place and periodically test? Does the operating systems are hardened by the service provider to prevent unauthorized access and attacks? Are the following control have been implemented: Intrusion detection? Malware prevention? Vulnerability scanning? Virtual machine image validation prior to placement in production? Separate production and testing environment?...

Similar Free PDFs
Checklist for cloud
  • 2 Pages
Checklist for pcc updated
  • 3 Pages
Cloud Computing for Competitive Advantage
  • 2 Pages
Cloud data platform for dummies
  • 68 Pages
Cloud Computing for Competitive Advantage
  • 3 Pages
Internship Report for cloud computing
  • 25 Pages
Cloud marketing analytics for dummies
  • 68 Pages
CARS Checklist for Evaluating Sources
  • 2 Pages
MCQ-Cloud - Cloud computing MCQ\'s
  • 16 Pages
Checklist
  • 6 Pages
Checklist
  • 8 Pages
Rheumatology examination checklist Checklist for the Rheumatology OSCE
  • 3 Pages
Cloud Datawarehousing for Dummies - Snowflake Datae Book
  • 53 Pages
Cloud Computing For Competitive Advantage Chicago Bulls
  • 2 Pages
Cloud removal
  • 8 Pages
Aws-migration-whitepaper for cloud computing
  • 44 Pages
Popular Institutions