0% found this document useful (0 votes)

199 views

Chandra - Auditing Cloud Computing

This document discusses information system auditing and cloud computing. It provides an overview of IS auditing, including IT governance, risks, benefits, and assurance. It then discusses cloud computing and how it differs from traditional computing by moving servers, networks, storage, and other resources to remote data centers accessed over the internet. The document outlines the stakeholders in IT assurance and describes how IS auditing of cloud computing needs to consider guidance for auditing Software as a Service, Platform as a Service, and Infrastructure as a Service models, potentially using new cloud audit tools.

Uploaded by

wawan_good

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

199 views

Chandra - Auditing Cloud Computing

Uploaded by

wawan_good

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 17

Information System

Auditing
and Cloud Computing

Chandra Yulistia, SE Ak CISA CISM

2
Information System Auditing and Cloud Computing

OVERVIEW OF IS AUDIT

3
IT Governance and Management
(read: Headache)

Conformance Performance

Resource
Risks Benefits
s

Evaluate

Direct Monitor

Plan
Built Monitor

Run
4
IT Assurance Universe
(read: Prospect)

nc
M

a
er ty
nc rm
Objective

e ia

s
o

er
pl
IT

u
s

fo
n

th
ec

C e
om
i Controls

O
S R

P
B u t
Information u n o
P i r
Application l l
a d
Infrastructure n

People

IT
Resources 5
IT Assurance Stakeholders
(read: Market)

Standards/Gui Special
Regulations
des Criteria
Independe Certificati Governme
nt on nt
IS Auditor IS Auditor IS Auditor
PUBLIC
USER
INSTITUTION OTHER
INSTITUTION
OWNER
Internal
IS Auditor
CUSTODIAN VENDOR

6
Information System Auditing and Cloud Computing

CLOUD COMPUTING

7
Computing on Earth

CUSTOME
RS OUTPUT

SERVE
RS

NET

VENDO
YOU RS
INPUT
8
Computing at Cloud

CUSTOME
RS

OUTPUT
SERVE
RS

NET

YOU

VENDO
INPUT RS
9
The Cloud of Cloud Computing

10
Information System Auditing and Cloud Computing

AUDIT OF CLOUD
COMPUTING

11
IS AUDIT PROCESS
Conclusio
n

Criteria AUDIT Condition

Evaluatin Collectin
g Evidence g

12
Current IS Auditing

IS
AUDITOR

13
Auditing Cloud Computing

IS
AUDITOR SaaS

PaaS

ISACA and other

guidance on :
Cloud Computing IaaS
Management
Audit/Assurance
Program 14
Auditing Cloud Computing
(example)

15
Future of Cloud Auditing

IS
AUDITOR SaaS
CLOUD
AUDIT
TOOLS
PaaS

IaaS
16
THANKS

[email protected]

Sectrio NIST CSF 20 Audit
No ratings yet
Sectrio NIST CSF 20 Audit
89 pages
25 Most Common Problems Implementing Pci Dss
100% (1)
25 Most Common Problems Implementing Pci Dss
33 pages
CCM v4.0 Implementation Guidelines v2.0 20240528
No ratings yet
CCM v4.0 Implementation Guidelines v2.0 20240528
366 pages
Assessment Methodology
100% (2)
Assessment Methodology
2 pages
CISSP Whole Glossary2021
No ratings yet
CISSP Whole Glossary2021
64 pages
CIS Controls Initial Assessment Tool (v7.1b) : Instructions - Read Me First
No ratings yet
CIS Controls Initial Assessment Tool (v7.1b) : Instructions - Read Me First
23 pages
The Official (ISC)2 Guide to the CCSP CBK
From Everand
The Official (ISC)2 Guide to the CCSP CBK
Gordon
No ratings yet
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 4
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 4
Byte Books
No ratings yet
Cybersecurity Attacks File
100% (1)
Cybersecurity Attacks File
40 pages
Cyber Handbook Enterprise v1.5 1
No ratings yet
Cyber Handbook Enterprise v1.5 1
32 pages
GRC, SOC Analyst
No ratings yet
GRC, SOC Analyst
75 pages
CMMC Interview Assessment Guides All 14 Domains
No ratings yet
CMMC Interview Assessment Guides All 14 Domains
186 pages
CYBER CRIME AWARENESS For Students
No ratings yet
CYBER CRIME AWARENESS For Students
17 pages
2015 UW-Madison Cybersecurity Strategic Plan Final Jul-01-2015
No ratings yet
2015 UW-Madison Cybersecurity Strategic Plan Final Jul-01-2015
47 pages
Cyber Security
No ratings yet
Cyber Security
81 pages
Build-a-Security-Roadmap
No ratings yet
Build-a-Security-Roadmap
37 pages
WAPOE - Outsourced - IT - Environments
No ratings yet
WAPOE - Outsourced - IT - Environments
49 pages
Zero Trust Solutions - IsC2 Presentations (9!26!2021) v4
No ratings yet
Zero Trust Solutions - IsC2 Presentations (9!26!2021) v4
28 pages
NIST Privacy Framework Course Assessment
No ratings yet
NIST Privacy Framework Course Assessment
7 pages
NASSCOM-DSCI Cyber Security Advisory Group (CSAG) Report
No ratings yet
NASSCOM-DSCI Cyber Security Advisory Group (CSAG) Report
78 pages
Cloud Computing Compliance Criteria Catalogue - C5:2020
100% (1)
Cloud Computing Compliance Criteria Catalogue - C5:2020
124 pages
SaaS Cloud Security Standards
No ratings yet
SaaS Cloud Security Standards
54 pages
Cloud Security Posture Management - Why You - Cloud Security Alliance PDF
No ratings yet
Cloud Security Posture Management - Why You - Cloud Security Alliance PDF
7 pages
Cyber Awareness Program - 03 Online
No ratings yet
Cyber Awareness Program - 03 Online
19 pages
Security Frameworks
100% (1)
Security Frameworks
11 pages
ISMSLA PPT Handouts
No ratings yet
ISMSLA PPT Handouts
144 pages
Cism Glossary PDF
No ratings yet
Cism Glossary PDF
11 pages
CISO Mindmap 2022 No Headings
No ratings yet
CISO Mindmap 2022 No Headings
1 page
GPCCaseStudy Eng 0221
No ratings yet
GPCCaseStudy Eng 0221
5 pages
The CEO's Plain English Guide To
No ratings yet
The CEO's Plain English Guide To
36 pages
FedRAMP Annual SAR Template
No ratings yet
FedRAMP Annual SAR Template
50 pages
Is Career Path
No ratings yet
Is Career Path
16 pages
Web Application Security
No ratings yet
Web Application Security
12 pages
FedRAMP Continuous Monitoring Template
No ratings yet
FedRAMP Continuous Monitoring Template
3 pages
Security 101: Training, Awareness, and Strategies Stephen Cobb, CISSP Senior Security Researcher Eset Na
100% (1)
Security 101: Training, Awareness, and Strategies Stephen Cobb, CISSP Senior Security Researcher Eset Na
41 pages
Cloud Security Lecture 3
No ratings yet
Cloud Security Lecture 3
37 pages
STRIDE Methodology in Threat Modeling Process - Defense Lead
No ratings yet
STRIDE Methodology in Threat Modeling Process - Defense Lead
8 pages
Cyber-Security-Risk-Assessment-Matrix-Template-TemplateLab.com_
No ratings yet
Cyber-Security-Risk-Assessment-Matrix-Template-TemplateLab.com_
1 page
Isc2 Cissp 1 13 1 Threat Modeling Concepts and Methodologies
No ratings yet
Isc2 Cissp 1 13 1 Threat Modeling Concepts and Methodologies
2 pages
Report Cybersecurity-Audit Template en
0% (1)
Report Cybersecurity-Audit Template en
11 pages
Application Container Audit Program Excel Spreadsheet
No ratings yet
Application Container Audit Program Excel Spreadsheet
6 pages
AnsibleAutomates AnsibleForSecurityAutomation
No ratings yet
AnsibleAutomates AnsibleForSecurityAutomation
38 pages
Cyber Exposure Management Obooko
No ratings yet
Cyber Exposure Management Obooko
22 pages
Security Gap Analysis Template: in Place? Rating
0% (1)
Security Gap Analysis Template: in Place? Rating
6 pages
Cognise Allfields Cloud Risk Assessment+Tool
No ratings yet
Cognise Allfields Cloud Risk Assessment+Tool
34 pages
Isaca Cisa Cism
100% (1)
Isaca Cisa Cism
49 pages
CISO Handbook Cybersecurity Metrics Budgeting 1716720867
No ratings yet
CISO Handbook Cybersecurity Metrics Budgeting 1716720867
19 pages
Audit Program For VMWare, and Netapp Controls in XYZ Co-Location Data Center
No ratings yet
Audit Program For VMWare, and Netapp Controls in XYZ Co-Location Data Center
9 pages
Security Guidance For Critical Areas of Focus in Cloud Computing v5 Release Presentation
No ratings yet
Security Guidance For Critical Areas of Focus in Cloud Computing v5 Release Presentation
51 pages
Lumu Ransomware Response Playbook
100% (1)
Lumu Ransomware Response Playbook
10 pages
Saudi Cybersecurity Workforce Framework
100% (1)
Saudi Cybersecurity Workforce Framework
120 pages
Information Security Management and Metrics
No ratings yet
Information Security Management and Metrics
30 pages
Security Architecture Guide
No ratings yet
Security Architecture Guide
8 pages
Ponemon Report The Economics of Security Operations Centers
No ratings yet
Ponemon Report The Economics of Security Operations Centers
32 pages
Azure Security Center - Build A SoC
No ratings yet
Azure Security Center - Build A SoC
53 pages
2.0 Threat Intelligence
No ratings yet
2.0 Threat Intelligence
106 pages
CISM_ILT_4D_PA_SampleExamAnswersJustifications
No ratings yet
CISM_ILT_4D_PA_SampleExamAnswersJustifications
40 pages
CyberSecurity Short Course - Week 3
No ratings yet
CyberSecurity Short Course - Week 3
46 pages
Cloud Security Best Practices
No ratings yet
Cloud Security Best Practices
12 pages
Introduction To Cyber Security (DAY 1)
No ratings yet
Introduction To Cyber Security (DAY 1)
12 pages
Mobile Computing and Mobile Communication Systems - Mobile Computing
100% (1)
Mobile Computing and Mobile Communication Systems - Mobile Computing
30 pages
Codeigniter Tutorial PDF
100% (2)
Codeigniter Tutorial PDF
95 pages
Introduction To Arrays
No ratings yet
Introduction To Arrays
19 pages
Monthly Australian Wine Sales TH
No ratings yet
Monthly Australian Wine Sales TH
39 pages
Total Almeera - PR Brief
No ratings yet
Total Almeera - PR Brief
11 pages
Jurnal e Commerce
No ratings yet
Jurnal e Commerce
8 pages
Ec Ethical Social Political Issues Ok
No ratings yet
Ec Ethical Social Political Issues Ok
16 pages
Amazon Web Services: Amazon Elastic Compute Cloud (Amazon EC2)
No ratings yet
Amazon Web Services: Amazon Elastic Compute Cloud (Amazon EC2)
19 pages
Dimensions of Brand Image
No ratings yet
Dimensions of Brand Image
11 pages
Cisco Umbrella Education Package
No ratings yet
Cisco Umbrella Education Package
2 pages
E Governance Solutions
No ratings yet
E Governance Solutions
9 pages
Interface CCNET
No ratings yet
Interface CCNET
60 pages
Ruckus Overview
No ratings yet
Ruckus Overview
26 pages
cs workshop1
No ratings yet
cs workshop1
11 pages
Unit 5-Input Output Management5
No ratings yet
Unit 5-Input Output Management5
8 pages
Assignment 2
No ratings yet
Assignment 2
52 pages
Business Analyst Resume
No ratings yet
Business Analyst Resume
2 pages
Book Store
No ratings yet
Book Store
16 pages
Access Architecture
No ratings yet
Access Architecture
10 pages
Program Structure: Bachelor of Science in Information Technology (2014 - 2015 Curriculum)
No ratings yet
Program Structure: Bachelor of Science in Information Technology (2014 - 2015 Curriculum)
4 pages
121 130 Lead2Pass Latest Free Oracle 1Z0 060 Dumps (51 60) Download!
No ratings yet
121 130 Lead2Pass Latest Free Oracle 1Z0 060 Dumps (51 60) Download!
5 pages
UPCC V300R006C10 CLI Interface Instruction
No ratings yet
UPCC V300R006C10 CLI Interface Instruction
478 pages
OpenSTA Tutorial
No ratings yet
OpenSTA Tutorial
57 pages
Datasheet Optris XI 410
No ratings yet
Datasheet Optris XI 410
2 pages
3645A User Manual
No ratings yet
3645A User Manual
19 pages
How To e File STRIVe Return 5
No ratings yet
How To e File STRIVe Return 5
33 pages
Naukri RaghunathPotu (9y 0m)
No ratings yet
Naukri RaghunathPotu (9y 0m)
3 pages
Data Structures Homework 2 Queues
No ratings yet
Data Structures Homework 2 Queues
2 pages
ACLD-9182A-01-Terminal Boards-ADLINK
No ratings yet
ACLD-9182A-01-Terminal Boards-ADLINK
2 pages
PDF Principles of Information Security Fifth Edition Mattord Download
100% (8)
PDF Principles of Information Security Fifth Edition Mattord Download
49 pages
Keith Mariel Daffon - Resume
No ratings yet
Keith Mariel Daffon - Resume
3 pages
Ada BT PLC
No ratings yet
Ada BT PLC
3 pages
TheGreenBow IPSec VPN Client - User Guide
100% (1)
TheGreenBow IPSec VPN Client - User Guide
85 pages
LGES - 1 - Registration Request - Manual - (EN) (Vendor)
No ratings yet
LGES - 1 - Registration Request - Manual - (EN) (Vendor)
5 pages
Mayank PPT Gui Language Editor Using Python
No ratings yet
Mayank PPT Gui Language Editor Using Python
20 pages
Mikrotik - IPv6
No ratings yet
Mikrotik - IPv6
45 pages
Comprehensive Guide to 2D Game Development
No ratings yet
Comprehensive Guide to 2D Game Development
2 pages
Phishing Attacks
No ratings yet
Phishing Attacks
4 pages
DD10 Operating Manual Part1
No ratings yet
DD10 Operating Manual Part1
178 pages

Chandra - Auditing Cloud Computing

Uploaded by

Chandra - Auditing Cloud Computing

Uploaded by

Information System

Chandra Yulistia, SE Ak CISA CISM

Criteria AUDIT Condition

ISACA and other

You might also like