The new white paper from ISACA and SecurityScorecard, Continuous Oversight in the Cloud: How to Improve Cloud Security, Privacy and Compliance, explores the elements that information assurance practitioners should factor into their continuous oversight of these cloud services in order to address potential key areas of risk.
Continuous Oversight in the Cloud walks these practitioners through the current digital business landscape—including cloud computing, Bring Your Own Device (BYOD), big data analytics, IoT and AI—noting that organisations not only need to address these emerging technologies but also to ensure that legacy systems and old stored data are protected.
“Information security management has long been a challenge for practitioners to effectively implement,” says Fouad Khalil, CISA, ITIL, Vice President of Compliance, SecurityScorecard. “With evolving regulations, emerging technologies and the increased use of cloud services, this means that enterprises need to exercise even more care and diligence in ensuring security and privacy compliance—with continuous oversight as part of that equation.”
The white paper makes the case for continuous oversight as a means to monitor for and mitigate risk, outlining the many benefits of implementing continuous internal monitoring, continuous cloud assurance, continuous supply chain management and continuous improvement, including:
• Identifying risk early to help anticipate incidents, prevent breaches and avoid potential costs, fines and damage to business reputation;
• Providing senior leaders and executives with information to make timely, cost-effective risk management decisions; and
• Supporting proactive responsibility and accountability for controls and risk management throughout the enterprise and its third parties.
Additionally, Continuous Oversight in the Cloud provides practitioners with strategies they can use to identify and mitigate risk in the cloud, starting with the fundamental components of information security and privacy programs and then drilling down into the key responsibilities and action items that should be taken by key stakeholders throughout the process. The white paper also details the specific steps that practitioners should take to maintain a continuous cloud service assurance and oversight program—incorporating the continual improvement tasks outlined in ISACA's COBIT 2019 Design Guide.
“Engaging in continuous oversight of cloud services can seem like a massive undertaking at first glance," says Rebecca Herold, CISA, CISM, CIPP/US, CIPT, CISSP, FIP, FLMI; CEO, The Privacy Professor and Founder, SIMBUS, LLC, and the lead developer for the white paper. "However, by taking a clear, organised approach and by utilising a wealth of existing resources, such as guidance and frameworks from COBIT 2019 and the National Institute of Standards and Technology (NIST), practitioners can meet any challenges head on and effectively mitigate risk.”
The white paper then provides an overview of some key metrics that organisations should consider in order to most effectively engage in continuous monitoring, based on the type of cloud services being used—including those related to supply chain, incidents and breaches, and other common challenges.
The Continuous Oversight in the Cloud white paper is available for free to both ISACA members and non-members at http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Continuous-Oversight-in-the-Cloud.aspx. For additional resources related to cloud computing, visit http://www.isaca.org/Knowledge-Center/Research/Pages/Cloud.aspx. To access other white papers on a range of topics, visit https://www.isaca.org/Knowledge-Center/Research/Pages/White-Papers.aspx.
Now in its 50th anniversary year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips practitioners with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged practitioners—including its 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.
Julie Fenwick, +61 468 901 655, firstname.lastname@example.org
Lauren Graham, +61 432 614 401, email@example.com
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem