Books & Videos

Table of Contents

  1. Chapter 1 Introduction

    1. “Mind the Gap”

    2. The Evolution of Cloud Computing

    3. Summary

  2. Chapter 2 What Is Cloud Computing?

    1. Cloud Computing Defined

    2. The SPI Framework for Cloud Computing

    3. The Traditional Software Model

    4. The Cloud Services Delivery Model

    5. Cloud Deployment Models

    6. Key Drivers to Adopting the Cloud

    7. The Impact of Cloud Computing on Users

    8. Governance in the Cloud

    9. Barriers to Cloud Computing Adoption in the Enterprise

    10. Summary

  3. Chapter 3 Infrastructure Security

    1. Infrastructure Security: The Network Level

    2. Infrastructure Security: The Host Level

    3. Infrastructure Security: The Application Level

    4. Summary

  4. Chapter 4 Data Security and Storage

    1. Aspects of Data Security

    2. Data Security Mitigation

    3. Provider Data and Its Security

    4. Summary

  5. Chapter 5 Identity and Access Management

    1. Trust Boundaries and IAM

    2. Why IAM?

    3. IAM Challenges

    4. IAM Definitions

    5. IAM Architecture and Practice

    6. Getting Ready for the Cloud

    7. Relevant IAM Standards and Protocols for Cloud Services

    8. IAM Practices in the Cloud

    9. Cloud Authorization Management

    10. Cloud Service Provider IAM Practice

    11. Guidance

    12. Summary

  6. Chapter 6 Security Management in the Cloud

    1. Security Management Standards

    2. Security Management in the Cloud

    3. Availability Management

    4. SaaS Availability Management

    5. PaaS Availability Management

    6. IaaS Availability Management

    7. Access Control

    8. Security Vulnerability, Patch, and Configuration Management

    9. Summary

  7. Chapter 7 Privacy

    1. What Is Privacy?

    2. What Is the Data Life Cycle?

    3. What Are the Key Privacy Concerns in the Cloud?

    4. Who Is Responsible for Protecting Privacy?

    5. Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing

    6. Legal and Regulatory Implications

    7. U.S. Laws and Regulations

    8. International Laws and Regulations

    9. Summary

  8. Chapter 8 Audit and Compliance

    1. Internal Policy Compliance

    2. Governance, Risk, and Compliance (GRC)

    3. Illustrative Control Objectives for Cloud Computing

    4. Incremental CSP-Specific Control Objectives

    5. Additional Key Management Control Objectives

    6. Control Considerations for CSP Users

    7. Regulatory/External Compliance

    8. Other Requirements

    9. Cloud Security Alliance

    10. Auditing the Cloud for Compliance

    11. Summary

  9. Chapter 9 Examples of Cloud Service Providers

    1. Amazon Web Services (IaaS)

    2. Google (SaaS, PaaS)

    3. Microsoft Azure Services Platform (PaaS)

    4. Proofpoint (SaaS, IaaS)

    5. RightScale (IaaS)

    6. Salesforce.com (SaaS, PaaS)

    7. Sun Open Cloud Platform

    8. Workday (SaaS)

    9. Summary

  10. Chapter 10 Security-As-a-[Cloud] Service

    1. Origins

    2. Today’s Offerings

    3. Summary

  11. Chapter 11 The Impact of Cloud Computing on the Role of Corporate IT

    1. Why Cloud Computing Will Be Popular with Business Units

    2. Potential Threats of Using CSPs

    3. A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing

    4. Governance Factors to Consider When Using Cloud Computing

    5. Summary

  12. Chapter 12 Conclusion, and the Future of the Cloud

    1. Analyst Predictions

    2. Survey Says?

    3. Security in Cloud Computing

    4. Program Guidance for CSP Customers

    5. The Future of Security in Cloud Computing

    6. Summary

  1. Appendix SAS 70 Report Content Example

    1. Section I: Service Auditor’s Opinion

    2. Section II: Description of Controls

    3. Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness

    4. Section IV: Additional Information Provided by the Service Organization

  2. Appendix SysTrust Report Content Example

    1. SysTrust Auditor’s OpinionAmerican Institute of Certified Public Accountants (AICPA), Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®), 2006. Available at . [Trust Services Principles]

    2. SysTrust Management Assertion

    3. SysTrust System Description

    4. SysTrust Schedule of Controls

  3. Appendix Open Security Architecture for Cloud Computing

    1. Legend

    2. Description

    3. Key Control Areas

    4. Examples

    5. Assumptions

    6. Typical Challenges

    7. Indications

    8. Contraindications

    9. Resistance Against Threats

    10. References

    11. Control Details

  4. Glossary

  5. Colophon