10 Principles of Cloud Computing Risk
ISACA Journal volume 5 author David Vohradsky, CGEIT, CRISC, reviews existing guidelines available to help your enterprise when considering cloud computing offerings. Vohradsky suggests the following 10 principles of cloud computing risk:
- Executives must have oversight over the cloud—The enterprise as a whole needs to recognize the value of the cloud-based technology and data. There must be constant vigilance and continuous monitoring of risk to these information assets, including ensuring compliance with appropriate laws, regulations, policies and frameworks.
- Management must own the risk in the cloud—The management of the relevant enterprise unit must own the risk associated with its use of cloud services and must establish, direct, monitor and evaluate commensurate risk management on an ongoing basis.
- All necessary staff must have knowledge of the cloud—All users of the cloud should have knowledge of the cloud and its risk (commensurate with their role in the organization), understand their responsibilities and be accountable for their use of the cloud.
- Management must know who is using the cloud—Appropriate security controls must be in place for all uses of the cloud, including human resources practices (e.g., recruitment, transfers, terminations).
- Management must authorize what is put in the cloud—All cloud-based technology and data must be formally classified for confidentiality, integrity and availability (CIA) and must be assessed for risk in enterprise terms, and best practice enterprise and technical controls must be incorporated and tested to mitigate the risk throughout the asset life cycle.
The complete 10 principles can be found in David Vohradsky’s full article, “Cloud Risk—10 Principles and a Framework for Assessment,” in the current issue of the ISACA Journal, in which you will also find additional coverage of timely and relevant issues affecting the ISACA professional communities.
Membership Renewal Season
The 2013 ISACA membership renewals are now open online!
As a professional membership association, ISACA’s greatest resource is its members—and as a member of ISACA, your greatest resources are the knowledge, networking and professional development opportunities we offer you.
- Work smarter—ISACA offers industry-leading IT governance frameworks to support your enterprise, such as the newly enhanced COBIT 5, providing an end-to-end business view of the governance of enterprise IT.
- Connect with peers—ISACA offers a broad range of networking and educational opportunities to members, including global conferences, high-quality training, exam review courses and online events designed to meet the needs of all IT professionals.
- Increase your value—ISACA offers substantial opportunities for individuals with leadership aspirations to connect globally through volunteer service on international boards, committees and task forces, enabling professionals to develop their skills and contribute directly to advancing the professions of IT audit, IT governance, information systems (IS) security, risk and control.
Stay equipped with the resources you need to enhance your skills, expand your professional knowledge and experience a vibrant local and global community of peers through 2013. Renew your ISACA membership today!
Discuss IT Security Trends at Latin America CACS / ISRM
Do you want to hear about the latest trends that are impacting the IT industry? Increase your security know-how and discuss information security trends with speakers and colleagues at Latin America Computer Audit, Control and Security (CACS) and Information Security and Risk Management (ISRM) Conference. Attend sessions where you can get the most current information of interest to IT security, audit, risk and governance professionals. ISACA is also introducing the Speaker Forum at Latin America CACS/ISRM. This new format provides conference delegates the opportunity to meet with conference speakers to discuss session topics further or ask lingering questions.
This premier event, being held in Bogota, Colombia, 1-3 October 2012, combines ISACA’s Latin America CACS and ISRM conferences to offer participants a variety of learning opportunities, plus an occasion to expand their professional network.
Register now for Latin America CACS / ISRM on the ISACA web site.
Making a Successful Transition to Another Country
Chasin Frew, CISA, CFE, Shares Her Experiences
As an IT auditor, Chasin Frew advanced her career by earning certifications and has shared her knowledge in IT security topics not only with customers, but also her inner circle. Through her own professional experiences, Frew shows how far one can go when determined to demonstrate competence and adaptability.
In making the transition from working in Canada to the US, she focused her efforts on becoming a certified professional who could succeed outside her country of origin. To do so, she chose to obtain the Certified Information Systems Auditor (CISA) certification. “This internationally recognized certification helps me to demonstrate the necessary knowledge, skills and experience to identify and manage vulnerabilities and offer feasible solutions to any organization,” Frew says. Her decision helped her gain recognition for the auditing and control skills she possesses, which in turn helped her to prosper in a completely new information technology and business systems environment.
Frew was able to enhance her career benefits by placing herself in a position to make the most out of her continued learning. “While studying for the CISA exam, I was assigned my first solo IT audit, and my preparation for the exam helped me perform my duties and succeed in my first IT audit assignment. Over the years, CISA certification has given me more credibility and validated my knowledge and experience in IT controls,” she explains.
In her opinion, a certification that is widely accepted is a proof of ability, which opens doors for professionals who have to live and work in another country. Since changing countries involved huge professional and structural changes, earning a (CISA) certification helped to improve her performance in her career path and in auditing and control responsibilities outside her country. “It enabled me to assess controls in place and make recommendations for improvements; helping my new clients to strengthen their IT control environment and enhance their IT processes,” she says.
Frew explains that she has found more ways to capitalize on her experiences by helping her inner circle to understand the challenges that come with new technology offerings. “I have used my knowledge in IT security at home and provided some tips to my family, friends or anyone who asks my opinion on things they should watch for to protect their online transactions from potential threats in day-to-day operations or services.”
5 Reasons to Join ISACA on Social Media
Have you joined the conversation on social media? ISACA is active on a number of platforms—in addition to its own Knowledge Center communities, where you will find timely and useful information on the world of IT and business. Here are five reasons to join your fellow members in ISACA’s social media groups today:
- Celebrate exam successes or new certification via Twitter.
- Pose questions to COBIT 5 experts on LinkedIn.
- Learn about your peers with profiles posted on Facebook.
- Get in-depth information on hot topics in the ISACA Now blog.
- Discover association offerings with the ISACA YouTube channel.