Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

ISACA Cloud Computing Projects - Looking for Volunteers

ISACA recognizes the significant interest in Cloud Computing and the needs of ISACA members to support their organizations in making decisions about Cloud Computing and to contribute to the ongoing management of Cloud services.  Over the next several months we will be planning projects that will build on the guidance ISACA has already made available to our members.  We are looking for ISACA members who have experience with Cloud security and assurance or who have particular expertise in governance, risk management, or compliance in a cloud environment.  ISACA members could contribute as members of a task force that will be asked to guide the development of a research report, or subject matter experts who would be asked to review publications prior to release.  If you would like to participate in an ISACA Cloud project, please send a description of your experience and interest in joining a project team to Ron Hale CISM, at [email protected]
You must sign in to rate content.
(Unrated)

Comments

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron, thanks for your email confirming this is where the project will run. Looking forward to getting started!

Is it possible to set automatic email alerts for this area? I don't always get time to browse to here but an email prompt will remind me!

Richard
RGN01Lively at 5/5/2011 3:37:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

See you on Monday 16 May
Ghulam317Lively at 5/5/2011 9:02:53 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron,

Thanks for email - looking forward to helping

John
John LloydLively at 5/5/2011 10:21:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Evaluation of AMAZON Exposure

It may be interesting to take an in-depth evaluation of the recent AMAZON Exposure..  What do you guys think? 

I have started working on a quick checklist of things to consider when evaluating *whether* the Risks of Cloud Computing can be assessed and at what point does the potential cost-savings / benefits cross the risk line.  Ideas..?

Patrick
Patrick552Lively at 5/12/2011 3:27:06 PM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

It is an interesting comment when you ask if the risks of cloud computing can be assessed. Understanding risk when moving to cloud is similar to understanding risk without cloud. The things that will cause the biggest porential losses are operational risks.  Research has shown that operational risks are hard to manage since they require activities for all aspects of the business from strategy to process. When there is a loss it is what is called a fat tailed event.  Operational losses are potentially huge and fall at the extremes of the risk curve.
Ron Hale Ph.D. CISMEnergizer at 5/13/2011 8:41:06 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron,

Just to take your point forward, Understanding risks when moving to cloud is equivalent to understanding risk without cloud, plus, the whole lot of complexity and risks related to dealing with vendor or service provider.
As we know, IT provides service to business and in case of in-house IT dept, those services are created, delivered and managed by in house staff.  Similarly in case of Cloud environment  those services are created and delivered by the service provider to the in-house IT dept. and then procured, customized and managed by IT dept  to provide necessary services to the Business.

I think this is a natural evolution of IT & business we have seen for several decades.  Back in the EDP days, companies used to design and write their own software end to end, managed their own communication lines between offices, and had internal courier service to deliver goods. Now we buy OS, Middleware, database and other software from specialized vendors, get the communication services from telecom vendors / ISPs and courier services from someone like FEDEX.
On the similar lines, why do we need to deploy, maintain and manage security of  our own email servers, why it can't be procured just like telephone service from a few specialized vendors ? Or why do we need to buy productivity and collaboration servers and tools and manage them in house ?

I think many issues that we are challenged with now in the context of Cloud computing are fundamentally the same we encountered earlier. Hopefully we could learn from the past and apply insights we now have regarding Risk and Governance to ensure that we not only reap the benefits of economy and scale but ensure security too.


- Subodh
SubodhLively at 5/13/2011 3:35:08 PM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron,

Just to take your point forward, Understanding risks when moving to cloud is equivalent to understanding risk without cloud, plus, the whole lot of complexity and risks related to dealing with vendor or service provider.
As we know, IT provides service to business and in case of in-house IT dept, those services are created, delivered and managed by in house staff.  Similarly in case of Cloud environment  those services are created and delivered by the service provider to the in-house IT dept. and then procured, customized and managed by IT dept  to provide necessary services to the Business.

I think this is a natural evolution of IT & business we have seen for several decades.  Back in the EDP days, companies used to design and write their own software end to end, managed their own communication lines between offices, and had internal courier service to deliver goods. Now we buy OS, Middleware, database and other software from specialized vendors, get the communication services from telecom vendors / ISPs and courier services from someone like FEDEX.
On the similar lines, why do we need to deploy, maintain and manage security of  our own email servers, why it can't be procured just like telephone service from a few specialized vendors ? Or why do we need to buy productivity and collaboration servers and tools and manage them in house ?

I think many issues that we are challenged with now in the context of Cloud computing are fundamentally the same we encountered earlier. Hopefully we could learn from the past and apply insights we now have regarding Risk and Governance to ensure that we not only reap the benefits of economy and scale but ensure security too.


- Subodh
SubodhLively at 5/13/2011 3:35:08 PM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

It is an interesting comment when you ask if the risks of cloud computing can be assessed. Understanding risk when moving to cloud is similar to understanding risk without cloud. The things that will cause the biggest porential losses are operational risks.  Research has shown that operational risks are hard to manage since they require activities for all aspects of the business from strategy to process. When there is a loss it is what is called a fat tailed event.  Operational losses are potentially huge and fall at the extremes of the risk curve.
Ron Hale Ph.D. CISMEnergizer at 5/13/2011 8:41:06 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Evaluation of AMAZON Exposure

It may be interesting to take an in-depth evaluation of the recent AMAZON Exposure..  What do you guys think? 

I have started working on a quick checklist of things to consider when evaluating *whether* the Risks of Cloud Computing can be assessed and at what point does the potential cost-savings / benefits cross the risk line.  Ideas..?

Patrick
Patrick552Lively at 5/12/2011 3:27:06 PM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron,

Thanks for email - looking forward to helping

John
John LloydLively at 5/5/2011 10:21:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

See you on Monday 16 May
Ghulam317Lively at 5/5/2011 9:02:53 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron, thanks for your email confirming this is where the project will run. Looking forward to getting started!

Is it possible to set automatic email alerts for this area? I don't always get time to browse to here but an email prompt will remind me!

Richard
RGN01Lively at 5/5/2011 3:37:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron, thanks for your email confirming this is where the project will run. Looking forward to getting started!

Is it possible to set automatic email alerts for this area? I don't always get time to browse to here but an email prompt will remind me!

Richard
RGN01Lively at 5/5/2011 3:37:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

See you on Monday 16 May
Ghulam317Lively at 5/5/2011 9:02:53 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron,

Thanks for email - looking forward to helping

John
John LloydLively at 5/5/2011 10:21:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Evaluation of AMAZON Exposure

It may be interesting to take an in-depth evaluation of the recent AMAZON Exposure..  What do you guys think? 

I have started working on a quick checklist of things to consider when evaluating *whether* the Risks of Cloud Computing can be assessed and at what point does the potential cost-savings / benefits cross the risk line.  Ideas..?

Patrick
Patrick552Lively at 5/12/2011 3:27:06 PM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

It is an interesting comment when you ask if the risks of cloud computing can be assessed. Understanding risk when moving to cloud is similar to understanding risk without cloud. The things that will cause the biggest porential losses are operational risks.  Research has shown that operational risks are hard to manage since they require activities for all aspects of the business from strategy to process. When there is a loss it is what is called a fat tailed event.  Operational losses are potentially huge and fall at the extremes of the risk curve.
Ron Hale Ph.D. CISMEnergizer at 5/13/2011 8:41:06 AM Quote
You must sign in to rate content.
(Unrated)

RE: ISACA Cloud Computing Projects - Looking for Volunteers

Ron,

Just to take your point forward, Understanding risks when moving to cloud is equivalent to understanding risk without cloud, plus, the whole lot of complexity and risks related to dealing with vendor or service provider.
As we know, IT provides service to business and in case of in-house IT dept, those services are created, delivered and managed by in house staff.  Similarly in case of Cloud environment  those services are created and delivered by the service provider to the in-house IT dept. and then procured, customized and managed by IT dept  to provide necessary services to the Business.

I think this is a natural evolution of IT & business we have seen for several decades.  Back in the EDP days, companies used to design and write their own software end to end, managed their own communication lines between offices, and had internal courier service to deliver goods. Now we buy OS, Middleware, database and other software from specialized vendors, get the communication services from telecom vendors / ISPs and courier services from someone like FEDEX.
On the similar lines, why do we need to deploy, maintain and manage security of  our own email servers, why it can't be procured just like telephone service from a few specialized vendors ? Or why do we need to buy productivity and collaboration servers and tools and manage them in house ?

I think many issues that we are challenged with now in the context of Cloud computing are fundamentally the same we encountered earlier. Hopefully we could learn from the past and apply insights we now have regarding Risk and Governance to ensure that we not only reap the benefits of economy and scale but ensure security too.


- Subodh
SubodhLively at 5/13/2011 3:35:08 PM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.