Autor: ISACA Fecha de Publicación: 1 May 2019 English
With more and more organizations continuing to adopt cloud services and hosting on public cloud platforms, knowing how to audit these platforms becomes crucial. Amazon Web Services (AWS) is not the only public cloud platform, but it is used prevalently throughout many industries. Organizational use of AWS as well as operational, security and compliance elements of AWS, are all criticalfor IT auditors to understand when considering specific risk areas to audit.
To help auditors determine if AWS supports operational and compliance objectives, ISACA has released the Amazon Web Services (AWS) Audit Program, which covers considering AWS in terms of:
Governance
Network configuration and management
Asset configuration and management
Logical access control
Data encryption control
Security incident response
Security logging and monitoring
Disaster recovery
Conducting a formal assessment of an organization’s use of AWS, access to the AWS environment, and management and interrelationships of AWS allows auditors to develop an evaluation of how effectively AWS applications and containers function.
