Want FREE Templates on Strategy & Transformation? Download our FREE compilation of 50+ slides. This is an exclusive promotion being run on LinkedIn.

  Please register (it's free!) or login to view the remaining preview.
If you are logged in, your referral link [?] is automatically included below.
EMBED CODE (Copy and Paste)


BENEFITS OF DOCUMENT

  1. Diagnose Cloud Security and Risk Standards projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices.
  2. Implement evidence-based best practice strategies aligned with overall goals.
  3. Integrate recent advances in Cloud Security and Risk Standards and process design strategies into practice according to best practice guidelines.

DOCUMENT DESCRIPTION

This Cloud Security and Risk Standards Self Assessment helps you diagnose and address the following issues and questions:

IDS/IPS traffic pattern analysis can often detect or block attacks such as a denial-of-service attack or a network scan. However, in some cases this is legitimate traffic (such as using cloud infrastructure for load testing or security testing). Does the cloud provider have a documented exception process for allowing legitimate traffic that the IDS/IPS flags as an attack pattern?

It is clear that the CSP will face a large number of requests from its customers to prove that the CSP is secure and reliable. There a number of audit and compliance considerations for both the CSP and the customer to consider in cloud computing. First, which compliance framework should a CSP adopt to satisfy its customers and manage its own risks?

In addition to the security of your own customer data, customers should also be concerned about what data the provider collects and how the CSP protects that data. Specifically with regard to your customer data, what metadata does the provider have about your data, how is it secured, and what access do you, the customer, have to that metadata?

IDS/IPS content matching can detect or block known malware attacks, virus signatures, and spam signatures, but are also subject to false positives. If the cloud provider provides IDS/IPS services, is there a documented exception process for allowing legitimate traffic that has content similar to malware attacks or spam?

Security and authentication technologies, allied to event logging, in the cloud computing environment can help auditors as they deal with issues related to workflow were those who entered, approved, changed or otherwise touched data authorized to do so, on an individual, group or role-related basis?

As a CSP undertakes to build out or take a fresh look at its service offerings, the CSP should clearly define its business strategy and related risk management philosophy. What market segments or industries does the CSP intend to serve?

How do you know that a breach has occurred, how do you ensure that the CSP notifies you when a breach occurs, and who is responsible for managing the breach notification process (and costs associated with the process)?

An extra consideration when using cloud services concerns the handling of encryption keys - where are the keys stored and how are they made available to application code that needs to decrypt the data for processing?

Another critical success factor is that appropriate governance needs to be in place. That is, is an appropriate organizational structure in place to manage the organization facing the cloud computing solution?

The Self Assessment tool is built in MS Excel. The above preview showcases an example of a completed version. The secondary document includes a blank template, as well as a detailed 140+ page PDF guide. The guide provides a convenient way to distribute and share among the participants to prepare and discuss the Self Assessment.

Got a question about the product? Email us at [email protected] or ask the author directly by using the form to the right. If you cannot view the preview above this document description, go here to view the large preview instead.

Source: Assessment Dashboard - Cloud Security and Risk Standards Excel document

 
Top Flevy Author [?]

Assessment Dashboard - Cloud Security and Risk Standards

Sold by Gerard Blokdijk (this author has 139 documents)

$79.00

ALL FEES INCLUDED
Add to Cart
  

This business document is categorized under the function(s):

It applies to All Industries

File Type: Excel (xlsx)

File Size: 473.3 KB

Related Topic(s): Cloud

Purchase includes lifetime product updates. After your purchase, you will receive an email to download this document.

This product contains a supplemental ZIP document.

Initial upload date (first version): Oct 26, 2017
Most recent version published: Oct 30, 2017

Ask the Author a Question

Must be logged in Click here to log in






CUSTOMER TESTIMONIALS




SELECT CUSTOMERS

Since 2012, we have provided best practices to over 5,000 businesses and organizations of all sizes across the world—in over 130 countries. Below is just a very small sample of our customer base.



Did you know?
The average daily rate of a McKinsey consultant is $6,625 (not including expenses). The average price of a Flevy document is $65.



CUSTOMERS ALSO BOUGHT THESE DOCUMENTS

170-page PDF document
$299.00
Excel workbook and supporting ZIP
$79.00
42-page Word document
$30.00
142-page PDF document and supporting PDF
$34.99
43-slide PowerPoint deck
$100.00
Author: stjianga
16-slide PowerPoint deck and supporting Word
$25.00
Author: vskumar
Excel workbook and supporting ZIP
$149.00
14-slide PowerPoint deck
$20.00
Author: vskumar
2-page PDF document
$20.00
Author: shivomagg
15-slide PowerPoint deck
$35.00
Author: yveszieba
81-slide PowerPoint deck
$59.00
Author: LearnPPT

 
RELATED TOPICS

TOP 10 TOPICS

Become your organization's resident expert on...

Digital Transformation
 
Strategy Development
 
Organizational Design (OD)
 
Performance Management
 
Post-merger Integration (PMI)
 
Organizational Culture (OC)
 
Business Transformation
 
Customer-centric Design (CCD)
Interested in something else? Browse our 350+ Business Toolkits of best practices, each focused on a specific management topic.