Investigation of IT Auditing and Checklist Generation Approach to Assure A Secure Cloud Computing Framework
DOI:
https://doi.org/10.51983/ajcst-2012.1.2.1705Keywords:
IT Auditing, Cloud Framework, ERP, CRM, Checklists, Cryptography, E-Campus, E-LearningAbstract
Recently, all over the world mechanism of cloud computing is widely acceptable and used by most of the enterprise businesses in order increase their productivity. However there are still some concerns about the security provided by the cloud environment are raises. In this project we are conducting the investigation studies over the IT auditing for assuring the security for cloud computing. During this investigation, we are implementing working of ID auditing mechanism over the cloud computing framework in order to assure the desired level of security. In the IT auditing mechanism, the concept of checklists are prepared for the cloud computing application and their lifecycle. Those checklists are prepared on the basis of models of cloud computing such as deployment models and services models. With this project our main concern is to present the cloud computing implications for large enterprise applications like CRM/ERP and achieving the desired level of security with design and implementation of IT auditing technique. As results from practical investigation of IT auditing over the cloud computing framework, we claim that IT auditing assuring the desired level of security, regulations, compliance for the enterprise applications like CRM, ERP, E-campus, E-learning etc.
References
NIST, Definition of Cloud Computing , Vol. 15, accessed on 4/15/2010, http://csrc.nist.gov/groups/SNS/cloudcomputing/cloud-def-Vol.15. doc.
Will Forrest, Clearing the Air on Cloud Computing, Discussion Document from McKinsey and Company, March 2009.
Luis M Vaquero, et al, “A Breaks in the Clouds: Toward the Definitions”, ACM SIGCOMM Computer Communication Review, Vol. 39, No.1, January 2009, pp 50-55.
Open crowd cloud computing taxonomy, http://www.opencrowd.com/ views.
Gramm-Leach-Bliley Act (GLBA, the Financial Services Modernization Act), http://www.gpo.gov/fdsys/pkg/ PLAW106publ102/contentdetail. html.
HIPAA U.S. Department of Health & Human Services, Office of Civil Rights, HIPAA, http://www.hhs.gov/ocr/hipaa/ privacy.html
IDE Enterprise Panel, August 2008, n = 244
Cloud Computing, the role of internal auditing, Ernst and Young, PPT presentation, October 8, 2009
Sarbanes-Oxley Act 2002, U.S. Securities and Exchange Commission (effective July 30, 2002), http://www.sec.gov/ about/laws/soa2002.pdf
Payment Card Industry Data Security Standard, https://www. pcisecuritystandards.org/security_standards/pci_ dss.shtml
SAS 70 Audit: http://www.aicpa.org/download/members/div/auditstd/ AU-00324.PDF
Security Guidance for Critical Areas of Focus in Cloud Computing, Vol. 2, by Cloud Security Alliance, December 2009.
Open Security Architecture Group http://www.opensecurityarchitecture. org/cms/library/patternlandscape/251-pattern-cloud-computing
Gerard Briscoe, AlexandrosMarinos: “Digital Ecosystems in the Clouds: Towards Community Cloud Computing”, IEEE Digital Ecosystems and Technologies DEST (2009), online access at http:// arxiv.org/PS_cache/arxiv/pdf/0903/0903.0694v3.pdf
Data is cited from several IBM presentations. For Example the IEEE Services I (2009) keynote.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2012 The Research Publication
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
