Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance

(ebook) (audiobook) (audiobook)

Autorzy:: Tim Mather, Subra Kumaraswamy, Shahed Latif

Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance Tim Mather, Subra Kumaraswamy, Shahed Latif - okładka ebooka

Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance Tim Mather, Subra Kumaraswamy, Shahed Latif - okładka audiobooka MP3

Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance Tim Mather, Subra Kumaraswamy, Shahed Latif - okładka audiobooks CD

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 338
Dostępne formaty:: ePub

Mobi

+109 pkt

Ebook (101,15 zł najniższa cena z 30 dni)

~~129,00 zł~~ (-15%)
109,65 zł

Dodaj do koszyka lub Kup na prezent
Kup 1-kliknięciem

( 101,15 zł najniższa cena z 30 dni)

Przenieś na półkę

Do przechowalni

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.

Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking.

Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
Discover which security management frameworks and standards are relevant for the cloud
Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
Examine security delivered as a service-a different facet of cloud security

Wybrane bestsellery

Ebooka "Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolnych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance" zobaczysz:

Oceny i opinie klientów: Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance Tim Mather, Subra Kumaraswamy, Shahed Latif (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły ebooka

ISBN Ebooka:: 978-14-493-7951-3, 9781449379513
Data wydania ebooka:: 2009-09-04 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 4.1MB
Rozmiar pliku Mobi:: 9.6MB

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking

Informatyka » Hacking » Bezpieczeństwo systemów

Informatyka » Hacking » Inne

Informatyka » Hacking » Bezpieczeństwo WWW

Informatyka » Programowanie » Programowanie w chmurze

Informatyka » Hacking » Bezpieczeństwo sieci

Spis treści ebooka

Cloud Security and Privacy
SPECIAL OFFER: Upgrade this ebook with OReilly
Preface
- Who Should Read This Book
- Whats in This Book
- Conventions Used in This Book
- Using Code Examples
- Safari Books Online
- How to Contact Us
- Acknowledgments
  - From Tim Mather
  - From Subra Kumaraswamy
  - From Shahed Latif
1. Introduction
- Mind the Gap
- The Evolution of Cloud Computing
- Summary
2. What Is Cloud Computing?
- Cloud Computing Defined
- The SPI Framework for Cloud Computing
  - Relevant Technologies in Cloud Computing
    - Cloud access devices
    - Browsers and thin clients
    - High-speed broadband access
    - Data centers and server farms
    - Storage devices
    - Virtualization technologies
    - APIs
- The Traditional Software Model
- The Cloud Services Delivery Model
  - The Software-As-a-Service Model
  - The Platform-As-a-Service Model
  - The Infrastructure-As-a-Service Model
- Cloud Deployment Models
  - Public Clouds
  - Private Clouds
  - Hybrid Clouds
- Key Drivers to Adopting the Cloud
  - Small Initial Investment and Low Ongoing Costs
  - Economies of Scale
  - Open Standards
  - Sustainability
- The Impact of Cloud Computing on Users
  - Individual Consumers
  - Individual Businesses
  - Start-ups
  - Small and Medium-Size Businesses (SMBs)
  - Enterprise Businesses
- Governance in the Cloud
- Barriers to Cloud Computing Adoption in the Enterprise
  - Security
  - Privacy
  - Connectivity and Open Access
  - Reliability
  - Interoperability
  - Independence from CSPs
  - Economic Value
  - IT Governance
  - Changes in the IT Organization
  - Political Issues Due to Global Boundaries
- Summary
3. Infrastructure Security
- Infrastructure Security: The Network Level
  - Ensuring Data Confidentiality and Integrity
  - Ensuring Proper Access Control
  - Ensuring the Availability of Internet-Facing Resources
  - Replacing the Established Model of Network Zones and Tiers with Domains
  - Network-Level Mitigation
- Infrastructure Security: The Host Level
  - SaaS and PaaS Host Security
  - IaaS Host Security
  - Virtualization Software Security
    - Threats to the hypervisor
  - Virtual Server Security
    - Securing virtual servers
- Infrastructure Security: The Application Level
  - Application-Level Security Threats
  - DoS and EDoS
  - End User Security
  - Who Is Responsible for Web Application Security in the Cloud?
  - SaaS Application Security
  - PaaS Application Security
    - PaaS application container
  - Customer-Deployed Application Security
  - IaaS Application Security
  - Public Cloud Security Limitations
- Summary
4. Data Security and Storage
- Aspects of Data Security
- Data Security Mitigation
- Provider Data and Its Security
  - Storage
    - Confidentiality
    - Integrity
    - Availability
- Summary
5. Identity and Access Management
- Trust Boundaries and IAM
- Why IAM?
- IAM Challenges
- IAM Definitions
- IAM Architecture and Practice
- Getting Ready for the Cloud
- Relevant IAM Standards and Protocols for Cloud Services
  - IAM Standards and Specifications for Organizations
    - Security Assertion Markup Language (SAML)
    - Service Provisioning Markup Language (SPML)
    - eXensible Access Control Markup Language (XACML)
    - Open Authentication (OAuth)
  - IAM Standards, Protocols, and Specifications for Consumers
    - OpenID
    - Information cards
    - Open Authentication (OATH)
    - Open Authentication API (OpenAuth)
  - Comparison of Enterprise and Consumer Authentication Standards and Protocols
- IAM Practices in the Cloud
  - Cloud Identity Administration
  - Federated Identity (SSO)
    - Enterprise identity provider
    - Identity management-as-a-service
- Cloud Authorization Management
  - IAM Support for Compliance Management
- Cloud Service Provider IAM Practice
  - SaaS
    - Customer responsibilities
    - CSP responsibilities
  - PaaS
  - IaaS
- Guidance
- Summary
6. Security Management in the Cloud
- Security Management Standards
  - ITIL
  - ISO 27001/27002
- Security Management in the Cloud
- Availability Management
  - Factors Impacting Availability
- SaaS Availability Management
  - Customer Responsibility
  - SaaS Health Monitoring
- PaaS Availability Management
  - Customer Responsibility
  - PaaS Health Monitoring
- IaaS Availability Management
  - IaaS Health Monitoring
- Access Control
  - Access Control in the Cloud
  - Access Control: SaaS
  - Access Control: PaaS
  - Access Control: IaaS
    - CSP infrastructure access control
    - Customer virtual infrastructure access control
  - Access Control Summary
- Security Vulnerability, Patch, and Configuration Management
  - Security Vulnerability Management
  - Security Patch Management
  - Security Configuration Management
  - SaaS VPC Management
    - SaaS provider responsibilities
    - SaaS customer responsibilities
  - PaaS VPC Management
    - PaaS provider responsibilities
    - PaaS customer responsibilities
  - IaaS VPC Management
    - IaaS provider responsibilities
    - IaaS customer responsibilities
  - Intrusion Detection and Incident Response
  - Customer Versus CSP Responsibilities
  - Caveats
- Summary
7. Privacy
- What Is Privacy?
- What Is the Data Life Cycle?
- What Are the Key Privacy Concerns in the Cloud?
- Who Is Responsible for Protecting Privacy?
- Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing
  - Collection Limitation Principle
  - Use Limitation Principle
  - Security Principle
  - Retention and Destruction Principle
  - Transfer Principle
  - Accountability Principle
- Legal and Regulatory Implications
- U.S. Laws and Regulations
  - Federal Rules of Civil Procedure
  - USA Patriot Act
  - Electronic Communications Privacy Act
  - FISMA
  - GLBA
  - HIPAA
  - HITECH Act
- International Laws and Regulations
  - EU Directive
  - APEC Privacy Framework
- Summary
8. Audit and Compliance
- Internal Policy Compliance
- Governance, Risk, and Compliance (GRC)
  - Benefits of GRC for CSPs
  - GRC Program Implementation
- Illustrative Control Objectives for Cloud Computing
  - A.5 Security policy
  - A.6 Organization of information security
  - A.7 Asset management
  - A.8 Human resources security
  - A.9 Physical and environmental security
  - A.10 Communications and operations management
  - A.11 Access control
  - A.12 Information systems acquisition, development, and maintenance
  - A.13 Information security incident management
  - A.14 Business continuity management
  - A.15 Compliance
- Incremental CSP-Specific Control Objectives
  - Asset management, access control
  - Information systems acquisition, development, and maintenance
  - Communications and operations management
  - Access control
  - Compliance
- Additional Key Management Control Objectives
  - Key management
- Control Considerations for CSP Users
  - Access control
  - Information systems acquisition, development, and maintenance
  - Organization of information security
- Regulatory/External Compliance
  - Sarbanes-Oxley Act
    - Cloud computing impact of SOX
  - PCI DSS
    - Cloud computing impact of PCI DSS
  - HIPAA
    - Administrative safeguards
    - Assigned security responsibility
    - Physical safeguards
    - Technical safeguards
    - Summary of HIPAA privacy standards
    - Cloud computing impact of HIPAA
- Other Requirements
  - The Control Objectives for Information and Related Technology (COBIT)
    - Cloud computing impact of COBIT
- Cloud Security Alliance
- Auditing the Cloud for Compliance
  - Internal Audit Perspective
  - External Audit Perspective
    - Audit framework
    - SAS 70
    - SysTrust
    - WebTrust
    - ISO 27001 certification
  - Comparison of Approaches
- Summary
9. Examples of Cloud Service Providers
- Amazon Web Services (IaaS)
- Google (SaaS, PaaS)
- Microsoft Azure Services Platform (PaaS)
- Proofpoint (SaaS, IaaS)
- RightScale (IaaS)
- Salesforce.com (SaaS, PaaS)
- Sun Open Cloud Platform
- Workday (SaaS)
- Summary
10. Security-As-a-[Cloud] Service
- Origins
- Todays Offerings
  - Email Filtering
  - Web Content Filtering
  - Vulnerability Management
  - Identity Management-As-a-Service
- Summary
11. The Impact of Cloud Computing on the Role of Corporate IT
- Why Cloud Computing Will Be Popular with Business Units
  - Low-Cost Solution
  - Responsiveness/Flexibility
  - IT Expense Matches Transaction Volume
  - Business Users Are in Direct Control of Technology Decisions
  - The Line Between Home Computing Applications and Enterprise Applications Will Blur
- Potential Threats of Using CSPs
  - Vested Interest of Cloud Providers
  - Loss of Control Over the Use of Technologies
  - Perceived High Risk of Using Cloud Computing
  - Portability and Lock-in to Proprietary Systems for CSPs
  - Lack of Integration and Componentization
  - ERP Vendors Offer SaaS
- A Case Study Illustrating Potential Changes in the IT Profession Caused by Cloud Computing
- Governance Factors to Consider When Using Cloud Computing
- Summary
12. Conclusion, and the Future of the Cloud
- Analyst Predictions
- Survey Says?
- Security in Cloud Computing
  - Infrastructure Security
  - Data Security and Storage
  - Identity and Access Management
  - Security Management
  - Privacy
  - Audit and Compliance
  - Security-As-a-[Cloud]-Service
  - Impact of Cloud Computing on the Role of Corporate IT
- Program Guidance for CSP Customers
  - Security Leadership
  - Security Governance
  - Security Assurance
  - Security Management
  - User Management
  - Technology Controls
  - Technology Protection and Continuity
  - Overall Guidance
- The Future of Security in Cloud Computing
  - Infrastructure Security
  - Data Security and Storage
  - Identity and Access Management
  - Security Management
  - Privacy
  - Audit and Compliance
  - Impact of Cloud Computing on the Role of Corporate IT
- Summary
A. SAS 70 Report Content Example
- Section I: Service Auditors Opinion
- Section II: Description of Controls
- Section III: Control Objectives, Related Controls, and Tests of Operating Effectiveness
- Section IV: Additional Information Provided by the Service Organization
B. SysTrust Report Content Example
- SysTrust Auditors Opinion
- SysTrust Management Assertion
- SysTrust System Description
- SysTrust Schedule of Controls
C. Open Security Architecture for Cloud Computing
- Legend
- Description
- Key Control Areas
- Examples
- Assumptions
- Typical Challenges
- Indications
- Contraindications
- Resistance Against Threats
- References
- Control Details
Glossary
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with OReilly
Copyright

pokaż cały spis treści

Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance

Ebook (101,15 zł najniższa cena z 30 dni)

Najczęściej kupowane razem