ERM Cloud Computing Flashcards
What are some strategies for managing cloud computing?
ERM for cloud computing begins with CLEAR OBJECTIVES and a well-structured plan.
- Strong cloud governance structure and reporting model
Assessment of internal IT skills
Well-defined, entity risk appetite
There are some entities that SHOULD NEVER use cloud (health companies)
Want to consider legal, regulatory, and operational risks
Most organizations include senior management and IT steering committee in this analysis
What is unauthorized cloud activity?
Preventative and detective control to prevent unauthorized procurement of cloud services
Many organizations are taking steps to make sure information is not stored on the cloud without authorization.
What is CSP transparency? What is the response?
Lack of CSP transparency?
- Vendor selection & assessment of CSP controls
- Contracting with approved vendors who provide sufficient information to enable information risk assessment
- List of required information from CSP may depend on type of service provided
What might you want to get from potential vendor?
1) references
2) Information about appropriate usage
3) Performance data
4) Network infrastructure
5) Data center- description
6) Security protocols, policies, and procedures
7) Data segregation
8) Compliance policies
How do you handle a cyber attack over the cloud?
Contract with backup CSP in the event of a hack on the primary CSP
