Enviar pesquisa
Carregar
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And Solutions For Internal Audit Final2
•
1 gostou
•
407 visualizações
Danny Miller
Seguir
Seminar on emerging technology, focusing on cloud technology.
Leia menos
Leia mais
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 29
Baixar agora
Baixar para ler offline
Recomendados
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
Tejaswi Agarwal
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
br-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Yusuf Hadiwinata Sutandar
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
Cloud Auditing
Cloud Auditing
Jonathan Sinclair
Trend micro data protection
Trend micro data protection
Andrew Wong
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014
Ravindran Vasu
Recomendados
ICRTITCS-2012 Conference Publication
ICRTITCS-2012 Conference Publication
Tejaswi Agarwal
GTB DLP - Content Aware Security Suite
GTB DLP - Content Aware Security Suite
VCW Security Ltd
br-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Yusuf Hadiwinata Sutandar
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
Sweta Kumari Barnwal
Cloud Auditing
Cloud Auditing
Jonathan Sinclair
Trend micro data protection
Trend micro data protection
Andrew Wong
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014
Ravindran Vasu
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
Dlp notes
Dlp notes
anuepcet
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Ulf Mattsson
GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013
Ravindran Vasu
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Editor IJMTER
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
Intel - API Security & Tokenization
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
IJCNCJournal
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Unisys Corporation
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computing
ijsrd.com
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Chaitanya chandra sekhar
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios
GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014
Ravindran Vasu
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
Gary Bahadur
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
Peter Tutty
1784 1788
1784 1788
Editor IJARCET
«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...
Victor Gridnev
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is Implemented
Jerry Paul Acosta
Security in the cloud planning guide
Security in the cloud planning guide
Yury Chemerkin
Fundamental cloud security
Fundamental cloud security
Asmaa Ibrahim
Internal Audit - Real Time Advisory
Internal Audit - Real Time Advisory
David Mallard
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
Manoj Agarwal
Mais conteúdo relacionado
Mais procurados
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Liwei Ren任力偉
Dlp notes
Dlp notes
anuepcet
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Ulf Mattsson
GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013
Ravindran Vasu
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Editor IJMTER
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
Intel - API Security & Tokenization
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
IJCNCJournal
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Unisys Corporation
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computing
ijsrd.com
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Chaitanya chandra sekhar
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios
GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014
Ravindran Vasu
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
Gary Bahadur
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
Peter Tutty
1784 1788
1784 1788
Editor IJARCET
«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...
Victor Gridnev
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is Implemented
Jerry Paul Acosta
Security in the cloud planning guide
Security in the cloud planning guide
Yury Chemerkin
Fundamental cloud security
Fundamental cloud security
Asmaa Ibrahim
Mais procurados
(19)
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
Dlp notes
Dlp notes
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Improve HLA based Encryption Process using fixed Size Aggregate Key generation
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computing
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Mcafee data loss_prevention_11.6.x_product_guide_9-28-2021
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
Nagios Conference 2014 - Sean Falzon - Nagios as a PC Health Monitor
GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
1784 1788
1784 1788
«Определение понятия «облачные вычисления» (от National Institute of Standard...
«Определение понятия «облачные вычисления» (от National Institute of Standard...
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is Implemented
Security in the cloud planning guide
Security in the cloud planning guide
Fundamental cloud security
Fundamental cloud security
Destaque
Internal Audit - Real Time Advisory
Internal Audit - Real Time Advisory
David Mallard
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
Manoj Agarwal
Technology and Innovation Management
Technology and Innovation Management
Jamil AlKhatib
Internal Audit COSO Framework
Internal Audit COSO Framework
Jesús Gándara
The Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
Destaque
(6)
Internal Audit - Real Time Advisory
Internal Audit - Real Time Advisory
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
Technology and Innovation Management
Technology and Innovation Management
Internal Audit COSO Framework
Internal Audit COSO Framework
The Internal Audit Framework
The Internal Audit Framework
Semelhante a Nfp Seminar Series Danny November 18 Emerging Technology Challenges And Solutions For Internal Audit Final2
Iia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V Final
Danny Miller
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
DLA Piper (Canada) LLP
093049ov4.pptx
093049ov4.pptx
NguyenNM
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & Netskope
Ahmad Abdalla
110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
UnifyCloud
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Lisa Abe-Oldenburg, B.Comm., JD.
The Cloud Security Landscape
The Cloud Security Landscape
Peter Wood
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Ciente
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
IFCLA - International Federation of Computer Law Associations
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
Cloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
TrongMinhHoang1
Lecture27 cc-security2
Lecture27 cc-security2
Ankit Gupta
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
ATMOSPHERE .
Cloud computing-security-issues
Cloud computing-security-issues
Aleem Mohammed
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
Uni Systems S.M.S.A.
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
CompTIA UK
Semelhante a Nfp Seminar Series Danny November 18 Emerging Technology Challenges And Solutions For Internal Audit Final2
(20)
Iia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V Final
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
093049ov4.pptx
093049ov4.pptx
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & Netskope
110307 cloud security requirements gourley
110307 cloud security requirements gourley
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
The Cloud Security Landscape
The Cloud Security Landscape
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Cloud computing security issues and challenges
Cloud computing security issues and challenges
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
Lecture27 cc-security2
Lecture27 cc-security2
Software Defined Networking in the ATMOSPHERE project
Software Defined Networking in the ATMOSPHERE project
Cloud computing-security-issues
Cloud computing-security-issues
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
Mais de Danny Miller
Cip Multichannel Retail Webcast 091112 (2)
Cip Multichannel Retail Webcast 091112 (2)
Danny Miller
Social Media Presentation Gt Vfinal
Social Media Presentation Gt Vfinal
Danny Miller
Cybersecurity It Audit Services Gt April2012
Cybersecurity It Audit Services Gt April2012
Danny Miller
Draft Webinar Template Enterprise Master Data Mgt Oct24 2011(V5)
Draft Webinar Template Enterprise Master Data Mgt Oct24 2011(V5)
Danny Miller
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Danny Miller
Bcp Dr Grant Thornton Llp(Danny Miller) Vfinal
Bcp Dr Grant Thornton Llp(Danny Miller) Vfinal
Danny Miller
Mais de Danny Miller
(6)
Cip Multichannel Retail Webcast 091112 (2)
Cip Multichannel Retail Webcast 091112 (2)
Social Media Presentation Gt Vfinal
Social Media Presentation Gt Vfinal
Cybersecurity It Audit Services Gt April2012
Cybersecurity It Audit Services Gt April2012
Draft Webinar Template Enterprise Master Data Mgt Oct24 2011(V5)
Draft Webinar Template Enterprise Master Data Mgt Oct24 2011(V5)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Bcp Dr Grant Thornton Llp(Danny Miller) Vfinal
Bcp Dr Grant Thornton Llp(Danny Miller) Vfinal
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And Solutions For Internal Audit Final2
1.
Emerging Technology Challenges
and Solutions for Internal Audit and Compliance A Focus on Cloud Computing and Mobile Platforms Grant Thornton Breakfast Seminar Series The Union League – Philadelphia, PA November 2011 Presented by: Danny Miller, CGEIT, CISA, ITIL, CRISC, QSA Principal, Business Advisory Services National Solutions Lead - Cyber Security & Privacy © Grant Thornton. All rights reserved.
2.
Topics • Emerging
Technology – Cloud computing – Mobile computing – Cybersecurity trends • Potential IA Complexities • Risks and Mitigating Risk (strategies) • What’s Next? © Grant Thornton. All rights reserved.
3.
Emerging Technology Trends
Spending on public IT cloud services will grow at more than five times the rate of the IT industry in 2011-2012 Enterprise IT planners begin to include cloud-computing expertise in some of their job searches to be prepared for the projects of the short-term and mid-term future Hosted private clouds will outnumber internal clouds 3:1… But service providers have been incrementally ready. Cloud management and monitoring will fuel enterprise cloud adoption 32% of CIOs expect virtualization to be their top investment in 2011 © Grant Thornton. All rights reserved.
4.
Cloud computing overview
Grant Thornton's CAE Survey • More than 300 CAEs surveyed responded that – 77% are at least somewhat familiar with cloud computing – 69% use cloud computing; many expect cloud computing use to increase (45%) or stay the same (55%) in the next 12 months • When asked to describe their view as to the security, governance, risk and controls implications in moving to a cloud environment, 43% responded "I haven’t really given it much thought." • 64% of respondents do not include cloud computing in their audit plan © Grant Thornton. All rights reserved.
5.
Cloud computing overview
Global Public Cloud Market Size © Grant Thornton. All rights reserved.
6.
Emerging Technology •
Cloud computing – Saas, PaaS, IaaS, DaaS • Mobile computing – Mobile platforms that are blurring the line between a hand-held and complex computing • Risks and Strategies for Cloud Computing • Cybersecurity – Trends © Grant Thornton. All rights reserved.
7.
Emerging Technology Platforms
(con't.) Types of Clouds Models of Cloud: • Public • Software as a Service (SaaS) - Shared computer resources provided - Software applications delivered over by an off-site third-party provider the Internet • Private • Platform as a Service (PaaS) - Dedicated computer resources - Full or partial operating provided by an off-site third-party or system/development environment use of Cloud technologies on a private delivered over the Internet internal network • Infrastructure as a Service (IaaS) • Hybrid - Computer infrastructure delivered over - Consisting of multiple public and the Internet private Clouds • Desktop as a Service (DaaS) - Virtualization of desktop systems serving thin clients, delivered over the Internet or a private Cloud © Grant Thornton. All rights reserved.
8.
Emerging Technology Platforms
(con't.) Public Cloud Private Cloud © Grant Thornton. All rights reserved.
9.
Emerging Technology Platforms
(con't.) • Mobile computing is: – Wireless – Utilizes tablet platforms and smartphones – Internet-based – Communication via 3G/4G and WiFi – Scaled applications © Grant Thornton. All rights reserved.
10.
Potential New IA
Complexity Cloud computing – Availability & performance – Business continuity – Cybersecurity – Data encryption – Privacy (especially in Healthcare & Life Sciences) © Grant Thornton. All rights reserved.
11.
Potential New IA
Complexity (con't.) Cloud computing (con't.) – Compliance • FISMA • HIPAA • SOX • PCI DSS (card payments) • EU Data Protection Directive, et al. © Grant Thornton. All rights reserved.
12.
Potential New IA
Complexity (con't.) Mobile computing – Security (physical and virtual) – Data ownership – Service interruption and recovery – Data archiving – Availability © Grant Thornton. All rights reserved.
13.
Potential New IA
Complexity (con't.) Mobile computing – WiFi/3G/4G security – Surveillance and access control – Availability – Data ownership and recovery – Auditability – Bluetooth “hijacking” – AIDC © Grant Thornton. All rights reserved.
14.
Risks and audit
strategies for the Cloud Six risk areas • Security • Multi-tenancy • Data location • Reliability • Sustainability • Scalability © Grant Thornton. All rights reserved.
15.
Risks and audit
strategies 1. Security - risks • The cloud provider’s security policies are not as strong as the organization's data security requirements (mis-alignment) • Cloud systems (servers, other devices) which store organization data are not updated or patched when necessary (vulnerability) • Security vulnerability assessments or penetration tests are not performed on a regular basis to ensure logical and physical security controls are in place • The physical location of company data is not properly secured © Grant Thornton. All rights reserved.
16.
Risks and audit
strategies 1. Security – audit strategy • Determine if the cloud provider meets or exceeds the Organization's security requirements • Determine if the cloud provider’s security posture is based on a security standard (i.e., ISO27001, Cloud Security Alliance, PCI DSS, etc.) • Determine if the cloud provider has a security assessment performed • For your organization, have a baseline security assessment done. • Determine if the cloud provider’s Service Organization Report (i.e., SSAE 16, SOC Reports) addresses specific security controls © Grant Thornton. All rights reserved.
17.
Risks and audit
strategies 2. Multi-tenancy – risks • Organization data is not appropriately segregated on shared hardware resulting in Company data being inappropriately accessed by third parties • The cloud service provider has not deployed appropriate levels of encryption to ensure data is appropriately segregated both in rest and transit • The cloud service provider cannot determine the specific location of the organization's data on its systems • Organization data resides on shared server space which might conflict with regulatory compliance requirements for the organization © Grant Thornton. All rights reserved.
18.
Risks and audit
strategies 2. Multi-tenancy – audit strategy • Inquire of the cloud service provider’s method used to secure the Company’s data from being accessed by other customers/third parties • Review the cloud service provider’s SLA to determine if the SLA addresses security of the organization's data • Review independent audit report(s) related to the Cloud provider’s security posture (i.e., security settings, data encryption methods, etc.) and/or exercise the organization's "right-to-audit" clause • Gain access to cloud system(s) and perform limited auditing procedures from the Company’s location © Grant Thornton. All rights reserved.
19.
Risks and audit
strategies 3. Data location – risks • Organization is not aware of all of the cloud service provider’s physical location(s) • Organization does not know where their data is physically or virtually stored – implies potential issue with sensitive data being stored outside the country, violating certain laws and regulations • The Cloud service provider moves organization data to another location without informing the Organization or gaining its consent • Organization data is stored in international locations and falls under foreign business or national laws/regulations (Data Protection Directive – EU 95/46/EC, Mass Data Privacy Law 201 CMR 17, state Breach Laws and there is some additional U.S. national proposed legislation coming soon) © Grant Thornton. All rights reserved.
20.
Risks and audit
strategies 3. Data location – audit strategy • Inquire of the cloud provider the specific physical and virtual location of the organization's data • Work with the organization's legal group to fully understand the impact and potential risks of the organization's data residing in a foreign country • Ensure regulatory compliance is maintained if data resides in multiple locations © Grant Thornton. All rights reserved.
21.
Risks and audit
strategies 4. Reliability – risks • The cloud service provider has quality of service standards which conflict with business requirements (do you have an SLA/OLA?) • During peak system activity times, the cloud service provider experiences system performance issues that result in the following: - Organization employees cannot access the organization's data when needed - Customers are unable to use the organization's systems (such as placing an order on the organization's web site) because of performance problems with the cloud provider © Grant Thornton. All rights reserved.
22.
Risks and audit
strategies 4. Reliability – audit strategy • Inquire of the cloud service provider to determine the controls in place to ensure the reliability of the cloud solution • Obtain an SLA/contract from the cloud service provider which details the specific reliability agreement for the organization. Compare this information to actual performance • Determine the times that the cloud provider performs system upgrades and/or patches to ensure data availability during peak business hours is not affected • Review the organization's business continuity plan and determine if the plan addresses interruptions with the cloud systems used by the Company © Grant Thornton. All rights reserved.
23.
Risks and audit
strategies 5. Sustainability – risks • In the event the cloud service provider goes out of business, the organization might not be able to retrieve the organization's data. In addition, another third party might gain access/control of the organization's data • The cloud service provider does not have appropriate system recovery procedures in place in the event of a disaster • The organization's business continuity plan does not address the cloud’s service offering being unavailable • Organization data is compromised as a result of a disaster © Grant Thornton. All rights reserved.
24.
Risks and audit
strategies 5. Sustainability – audit strategy • Inquire of the cloud service provider to determine if they have adequate controls in place to recover and protect the organization's data even in the event of a disaster • Review the organization's business continuity plan and determine if the plan addresses interruptions with the cloud solution • Inquire of the cloud service provider to determine how the organization would gain access to its data in the event the cloud service provider goes out of business © Grant Thornton. All rights reserved.
25.
Risks and audit
strategies 6. Scalability – risks • The cloud service provider’s systems cannot scale to meet the organization's anticipated growth, both for a short-term spike and/or to meet a long-term strategy • If the organization decides to migrate all or part of the organization's system and/or data back in-house (or to another provider), the cloud service provider cannot (or will not) provide the data © Grant Thornton. All rights reserved.
26.
Risks and audit
strategies 6. Scalability – audit strategy • Determine if the cloud provider’s system can scale to meet the organization's expected short-term spikes and/or growth over the next five years • Determine if the organization has a contingency plan in the event the cloud provider’s systems cannot scale to meet the organization's needs • Determine who is the “owner” of the organization's data • Determine if the cloud provider would allow the organization to move data back in house and/or to another provider. Determine the specific procedures and associated costs needed to perform this task © Grant Thornton. All rights reserved.
27.
Cybersecurity Trends (What’s
Next?) • Distributed computing (the Cloud) • Cybersecurity & Privacy focus • Virtualization • Advanced IA tools – Analytics – Provenance engines – Enhanced hardware firewalls – Advanced encryption technology – New data segregation and security standards – Secure digital communications • Standards such as ITIL, COBIT and PCI are integrating and are now complimentary © Grant Thornton. All rights reserved.
28.
Questions? © Grant Thornton.
All rights reserved.
29.
Emerging Technology Challenges
for Internal Audit and Compliance Danny Miller, CISA, CGEIT, CRISC, ITIL, QSA National Solutions Lead – Cybersecurity Regional Solutions Lead – Business Consulting Principal, Grant Thornton LLP Danny.Miller@us.gt.com http://grantthornton.com/ © Grant Thornton. All rights reserved.
Baixar agora