CPNI Information Security Briefing 01/2010 Cloud Computing

　こんにちは、丸山満彦です。英国のCentre for Protection of National Infrastructure（CPNI）がクラウドコンピューティングに関する報告書を出していますね。。。
　入門的な内容となっていますね。。。7章でリスクについてまとめられていますね。。。

・2010.03 Information Security Briefing 01/2010 Cloud Computing
　
目次です。
＝＝＝＝＝
1. Executive summary
2. What is cloud computing?
　2.1 Cloud computing characteristics
　2.2 Attributes of the cloud
　2.3 Alternative views of the cloud’s key attributes
　2.4 The delivery models of cloud computing
　2.5 The services and sub-services of cloud computing
　2.6 Examples of ‘the cloud’
3. What are the drivers of cloud computing?
　3.1 Drivers of cloud computing
　3.2 Benefits of cloud computing
4. Cloud computing architecture
　4.1 Service architectures
　4.2 Software as a Service (SaaS)
　4.3 Platform as a Service (PaaS)
　4.4 Infrastructure as a Service (IaaS)
5. Cloud computing maturity
　5.1 Adoption of cloud computing
　5.2 Maturity of the cloud
　5.3 Vendor maturity and impacts on adoption
6. Evolution of cloud computing
　6.1 History
　6.2 Evolution of cloud technologies
7. Risks of cloud computing
　7.1 Purpose and aim of section
　7.2 Overview of risks
8. Business risks
　8.1 Overview of business risks
　8.2 Business risks associated with vendor or public clouds
　8.3 Private clouds
　8.4 Hybrid clouds
　8.5 Community clouds
9. Security in the cloud
　9.1 Cloud threats
　9.2 Types of attackers
　9.3 Security risks
　9.4 Assessing the security of a third party cloud provider
　9.5 Emerging cloud security threats
　9.6 Examples of cloud security incidents
　9.7 Mitigating advice
10. Reliability and resilience
　10.1 Overview of resilience issues
　10.2 Benefits of cloud computing to continuity planners
　10.3 Systemic and specific risks
　10.4 Delivering resilience in the cloud
　10.5 Delivering resilience through testing
　10.6 Mitigating advice
11. Usability and performance
　11.1 Latency
　11.2 Reducing latency
　11.3 Network access
　11.4 Network availability
　11.5 Network performance
　11.6 Monitoring of network performance
　11.7 Mitigation advice
12. Regulations and legislation
　12.1 Overview of regulatory and legislation issues
　12.2 Rights to data
　12.3 Outsourcing contracts
　12.4 Outsourcing, subcontracting and the FSA
　12.5 Processing personal data in the cloud
　12.6 Mitigation advice
13. Organisational change
　13.1 Organisational change management
　13.2 Changing roles and responsibilities
　13.3 Software development and testing methodologies
　13.4 Mitigating advice
14. Security testing
　14.1 The objective: Information and technology risk management
　14.2 The approach
　14.3 Testing cloud services
　14.4 Testing cloud delivery models
　14.5 The solution
15. The future of cloud computing
　15.1 Drivers for future change
　15.2 Predictions
16. Glossary
＝＝＝＝＝

【参考】このブログ
・2009.11.23 ENISA Cloud Computing Risk Assessment