« IPA 2010年版 10大脅威 あぶり出される組織の弱点! | Main | 公認会計士協会 パブコメ IT委員会研究報告「電子的媒体又は経路による確認に関する監査上の留意点」 »

2010.04.01

CPNI Information Security Briefing 01/2010 Cloud Computing

 こんにちは、丸山満彦です。英国のCentre for Protection of National Infrastructure(CPNI)がクラウドコンピューティングに関する報告書を出していますね。。。
 入門的な内容となっていますね。。。7章でリスクについてまとめられていますね。。。

・2010.03 Information Security Briefing 01/2010 Cloud Computing
 
目次です。
=====
1. Executive summary
2. What is cloud computing?

 2.1 Cloud computing characteristics
 2.2 Attributes of the cloud
 2.3 Alternative views of the cloud’s key attributes
 2.4 The delivery models of cloud computing
 2.5 The services and sub-services of cloud computing
 2.6 Examples of ‘the cloud’
3. What are the drivers of cloud computing?
 3.1 Drivers of cloud computing
 3.2 Benefits of cloud computing
4. Cloud computing architecture
 4.1 Service architectures
 4.2 Software as a Service (SaaS)
 4.3 Platform as a Service (PaaS)
 4.4 Infrastructure as a Service (IaaS)
5. Cloud computing maturity
 5.1 Adoption of cloud computing
 5.2 Maturity of the cloud
 5.3 Vendor maturity and impacts on adoption
6. Evolution of cloud computing
 6.1 History
 6.2 Evolution of cloud technologies
7. Risks of cloud computing
 7.1 Purpose and aim of section
 7.2 Overview of risks
8. Business risks
 8.1 Overview of business risks
 8.2 Business risks associated with vendor or public clouds
 8.3 Private clouds
 8.4 Hybrid clouds
 8.5 Community clouds
9. Security in the cloud
 9.1 Cloud threats
 9.2 Types of attackers
 9.3 Security risks
 9.4 Assessing the security of a third party cloud provider
 9.5 Emerging cloud security threats
 9.6 Examples of cloud security incidents
 9.7 Mitigating advice
10. Reliability and resilience
 10.1 Overview of resilience issues
 10.2 Benefits of cloud computing to continuity planners
 10.3 Systemic and specific risks
 10.4 Delivering resilience in the cloud
 10.5 Delivering resilience through testing
 10.6 Mitigating advice
11. Usability and performance
 11.1 Latency
 11.2 Reducing latency
 11.3 Network access
 11.4 Network availability
 11.5 Network performance
 11.6 Monitoring of network performance
 11.7 Mitigation advice
12. Regulations and legislation
 12.1 Overview of regulatory and legislation issues
 12.2 Rights to data
 12.3 Outsourcing contracts
 12.4 Outsourcing, subcontracting and the FSA
 12.5 Processing personal data in the cloud
 12.6 Mitigation advice
13. Organisational change
 13.1 Organisational change management
 13.2 Changing roles and responsibilities
 13.3 Software development and testing methodologies
 13.4 Mitigating advice
14. Security testing
 14.1 The objective: Information and technology risk management
 14.2 The approach
 14.3 Testing cloud services
 14.4 Testing cloud delivery models
 14.5 The solution
15. The future of cloud computing
 15.1 Drivers for future change
 15.2 Predictions
16. Glossary
=====

【参考】このブログ
・2009.11.23 ENISA Cloud Computing Risk Assessment

|

« IPA 2010年版 10大脅威 あぶり出される組織の弱点! | Main | 公認会計士協会 パブコメ IT委員会研究報告「電子的媒体又は経路による確認に関する監査上の留意点」 »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/47965368

Listed below are links to weblogs that reference CPNI Information Security Briefing 01/2010 Cloud Computing:

« IPA 2010年版 10大脅威 あぶり出される組織の弱点! | Main | 公認会計士協会 パブコメ IT委員会研究報告「電子的媒体又は経路による確認に関する監査上の留意点」 »