ISACA Launches New Resources for Auditing Amazon Web Services (AWS)

The use of cloud services is widespread, and expected to only continue to increase—by 2020, it is estimated that 41 percent of enterprise workloads will be hosted on public cloud platforms.1 One of the leading platforms in this space, Amazon Web Services (AWS), has the ability to help teams become more agile; however, without proper knowledge of AWS configurations and potential hazards, enterprises may also open themselves to new risks.

With this in mind, ISACA has launched a new audit program, Amazon Web Services® (AWS®) Audit Program to support IT auditors in their assessments of AWS deployments—including the use of AWS services, access to the AWS environment, management and interrelationships of AWS services. The program covers AWS applications, functions and containers, and across the domains of governance, network configuration and management, asset configuration and management, logical access control, data encryption controls, logging and event management, security incident response and disaster recovery.

IT audit professionals can follow detailed testing steps outlined for controls across these domains in this audit program spreadsheet to assist in their auditing process, but they are encouraged to customize the document for their unique enterprise needs. The program is free to members, and $25 for non-members.

“ISACA's AWS Audit Program provides IT audit professionals with the essentials for grasping the breadth and depth of AWS deployments as well as to provide them with a solid foundation for building their own customized audit program around these services,” said Adam Kohnke, CISA, CISSP, Senior IT Auditor for Total Administrative Services Corporation, and lead developer of the AWS Audit Program.

Kohnke elaborates on the topic in his ISACA Journal article, “Auditing Amazon Web Services,” published 1 May, which is available to members. In this feature, Kohnke covers the audit elements related to the eight domains covered in the audit program, while also providing a helpful overview of current AWS service offerings organized by category.

To download the Amazon Web Services (AWS) Audit Program, visit www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Amazon-Web-Services-AWS-Audit-Program.aspx. To access the ISACA Journal article, "Auditing Amazon Web Services," visit: www.isaca.org/archives. For more information about ISACA's other audit programs, visit www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx.

About ISACA
Now in its 50th anniversary year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 460,000 engaged professionals—including its 140,000 members—in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.[Source]-https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2019/isaca-launches-new-resources-for-auditing-amazon-web-services-aws
AWS Certification Course Courses in Mumbai. 30 hours practical training program on all avenues of Amazon Web Services. Learn under AWS Expert

Comments

Post a Comment

Popular posts from this blog

What Is Java? A Beginner’s Guide to Java and Its Evolution

What is Java used for? Before I answer the question, what is Java used for, let me brief you about why you should choose Java. Java is highly popular and has dominated this field from early 2000’s till the present 2018. Java has been used in different domains. Some of them are listed below: Banking: To deal with transaction management. Retail: Billing applications that you see in a store/restaurant are completely written in Java. Information Technology: Java is designed to solve implementation dependencies. Android: Applications are either written in Java or use Java API. Financial services: It is used in server-side applications. Stock market: To write algorithms as to which company they should invest in.   Big Data: Hadoop MapReduce framework is written using Java. Scientific and Research Community: To deal with huge amount of data. Wait! Java can do more. Let’s see how some of the technologies make use of Java as an essential core of their functionalit...
Read more

Is Data Scientist & Data Analyst are same? Learn the Differences Now!

Image
If we talk about the hottest jobs in tech right now, then only two names will pop up in your mind those are a data analyst or data scientist.  And, that’s not only we are saying even the Harvard Business Review declared “data scientist” as the“sexiest job of the 21st century .” But there is a lot of confusion between both the names even people who have some basic knowledge of data science consider both the job profiles as one.  Well, the reason behind this confusion is both of the professions deal with big data, rather defined vaguely and sometimes used interchangeably with one another. So, here we are to explain the differences between the two of them and that too in the easiest way. Let’s begin the brief introduction of both the terms, followed by skillsets each require to understand well.   Definition a. Data Analysts Data Analysts play a vital role in the Data Science domain. As a role, they play a variety of tasks associated with collectin...
Read more

Full Stack Development : All that you need to know

What is a Full Stack Development professional? A full stack development professional is the one who is having a sound technical knowledge of each and every aspect of development – front end, back end, various operating systems among other details of the technology. These people are usually termed as “developer generalists”. The significant thing to be noted here is that full stack developer should not be confused with senior developers. In nutshell, this stack of developers can create any complex application from the scratch, provided they would have understood how each technical layer should interact with the other. Why Full Stack Development? At the beginning of this post, we have mentioned about a query that had instantly popped in the mind – why would a company require full stack development professional. Here’s the answer: 1. Creation of unique code: The developer or the agency would be able to create a unique code for multiple technologies; as they could work with ...
Read more