ISACA Launches New Resources for Auditing Amazon Web Services (AWS)
The use of cloud services is
widespread, and expected to only continue to increase—by 2020, it is estimated
that 41 percent of enterprise workloads will be hosted on public cloud
platforms.1 One of the leading platforms in this space, Amazon Web Services
(AWS), has the ability to help teams become more agile; however, without proper
knowledge of AWS configurations and potential hazards, enterprises may also
open themselves to new risks.
With this in mind, ISACA has
launched a new audit program, Amazon Web Services® (AWS®) Audit Program to
support IT auditors in their assessments of AWS deployments—including the use
of AWS services, access to the AWS environment, management and interrelationships
of AWS services. The program covers AWS applications, functions and containers,
and across the domains of governance, network configuration and management,
asset configuration and management, logical access control, data encryption
controls, logging and event management, security incident response and disaster
recovery.
IT audit professionals can follow
detailed testing steps outlined for controls across these domains in this audit
program spreadsheet to assist in their auditing process, but they are
encouraged to customize the document for their unique enterprise needs. The
program is free to members, and $25 for non-members.
“ISACA's AWS Audit Program provides
IT audit professionals with the essentials for grasping the breadth and depth
of AWS deployments as well as to provide them with a solid foundation for
building their own customized audit program around these services,” said Adam
Kohnke, CISA, CISSP, Senior IT Auditor for Total Administrative Services
Corporation, and lead developer of the AWS Audit Program.
Kohnke elaborates on the topic in
his ISACA Journal article, “Auditing Amazon Web Services,” published 1 May,
which is available to members. In this feature, Kohnke covers the audit
elements related to the eight domains covered in the audit program, while also
providing a helpful overview of current AWS service offerings organized by
category.
To download the Amazon Web Services
(AWS) Audit Program, visit
www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Amazon-Web-Services-AWS-Audit-Program.aspx.
To access the ISACA Journal article, "Auditing Amazon Web Services,"
visit: www.isaca.org/archives. For more information about ISACA's other audit
programs, visit www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx.
About ISACA
Now in its 50th anniversary year,
ISACA (isaca.org) is a global association helping individuals and enterprises
achieve the positive potential of technology. Today’s world is powered by
information and technology, and ISACA equips professionals with the knowledge,
credentials, education and community to advance their careers and transform
their organizations. ISACA leverages the expertise of its 460,000 engaged
professionals—including its 140,000 members—in information and cybersecurity,
governance, assurance, risk and innovation, as well as its enterprise
performance subsidiary, CMMI Institute, to help advance innovation through
technology. ISACA has a presence in 188 countries, including more than 220
chapters worldwide and offices in both the United States and
China.[Source]-https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2019/isaca-launches-new-resources-for-auditing-amazon-web-services-aws
AWS Certification Course Courses in Mumbai. 30 hours practical training
program on all avenues of Amazon Web Services. Learn under AWS Expert
Comments
Post a Comment