Question

In the realm of technology there are several governing standards by which a company must be in compliance based on the industry it operates in. Provided below are several well known standards corporations my govern by. Select two from the list provided, describe its function/requirements and how this affects cloud computing. Minimum word count for the initial post is 500 words.

Corporate Governance Standards and Models:

- Capability Maturity Model

- COSO Model

- Sarbanes-Oxley

- NIST

- HIPPA

- ISO

- PCI-DSS

Answer 1

Control standards are

iso 27001

COBIT

FISMA

WIST

SEC

COSO

FDCC

SEC etc

1)HIPPA means that The Health Insurance Portability and Accountability this was established in 1996.
Title II of HIPAA, known as the Administrative Simplification (AS) provisions, it requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers, with the overall goals of protecting the privacy and security of health information .promoting the efficiency of the health care industry through use of standardized electronic transactions.it Requires covered entities to protect the privacy and security of an individual’s health information.HIPAA – 1996 – Required covered entities to protect the privacy and security if individuals health information.

HIPPA USING in cloud computing-
Doctors and health care professionals can use smart devices to access ePHI in a cloud.A HIPAA-covered entity or business associate can use a cloud service to store or process ePHIUsing a CSP to maintain ePHI without a BAA is a violation of HIPAA rules.A CSP that stores encrypted ePHI and does not have a decryption key is still considered a HIPAA business associate- it receives and maintains ePHI for a covered entity or other business associate, lacking an decryption key for the data does not exempt .If a CSP experiences a security incident immediatly report the incident to the covered entity or business associates.HIPAA compliance is area of data storage and management, and through cloud computing, services like HIPAA compliant data storage and HIPAA compliant email are possible without as many risks as past methods.Companies with a healthcare-focused cloud specialization like Wowrack analyze and implement aspects that result in seamless and secure cloud hosting for your patient information and applications.IT services within various healthcare organizations, taking on the architecture and implementation of cloud-based digitization protocols.

2)The Committee of Sponsoring Organizations of the Treadway Commission(COSO)

• it established in 1995
• sponsor of the National Commission on Fraudulent Financial Reporting
• Developed recommendations on internal controls
• issued the 1992 framework on internal control framework
• new framework organized as Executive summary,Framework itself,Appendices

Application guide with illustrative tools
The leading internal control framework businesses use is the one outlined by Committee of Sponsoring Organizations of the Treadway Commission (COSO). Examine the COSO framework's key elements and learn how the combination forms a stable internal control system.This model, updated in 2013, defines internal control processes. This framework sets forth fundamental concepts that explain the importance of three categories of control objectives and defines five key components of Internal Control.
COSO Goals are ,

1. Operating Goals-Goals relating to effective utilisation of resourses.value for money effectiveness,efficiency,economy
2. Financial Reporting Goals-Goals to ensure that the finacial information generated by the accounting sysytem. it is reliable,complete,Accurate
3. Compliance Goals-Goals to ensure compliance with applicable laws,rules & regulations
4. Risk Assessment-Cloud computing can affect

the following critical focal points of a risk assessment,

• Risk profile – An organization’s risk profile encompasses the entire population of risks it must manage
• Likelihood and impact – The likelihood of certain events and the related potential impact change in many cases when cloud solutions are adopted.
• Risk Response – Once risks have been identified andassessed in the context of organizational objectivesrelative to cloud computing, management needs to determine its risk response.

Integrated Framework in order to provide guidelines that will identify succinctly the risks and impact cloud computing will have on an organization. The more educated executives become about the risks and benefits of cloud computing, the more effectively they will be able to prepare their organizations for the future. The guidance presented will enable executives to identify, monitor, and mitigate or accept the risks that come with using cloud computing.The Impact of Internal Control System Components of the COSO Model in Reducing the Risk of Cloud Computing.

Five components work

• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring

According to COSO, “Cloud computing is a computing resource deployment model .that enables an organization to obtain its computing resources and applications from any location via an Internet connection. Depending on the cloud solution model .hardware,software, and data might no longer reside on its own technology infrastructure.