Question

Describe in 500 words discuss the scope of a cloud computing audit for your business.

Note-Check in chegg writing before you submit it should be 100% unique and don't submit the existing chegg answers,and submit in text format Provide References

Answer 1

The meaning of cloud computing is best characterized by the National Institute of Standard and Technology (NIST). NIST is a part of the U.S. Branch of Commerce with the mission of empowering development through science, innovation, and principles, including distributed computing. As per NIST, "Distributed computing is a model for empowering universal, helpful, on-request network admittance to a common pool of configurable figuring assets (e.g., networks, workers, stockpiling, applications, and administrations) that can be quickly provisioned and delivered with insignificant administration exertion or specialist organization connection. This cloud model is made out of five basic qualities, three help models, and four organization models." This definition was made to set a pattern for the conversation around distributed computing. As characterized in the definition,cloud computing incorporates five fundamental qualities (on-request self-administration, expansive organization access, asset pooling, quick flexibility, and estimated administration), three help models (programming as-a-administration, stage as-a-administration, and foundation as-a-administration), lastly four sending models (private cloud, network cloud, public cloud, and half and half cloud). The various qualities, administration models, and arrangement models can be molded and transformed into various assets relying upon the necessities of the association.

What is a Cloud Computing Audit?

In general, an audit is when a third-party, independent group is engaged to obtain evidence through inquiry, physical inspection, observation, confirmation, analytics procedures, and/or re-performance.

In a cloud computing audit, a variation of these steps is completed in order to form an opinion over the design and operational effectiveness of controls identified in the following areas:

• Communication
• Security incidents
• Network security
• System development or change management
• Risk management
• Data management
• Vulnerability and remediation management
• Tone at the top or leaderships commitment to transparency and ethical behavior

The scope of a cloud computing audit will include the procedures specific to the subject of the audit. Additionally, it will include the IT general controls related to organization and administrative, communication, risk assessment, monitoring activities, logical and physical access, systems operations, and change management. An auditor is free to review and require evidence for any of the controls identified within these areas to gain the required assurance that controls are designed and operate effectively. It is also important to note that the controls that are maintained by a vendor are not included in the scope of a cloud computing audit. The role of an auditor is to provide an objective opinion based on facts and evidence that a company has controls in place to meet a certain objective, criteria, or requirement. Additionally, in many cases, the auditor will also provide an opinion on whether or not those controls operated over a period of time. Auditing the cloud for compliance is no different. In instances where the audit requires cloud compliance to satisfy the criteria, the auditor will ask for evidence that controls are enabled (i.e. security groups, encryption, etc), This will allow the cloud auditor to provide an opinion of whether controls were in place and as applicable if they operated over a period of time.