Going to the Cloud has a major impact on topics like security. Security becomes more important. It gets a significant other dimension because a third-party is now managing your ICT, either as a whole or partially. How should you manage the Security? What about privacy and data leaks? How to govern the security and many more questions. Here you find interesting whitepapers from known institutes and worthwhile reading.
You can click on the hyperlinks and each will give you the requested information (whitepapers in .PDF). Remark: The information acquired from sources like websites is freely obtainable and all information about security is collected and presented in an easy way.
In a glance the topics:
- Cobit Self assessment V5
- Cobit Framework
- Cloud council – 10 steps to assure proper security for Cloud
- ISACA – Risk IT framework 0610
- Essential-guide Business Continuity & Disaster Recovery plan
- SANS – Disaster recovery plan testing
- NIST – Risk management guide for IT systems
- Contingency planning guide for information systems
- NIST (SP-800-53R4) – Security and privacy controls
- Dummy book – Hacking wireless networks
- Book glossary security terminology
- OWASP top 10
- Dangerous Google hacking database and attacks
ISACA – The COBIT assessment programme is designed to provide enterprises with a repeatable, reliable and robust methodology for assessing the capability of their IT processes. Such assessments will normally be used as part of an enterprise’s process improvement programme and can then be used to report internally to an enterprise’s executive management or board of directors on the current capability of its IT processes against a target for improvement based on business requirements. Such assessments can be used as part of the initiation of a programme of process improvement or to assess progress after a
period of process improvement.
ISACA – COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector.
Customer Council – The aim of this guide is to provide a practical reference to help the Enterprise Information Technology and business decision makers analyse the security implications of Cloud computing on their business. The paper include a list of steps , along with guidance and strategy, designed to help these decisions makers evaluate and compare security offerings from different Cloud providers i n key areas.
ISACA – This document forms part of ISACA’s Risk IT initiative, which is dedicated to helping enterprises manage IT-related risk. The collective experience of a global team of practitioners and experts, and existing and emerging practices and methodologies for effective IT risk management, have been consulted in the development of the Risk IT framework. Risk IT is a framework based on a set of guiding principles and featuring business processes and management guidelines that conform to these principles.
TechTarget – This guide offers a collection of our best Business Continuity and Disaster Recovery content. Here is some information about BC/DR Planning and Management about; server, storage, networking and security technologies.
SANS – An online poll conducted many years ago revealed to 65% of the respondents did not exercise their BC or DR plan. An astonishing result! Here in this guide you will find a brief explanation of the steps to take and test methods you can use in order to check or to be sure that you can restore, within a agreed time frame, to the original state after a big disaster has been happening.
NIST – Risk is the net negative impact of the exercise of a vulnerability, considering both the possibility and impact of occurrence. RM is the process of identifying risk, accessing risk, and taking steps to reduce risk to an acceptable level (risk appetite and risk tolerance). This guide provides a foundation for the development of a effective RM program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal is to help organisations to better manage IT-related mission risks.
NIST – This publication assists organizations in understanding the purpose, process, and format of ISCP development through practical, real-world guidelines. Because information system resources are so essential to an organization’s success, it is critical that identified services provided by these systems are able to operate effectively without excessive interruption. Contingency planning supports this requirement by establishing thorough plans, procedures, and technical measures that can enable a system to be recovered as quickly and effectively as possible following a service disruption.
NIST – The purpose of this publication is to provide guidelines for selecting and specifying security controls for organisations and information systems. The guidelines apply to all components of an information system that process, store, or transmit federal information. The guidelines have been developed to achieve more secure information systems and effective risk management within organisations.
Kevin Beaver and Peter T. Davis. – This book outlines plain-English, wireless-network hacker tricks and techniques you can use to ethically hack 802.11-based wireless networks (yours or someone else’s if you’ve been given permission) and discover security vulnerabilities.
CISSP (AIO) – An overview and short description of the most common words in security from Access Control to War dialing.
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organisation focused on improving the security of software. Our mission is to make software security visible, so that individuals and organisations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
Information which should be protected is very often publicly available, revealed by careless or ignorant users. The result is that lots of confidential data is freely available on the Internet – just Google for it.