• Information System AUDIT/Assurance Program: Cloud Computing Management 

The document issued by ISACA is intended to both actors, cloud users and cloud providers, so they COULD assess the design and operating effectiveness of the cloud computing internal controls (administrative, physical, technical) and security, identify internal control discrepancies and deficiencies within the end-user ORGANIZATION and its interface with the service provider. In essence, we could refer to this guide to, after all, provide the results of an audit assessment and our ability to rely upon our own IT department and or the cloud provider’s attestations on internal controls.

• Cloud Security Framework Audit Methods

As the title stands and tells us, this white paper from SANS Institute guides us on how to conduct a security audit on our cloud environment and also is aimed for the cloud provider to audit their cloud environment.

It constitutes of audit methodology, audit CHECKLIST, standards, laws and regulations we could put into service to witness security risks and in the end test the respective controls.

Area to be audited is as follows:

1. Governance
2. Data Management
3. Data Environment
4. Cyber Threat
5. Infrastructure
6. Logs and Audit Trails
7. Availability
8. Identity and ACCESS Management
9. Encryption
10. Privacy
11. Regulatory Compliance
12. Legal

• Information Technology Assurance Framework

As we might already know, ISACA develops IT Assurance Framework (ITAF) as a guideline that provides information and direction for the practice of IT audit and assurance. IT also offers tools, techniques, methodologies, and templates to direct the application of IT audit and assurance processes. Read up on ITAF sections 3400 – IT Management Processes, sections 3600 – IT Audit and Assurance Processes, and keep an eye on sections 3800 – IT Audit and Assurance Management.