Category: Example resource management controls

Enterprise Readiness for ServerlessAWS Certification Exam Example resource management controls Google Cloud Platform Virtual Private Cloud Microsoft Certification Exam Overly permissive access Security Command Center

Google Cloud Platform Virtual Private Cloud – Network, Infrastructure, and Security Controls

 2024-08-17 2024-08-17
      No Comments No Comments
      Rainy Berry Rainy Berry

Google Cloud Platform Virtual Private Cloud Similarly, for GCP, the following security policies related to networking in the CIS Google Cloud Platform are recommended: For each control, the CIS benchmarks provide detailed instructions on why the policy is recommended, as well as the rationale. For example, for 3.1 Ensure that the Default Network Does Not […]

Preparing to assess network, infrastructure, and resource controls – Walk-Through – Assessing Policy Settings and Resource Controls

 2024-07-17 2024-07-17
      No Comments No Comments
      Rainy Berry Rainy Berry

Preparing to assess network, infrastructure, and resource controls From Chapter 4, Network, Infrastructure, and Security Controls, to Chapter 6, Tips and Techniques for Advanced Auditing, we learned about some of the network, infrastructure, and resource controlsavailable to enterprises across the three major cloud providers. As a reminder, we’ve only covered a subset of the various […]

Preparing to assess change management controls – Walk-Through – Assessing Change Management, Logging, and Monitoring Policies

 2024-03-17 2024-03-17
      No Comments No Comments
      Rainy Berry Rainy Berry

Preparing to assess change management controls As we covered in Chapter 5, Financial Resource and Change Management Controls, obtaining a thorough understanding of where logging and history can be found for changes performed is critical to determining which areas within a cloud environment should be scoped for audit. Chapter 5, Financial Resource and Change Management […]

Assessing audit and logging configurations – Walk-Through – Assessing Change Management, Logging, and Monitoring Policies

 2024-02-20 2024-02-20
      No Comments No Comments
      Rainy Berry Rainy Berry

Assessing audit and logging configurations Logs are files that detail all the events that occur within the cloud. Logs can show deviations from expected activity, giving visibility of potential security issues. Different log types include application, server, access, network logs, and so on. Logging is a practice that enables you to collect and correlate log […]

Assessing change management and configuration policies 3 – Walk-Through – Assessing Change Management, Logging, and Monitoring Policies

 2024-01-17 2024-01-17
      No Comments No Comments
      Rainy Berry Rainy Berry

Policy Sentry Another tool that an IT auditor can use to monitor changes in Identity and Access Management (IAM) is an open source solution named Policy Sentry. Policy Sentry is a great tool to manage IAM entities. Policy Sentry also has functionality as an audit and analysis database. It compiles database tables based on AWS […]

Performing changes – Financial Resource and Change Management Controls

 2023-11-25 2023-11-25
      No Comments No Comments
      Rainy Berry Rainy Berry

Performing changes Beyond using policies and tags to control compliant management of resources, these same features, along with others, may be used to restrict changes. Each of the cloud providers offers a way of grouping resources together for ease of classification. Both at a group and individual level, settings can be applied to lock the […]

Change history – Financial Resource and Change Management Controls

 2023-10-17 2023-10-17
      No Comments No Comments
      Rainy Berry Rainy Berry

Change history As an auditor, one method that may be used to correlate processes and procedures that mitigate risk is to review activity logs. In cloud environments, these logs may be made up of separate sign-in and event logs that are capturing change history and actions performed by user accounts, service accounts, or workload identities. […]

Common pitfalls – Tips and Techniques for Advanced Auditing

 2023-07-01 2023-07-01
      No Comments No Comments
      Rainy Berry Rainy Berry

Common pitfalls With the scale, speed, and flexibility of the cloud comes complexity. This complexity leads to inherent pitfalls. We will review two broad areas that are common pitfalls for organizations that the IT auditor should be aware of. The first area involves administrative pitfalls that include not managing resource usage, an inability to control […]

Example resource management controls – Financial Resource and Change Management Controls

 2023-06-26 2023-06-26
      No Comments No Comments
      Rainy Berry Rainy Berry

Example resource management controls As mentioned in Chapter 2, Effective Techniques for Preparing to Audit Cloud Environments, several frameworks can be used as guidelines for a list of applicable controls and test procedures when defining the scope of your audit. As a reference for this chapter, we’ll highlight a few example controls from the Center […]

AWS Trusted Advisor – Tips and Techniques for Advanced Auditing

 2022-11-11 2022-11-11
      No Comments No Comments
      Rainy Berry Rainy Berry

AWS Trusted Advisor AWS Trusted Advisor provides real-time best practice guidance to help provision, monitor, and maintain AWS resources. You can then follow AWS Trusted Advisor recommendations to optimize your services and resources. These best practice recommendations span five categories: To launch AWS Trusted Advisor, search for the service in the AWS console, as seen […]