Security Command Center Security Command Center provides centralized visibility into the security posture and status of the GCP environment. According to GCP’s documentation, “Security Command Center ingests data about new, modified, and deleted assets from Cloud Asset Inventory, which continuously monitors assets in your cloud environment. Security Command Center supports a large subset of Google […]
Category: Example resource management controls
Cloud Asset Inventory – Tips and Techniques for Advanced Auditing
Cloud Asset Inventory Cloud Asset Inventory is a service that allows one to view, monitor, and analyze GCP assets. To access Cloud Asset Inventory, you can either go to the Google Console under IAM & Admin or go through a browser, as shown in Figure 6.38: Figure 6.38 – Cloud Asset Inventory Three tabs are […]
Amazon Inspector – Tools for Monitoring and Assessing
Amazon Inspector Another tool an IT auditor can leverage in AWS is Amazon Inspector. Amazon Inspector is an automated vulnerability management service that continually scans AWS resources for software vulnerabilities and inadvertent network exposure. Amazon Inspector collects events from various vulnerability intelligence sources, including Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), and […]
Azure Network Watcher – Tools for Monitoring and Assessing
Azure Network Watcher Another tool an IT auditor can leverage is Azure Network Watcher. Azure Network Watcher is designed to monitor and repair the network health of infrastructure as a service (IaaS ) products, which include virtual machines, virtual networks, application gateways, load balancers, and so on. To launch Azure Network Watcher, you can easily […]
Preparing to assess cloud IAM controls – Walk-Through – Assessing IAM Controls
Preparing to assess cloud IAM controls As we covered in Chapter 2, Effective Techniques for Preparing to Audit Cloud Environments, developing a good audit plan requires a thorough understanding of how the enterprise environment is architected and connected. When it comes to IAM controls, knowing that the cloud environment is federated with another identity store […]
AWS IAM – Walk-Through – Assessing IAM Controls
AWS IAM In AWS, a convenient way to identify that users inactive for 180 days are disabled, is to execute the following test steps: Figure 8.1 – AWS IAM Credential Report Once you’ve downloaded and opened the report, depending on the scope of the audit and the size of the user population, you may need […]