Security Command Center Security Command Center provides centralized visibility into the security posture and status of the GCP environment. According to GCP’s documentation, “Security Command Center ingests data about new, modified, and deleted assets from Cloud Asset Inventory, which continuously monitors assets in your cloud environment. Security Command Center supports a large subset of Google […]
Category: Microsoft Certification Exam
Cloud Asset Inventory – Tips and Techniques for Advanced Auditing
Cloud Asset Inventory Cloud Asset Inventory is a service that allows one to view, monitor, and analyze GCP assets. To access Cloud Asset Inventory, you can either go to the Google Console under IAM & Admin or go through a browser, as shown in Figure 6.38: Figure 6.38 – Cloud Asset Inventory Three tabs are […]
Preparing for more advanced auditing – Tips and Techniques for Advanced Auditing
Preparing for more advanced auditing So far we have been leveraging native graphical user interface (GUI) tools to perform audits. To prepare for more advanced auditing, the IT auditor should familiarize themselves with the command-line interface (CLI). A GUI permits users to interact with the cloud platform using graphical features such as icons, windows, and […]
Other clouds – Tips and Techniques for Advanced Auditing
Other clouds Although the book focuses on the “big three” cloud providers, we recognize that there are other cloud infrastructure solutions and want to briefly highlight these and options for learning more outside of this book. Oracle Cloud Infrastructure Oracle Cloud Infrastructure or (OCI) has a unique attribute in the concept of compartments, which are […]
Basic cloud auditing tools within AWS – Tools for Monitoring and Assessing
Basic cloud auditing tools within AWS In the sections that follow, as a prerequisite, you may require a minimum level of view or read access to obtain the test evidence independently. Depending upon your specific organization’s configuration and any additional customizations, you may require additional access rights or group memberships to directly access specific content, […]
Amazon Inspector – Tools for Monitoring and Assessing
Amazon Inspector Another tool an IT auditor can leverage in AWS is Amazon Inspector. Amazon Inspector is an automated vulnerability management service that continually scans AWS resources for software vulnerabilities and inadvertent network exposure. Amazon Inspector collects events from various vulnerability intelligence sources, including Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), and […]
Azure Network Watcher – Tools for Monitoring and Assessing
Azure Network Watcher Another tool an IT auditor can leverage is Azure Network Watcher. Azure Network Watcher is designed to monitor and repair the network health of infrastructure as a service (IaaS ) products, which include virtual machines, virtual networks, application gateways, load balancers, and so on. To launch Azure Network Watcher, you can easily […]
Network Intelligence Center – Tools for Monitoring and Assessing
Network Intelligence Center Another tool an IT auditor can leverage for visibility in GCP is Network Intelligence Center. As per Google’s documentation, “Network Intelligence Center provides a single console for Google Cloud network observability, monitoring, and troubleshooting.” Network Intelligence Center has five modules: Firewall Insights and Network Analyzer provide very valuable information for an IT […]
Preparing to assess cloud IAM controls – Walk-Through – Assessing IAM Controls
Preparing to assess cloud IAM controls As we covered in Chapter 2, Effective Techniques for Preparing to Audit Cloud Environments, developing a good audit plan requires a thorough understanding of how the enterprise environment is architected and connected. When it comes to IAM controls, knowing that the cloud environment is federated with another identity store […]
AWS IAM – Walk-Through – Assessing IAM Controls
AWS IAM In AWS, a convenient way to identify that users inactive for 180 days are disabled, is to execute the following test steps: Figure 8.1 – AWS IAM Credential Report Once you’ve downloaded and opened the report, depending on the scope of the audit and the size of the user population, you may need […]