In this anniversary episode we welcome back our original guest, Susan Bradley, to talk all about compliance and security for IT systems. These topics are becoming much more important for all IT systems and present unique challenges as more information moves to the 'cloud'.
Susan Bradley = susan@sbslinks.com or via the blog www.sbsdiva.com
http://office.microsoft.com/en-us/business/office-365-security-and-privacy-verified-by-a-third-party-FX103089231.aspx
http://certification.comptia.org/getCertified/certifications/security.aspx
https://www.isc2.org/cissp/default.aspx
http://www.guidancesoftware.com/computer-forensics-training-courses.htm
http://www.rand.org/pubs/technical_reports/TR933.html
https://cloudsecurityalliance.org/
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
Cloud Computing Risk Assessment
https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
Cloud Computing Information Assurance Framework https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-information-assurance-framework
Procure Secure: A guide to monitoring of security service levels in cloud contracts https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts
Just to add that ENISA (the European Network and Information Security Agency) has some excellent material for free;
Cloud Computing Risk Assessment
https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
Cloud Computing Information Assurance Framework
https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-information-assurance-framework
Procure Secure: A guide to monitoring of security service levels in cloud contracts
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts
ALSO, RAND did a decent cloud security / trust overview ...
http://www.rand.org/pubs/technical_reports/TR933.html
AND As these guys are good too, great organization... recent papers on top security threats..
https://cloudsecurityalliance.org/
https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
http://www.verizonenterprise.com/DBIR/2012/
http://governmentcio.com/content/going-all-cloud-computing
view more