Ask
Login
0
1.9kviews
Explain auditing and Regulatory standards relevant to adoption of cloud computing
written 7.9 years ago by gravatar for teamques10 teamques10 64k modified 2.2 years ago by gravatar for pedsangini276 pedsangini276 4.7k

Mumbai University >Information Technology>Sem7>Cloud Computing

Marks: 10 M

Year: Dec2011, Dec2014
cloud computing
ADD COMMENT EDIT
1 Answer
0
12views
written 7.9 years ago by gravatar for teamques10 teamques10 64k

The auditing & regulating standards currently in effect are:

  1. Gramm Leach Bliley Act(GLB)

  2. Sarbanes Oxley Act(SOX)

  3. Health Insurance Probability & Accountability Act(HIPAA)

  4. Payment Ford Industry Data Security Standards (PCI-DSS)

1) GLB Act:

  • The GLB act is applicable to financial institutions which includes non-bank mortgage lenders, loan brokers, some financial or investment advisors, debt collectors, tax return prepares, banks and real estate settlement service providers.

  • GLB’s safeguard rule requires financial institutions to develop a written plan that describes how the company is prepared for and plans to continue to protect client’s nonpublic personal information.

2) SOX

  • It is applicable to publicity owned companies to prevent corporate frauds.

  • It is intended to make corporate reporting more transparent.

  • Its provisions aim to

    → Reduce or eliminate conflicts of interest of independent financial auditors.

    → Improve oversight by boards of director’s audit committees of independent financial auditors.

    → Increase oversight by the Securities and Exchange Commission (SEC) by increasing its budget.

    → Require accounting for employee stock option compensation as an operating expense.

3) HIPAA

  • HIPAA’s privacy Rule establishes regulations for the use and disclosure of protected Health Information (PHI).

  • PHI is any information held by a covered entity that concerns health status, provision of health occur that can be linked to an individual.

4) PCI-DSS

  • It defines control objectives & requirement for compliance for merchants that process, store or transmit payment card holders primary account number which is 16 digits.

  • It provides merchants with self-Assessment questionnaire (SAQ) which is a validation tools intended to assist merchants and service providers their compliance with the PCI OSS.

  • PCI issued a prioritized approach. Framework which focuses on following Security milestones.

    • If you don’t need it, don’t store it.

    • Secure the perimeter

    • Monitor & control access to your system

    • Protect stored card holder data

    • Finalize remaining compliance efforts & ensure

    • All controls are in place.
ADD COMMENT EDIT
Please log in to add an answer.