Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Free ISACA white paper examines Security as a Service

ISACA : 05 December, 2013  (New Product)
IT security industry body releases white paper detailing which questions should be posed before considering the deployment of cloud based security as a service
Free ISACA white paper examines Security as a Service

Companies seeking to improve information security without incurring significant expense are increasingly turning to the cloud for security as a service (SecaaS), which promises low costs and high flexibility. But when cloud security is already a concern, outsourcing security services themselves to the cloud poses a significant set of risks to address.  A new free, downloadable white paper from global IT association ISACA evaluates the impact of SecaaS on an enterprise and outlines 10 key questions to ask—and answer—before deploying it.

According to Security as a Service: Business Benefits With Security, Governance and Assurance Perspectives, among the key questions to ensure risks are managed are:

* Which cloud service model is best suited for our needs?
* Where will the information be located and what retention policies apply?
* How will the information be protected (what physical and logical controls will be in place)?
* How will we include the provider and outsourced services in the business continuity and disaster recovery plans?
* Can data be transferred to another provider if the contract is terminated?

“Enterprises can outsource information security services, but they cannot outsource accountability for security,” said Patrick Hanrion, CISM, CISSP, CNE, director of Security and Privacy, McGladrey LLP, and author of the white paper. “Answering these questions helps to ensure that controls are in place to protect the enterprise’s information assets.”

The ISACA guide emphasizes that companies utilizing SecaaS must still know the information and IT assets that are critical to them and manage the risk associated with using a vendor to protect these assets.

“Without this vital understanding, there is no way for the enterprise to determine which security services it needs and which threats it needs to protect against,” said Hanrion.

Security as a Service outlines strategies for addressing risk, as well as key governance and assurance considerations based on guidance in the COBIT framework.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo