Description
Ensure compliance across the top cloud players by diving into AWS, Azure, and GCP cloud auditing to minimize security risks
Key Features- Leverage best practices and emerging technologies to effectively audit a cloud environment
- Get better at auditing and unlock career opportunities in cloud audits and compliance
- Explore multiple assessments of various features in a cloud environment to see how it's done
As more and more companies are moving to cloud and multi-cloud environments, being able to assess the compliance of these environments properly is becoming more important. But in this fast-moving domain, getting the most up-to-date information is a challenge-so where do you turn?
Cloud Auditing Best Practices has all the information you'll need. With an explanation of the fundamental concepts and hands-on walk-throughs of the three big cloud players, this book will get you up to speed with cloud auditing before you know it.
After a quick introduction to cloud architecture and an understanding of the importance of performing cloud control assessments, you'll quickly get to grips with navigating AWS, Azure, and GCP cloud environments. As you explore the vital role an IT auditor plays in any company's network, you'll learn how to successfully build cloud IT auditing programs, including using standard tools such as Terraform, Azure Automation, AWS Policy Sentry, and many more.
You'll also get plenty of tips and tricks for preparing an effective and advanced audit and understanding how to monitor and assess cloud environments using standard tools.
By the end of this book, you will be able to confidently apply and assess security controls for AWS, Azure, and GCP, allowing you to independently and effectively confirm compliance in the cloud.
What you will learn- Understand the cloud shared responsibility and role of an IT auditor
- Explore change management and integrate it with DevSecOps processes
- Understand the value of performing cloud control assessments
- Learn tips and tricks to perform an advanced and effective auditing program
- Enhance visibility by monitoring and assessing cloud environments
- Examine IAM, network, infrastructure, and logging controls
- Use policy and compliance automation with tools such as Terraform
This book is for IT auditors looking to learn more about assessing cloud environments for compliance, as well as those looking for practical tips on how to audit them and what security controls are available to map to IT general computing controls. Other IT professionals whose job includes assessing compliance, such as DevSecOps teams, identity, and access management analysts, cloud engineers, and cloud security architects, will also find plenty of useful information in this book. Before you get started, you'll need a basic understanding of IT systems and a solid grasp of cybersecurity basics.
About the Author
Shinesa Cambric (CCSP, CISSP, CISA, CISM, CDPSE) is a cloud security, compliance, and identity architect with expertise in the design and implementation of security architecture and controls. Her experience includes designing IAM and governance solutions, building insider threat programs, and providing subject matter expertise on the intersection of governance, risk, and compliance with IT and application security. She is a certification content advisor for CertNexus and CompTIA, her work has been included in global forums, such as RSAC and DevOps, and she is a contributing author to the books 97 Things Every Information Security Professional Should Know and Shifting Security Left. Shinesa volunteers, provides subject matter expertise, and mentors with several organizations, including Cloud Security Alliance, fwd:cloudsec, Women in Cyber Security (WiCys), Information Systems Security Association (ISSA), as a training lead with the Women's Society of Cyberjutsu, and as a board member with non-profit group Cloud Girls. Michael Ratemo (CISSP, CISA, CISM, GCSA, CCSK, CIA) is a cybersecurity leader and Principal Consultant at Cyber Security Simplified. He speaks security in a language businesses can understand and has built a career creating effective security strategies that are customized to protect organizations. He is skilled in elevating the effectiveness of an organization's security programs, to help drive business value and mitigate risks across large and complex environments. In addition, Michael is the author of the LinkedIn Learning Course, Building and Auditing a Cyber Security Program. Michael holds a BS in Computer Science and engineering from the University of Texas at Arlington, and an MBA from the University of North Texas.
Book Information
ISBN 9781803243771
Author Shinesa Cambric
Format Paperback
Page Count 268
Imprint Packt Publishing Limited
Publisher Packt Publishing Limited
