proposed WG definitions

3 views
Skip to first unread message

Ben Sapiro

unread,
Aug 2, 2010, 1:54:32 PM8/2/10
to CloudAudit
Just jotting some thoughts on the names and purposes of the Working
Group (WG) as proposed by Chris - see his pending post about requiring
Chair, Vice Chairs and Read Admirals

Standards - Focuses on enhancing and expanding the compliance packs as
well as collaborating with standards owners (e.g. the PCI council,
Cloud Security Alliance)

Tools - Works with IT GRC [1] tool providers to include Cloud Audit
(the standard) into Commercial Off the Shelf Software - should
interact with Consumers WG and Providers WG

Consumers - Provides end-users (auditors, cloud users) with tools and
documentation to assist in the consumption of Cloud Audit responses
from their Service Providers

Infrastructure - Responsible for building, maintaining and operating
the Cloud Audit infrastructure including facilities for on-behalf
hosting

Providers - Will explore use cases, build tools and documentation for
Cloud Service provider


Note that Consumers and Providers are for the purpose of proliferation
and allowing for focus role specific use cases, over time they should
merge with the Tools WG.

All five (5) WGs should report into the primary CloudAudit group via
the weekly conference call (and other methods)

[1] http://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance
Message has been deleted

versace

unread,
Aug 6, 2010, 9:24:51 AM8/6/10
to CloudAudit
maybe add to the consumer w/g definition the tools and documentation
to assist in the request for cloud audit data and in the
consumption...on so on. A request for audit data is important for at
least 2 reasons. 1) it helps set the scope of the audit and testing
activities; and 2) it documents the request, a standard fieldwork
practice.

nice job Ben. all else is good. I'm willing to spend some time on
and between the consumer and tool w/gs.
Mike

Michael Smith

unread,
Aug 11, 2010, 9:43:04 AM8/11/10
to cloud...@googlegroups.com
I can help out with the Providers WG. Decidedly can't lead it but I can
help out with use cases, side materials, testing, etc.

--
><))))*> Michael J. Smith, CISSP-ISSEP
ryb...@ryzhe.ath.cx code...@yahoo.com
Blog: http://www.guerilla-ciso.com/
Twitter: @rybolov

Unable to handle kernel NULL pointer dereference at virtual address
00000000
\|/ ____ \|/
"@'/ .. \`@"
/_| \__/ |_\
\__U_/
Oops, going down hard!

Dave Shackleford

unread,
Aug 11, 2010, 11:38:23 AM8/11/10
to cloud...@googlegroups.com
I would love to participate in the Tools and Standards WGs. Not enough time to lead, but can provide input, materials, perspective from a QSA and practicing auditor, and plenty of mildly snarky comments.

--D
Reply all
Reply to author
Forward
0 new messages