Audit Process during Projects for Development of New Mobile IT Application

This paper presents characteristics of the computer audit process during software development life cycle focused on specific aspects of the mobile IT applications. There are highlighted specific features of the distributed informatics systems implemented in wireless environments as hardware components, wireless technologies, classes of wireless systems, specialized software for mobile IT applications, quality characteristics of the mobile IT applications, software development models and their specific stages and issues aspects of the computer audit during software development life cycle of the distributed informatics systems customized on mobile IT applications. In the computer audit process, tasks of the computer auditors and what controls they must implement are also presented.Audit Process, Mobile It Applications, Software Development Life Cycle, Project Management

Audit Techniques for Service Oriented Architecture Applications

The Service Oriented Architecture (SOA) approach enables the development of flexible distributed applications. Auditing such applications implies several specific challenges related to interoperability, performance and security. The service oriented architecture model is described and the advantages of this approach are analyzed. We also highlight several quality attributes and potential risks in SOA applications that an architect should be aware when designing a distributed system. Key risk factors are identified and a model for risk evaluation is introduced. The top reasons for auditing SOA applications are presented as well as the most important standards. The steps for a successful audit process are given and discussed.Service Oriented Architecture, Audit, Quality Attributes, Interoperability, Performance, Security

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprin

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure

Developing a Conceptual Framework for Cloud Security Assurance

Postprin