Cybertechnoelite

Is the security team ready for the Cloud? Is the security team aware of / knowledgeable about cloud? Does the organization have a cloud security strategy with which its auditors would be happy? Has security governance been adapted to include cloud? Does the team’s structure enable cloud security? Has the security team updated all security policies and procedures to incorporate cloud? Has the security team provided guidance to the business on how to remain secure within a cloud environment? Management Is everyone aware of his or her cloud security responsibilities? Is there a mechanism for assessing the security of a cloud service? Does the business governance mitigate the security risks that can result from cloud-based “shadow IT”? Does the organization know within which jurisdictions its data can reside? Is there a mechanism for managing cloud-related risks? Does the organization understand the data architecture needed to operate with appropriate security at all levels? Can the organi

Procedure Yes No       PERSONEL SECURITY         Are authorized access level and types identified to access resources and enter at company?     Do you have policies addressing background checks for employees and contractors?     Do you have a process for effectively cutting off access to facilities and information systems when an employee/contractor terminates employment?         PHYSICAL SECURITY           Do you have policies and procedures that address allowing authorized and limiting unauthorized physical access to electronic information systems and the facilities in which they are housed?     Do your policies and procedures specify