Security Basics mailing list archives
Controls in the context of software as a serbice
From: Pranav Lal <pranav.lal () gmail com>
Date: Tue, 24 Jan 2012 11:37:39 +0530
Hi all, Many organizations seem to be adopting cloud computing in the form of software as a service. What kinds of controls can such enterprises adopt to ensure information security? I suspect most of the controls are legal in the form of an agreement since there are very few technical controls the organization can implement. Does anyone have any sample contracts? I am thinking about situations such as when forensics become necessary. For instannce, someone compromises an account and sends malitias e-mail. How does one do data discovery in the software as a service context? Yes, looking at e-mail logs is one way but how do providers hamdle such requests? I have read the checklists created by the cloud security alliance and they seem to be more focused towards the infrastructure as a service model. Pranav ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Controls in the context of software as a serbice Pranav Lal (Jan 24)