Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The landscape from above: Continuous cloud monitoring for continuous assurance
Cyber Security: A Peer-Reviewed Journal,
4
(2),
182-193
(2020)
Abstract
The concept of monitoring information system security has long been recognised as sound and valuable management practice. For additional consideration, a large portion of compliance requirements for information security and privacy are supported by such monitoring. Security programmes must be aligned with privacy and compliance programmes to ensure those areas of data protection compliance are appropriately met and monitored, and then actions based on maturity levels must be aligned with information assurance programmes. Some key areas to consider in information security programmes include: 1) Continuous assurance (full data life cycle, continuous monitoring, continuous awareness, continuous compliance, challenges, benefits); 2) continuous supply chain management (continuous vendor management and oversight, benefits, challenges); 3) continuous cloud assurance (private cloud, community cloud, public cloud, hybrid cloud); and 4) continuous improvement (what is involved and necessary, including actions, monitoring and metrics). This paper posits that organisations, building out their digital transformation strategies, must think strategically about the way in which they manage privacy compliance in the cloud, committing to a data-driven continuous assurance privacy programme which would provide a more robust compliance posture.
Keywords: continuous; compliance; cloud; technology; assurance; cyber security
The full article is available to subscribers to the journal.
Author's Biography
Fouad Khalil is a corporate compliance executive and is responsible for internal and external compliance programmes, auditor education, alignment with industry best practices, marketing support and sales enablement. With extensive experience in the technology space with more than 25 years spanning disciplines in software development, IT support, programme and project management and most recently IT security and compliance management, Khalil’s career path in technology has provided him with keen insights in the areas of network, system and database administration, software programming, system software and GUI design, project and product development, solution implementation and much more. For almost two decades, Khalil has focused on cyber security, data security, security investigations, security training and awareness, and security compliance, serving as an industry expert in key areas such as information technology (IT), National Institute of Standards and Technology (NIST), internal controls over financial reporting, Sarbanes-Oxley, PCI DSS, HIPAA, HITECH, GDPR and CCPA. Khalil holds a Bachelor’s degree in electrical and computer engineering from Marquette University and CISA and ITIL Foundations certifications. Additionally, he is an active member of and contributor to ISACA, IIA, Infragard, ISSA and ISC2.
