I learn something about risk-based audit planning.
Risk-based audit planning is the deployment of audit resources to areas within an organization that represent the greatest risk. It requires an understanding of the organization and its environment, specifically:
• External and internal factors affecting the organization
• The organization’s selection and application of policies and procedures
• The organization’s objectives and strategies
• Measurement and review of the organization’s performance
The interesting thing that I found is the audit of virtual IT systems. IT auditors should have an adequate understanding of the VM, understanding of the business need, and evaluate the process of creation, development and change management of the VM. Therefore, IT auditors should understand the development and maintenance process, VM itself, as well as the business needs to see whether moving servers to VM could bring real benefit to the business. IT is interesting to know because other than another auditing, audit VM requires far more technical knowledge in order to effectively audit, which means IT auditors would spend more time to interview IT team in order to have good enough understanding. At the same time, understanding the business needs are always the key to a successful audit.
Virtualization is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware. Most commonly, it refers to running multiple operating systems on a computer system simultaneously. To the applications running on top of the virtualized machine, it can appear as if they are on their own dedicated machine, where the operating system, libraries, and other programs are unique to the guest virtualized system and unconnected to the host operating system which sits below it. A web server, database sever, logic server, backup server could all be virtualized into virtual server, which creates convenience and save money by reducing acquisition, maintenance and electricity costs. This explains the reason why cloud computing is becoming a growing trend in our daily lives.
By reading materials,one thing that interested me is that auditing cloud computing in one sense is like auditing any new IT-understand the IT,identify the risks,evaluate mitigating controls and audit the risky objects.The understanding and risk assessment can be enhanced with a good framework to think about the IT and risks and,thus,assist the IT auditor in conducting an effectual risk assessment.The IaaS/SaaS framework described here is intended to assist IT auditors in performing their duties associated with computing.
I am interested in this point in the “Auditing Risks in Virtual IT Systems” article: In an environment where SAAS technology is now so extensively used by enterprises, how should IT auditors establish effective methods to identify key risks and provide for these risks Develop an effective technical audit.
I am especially interested in “IT Audits of Cloud and SaaS”, for SaaS makes a vital part for developers, and we use cloud computing almost everywhere in our work. As for IT auditing, a key to IT audits of cloud computing and SaaS is to choose a framework for the components that assists an effective risk assessment of those technologies. Once a proper risk assessment is produced, the IT audit becomes a natural extension of auditing for the identified risks, especially where controls have not adequately mitigated the risk.
Virtualisation is a software technology that divides a physical resource, such as a server, into virtual resources called virtual machines (VMs). Virtualisation helps to consolidate physical resources, simplify deployment and administration, and reduce power and cooling requirements.
Virtualisation can be categorised into three areas:
1. Storage virtualisation—Virtualises the physical storage from multiple network storage devices so that they appear to be a single storage device. In general, ‘virtualisation’ refers to server virtualisation.
2. Network virtualisation—Combines computing resources in a network by splitting the available bandwidth into independent channels that can be assigned to a particular server or device in real time.
3. Server virtualisation—Hides the physical nature of server resources, including the number and identity of individual servers, processors and OSs from the software running on them.
From a security point of view, the advantages of virtualisation are:
• Better forensic capabilities
• Faster recovery after an attack
• Safer and more effective patching
• Better control over desktop resources
• More cost-effective security devices
I am interested in “cloud and SaaS IT audits” because SaaS is very important to developers and we use cloud computing almost everywhere in our work. Cloud computing involves the sharing of a pool of physical and virtual resources via the Internet rather than using locally based systems and net work.
SaaS provides software operation services.For IT audits, the key to cloud computing and SaaS IT audits is to choose a framework for components to help conduct effective risk assessments on these technologies.
T Auditors should fully understand the VM, understand the business requirements, and evaluate the VM creation, development, and change management processes. Of course, the most interesting is virtualization. Web servers, database servers, logic servers, and backup servers can all be virtualized as virtual servers, creating convenience and saving money by reducing acquisition, maintenance, and power costs.
In ISACA “Auditing Risks in Virtual IT Systems,”but one interesting thing for me is that virtualization is defined as a software technology that divides a physical resource (e.g. server) into virtual resources called virtual machines (VMs). People usually use Virtualization to consolidate physical resources, simplify deployment and administration, and reduce power and cooling requirements.
Although server virtualization technology is the most popular technology, virtualization is not limited to servers. In order to have a clearer understanding of virtualization, people categorized virtualization into storage virtualization, network virtualization, and server virtualization.
Virtualization has a lot of benefits from a security perspective. It has better forensic capabilities, faster recovery after an attack, safer and more effective patching, better control over desktop resources, and more cost-effective security devices.
And virtualisation can be categorised into three areas:
1.Storage virtualisation
2.Network virtualisation
3.Server virtualisation
Auditing cloud computing in one sense is like auditing any new IT—understand the IT, identify the risks, evaluate mitigating controls and audit the risky objects.
There are various ways to break down IaaS, for example:
• Connectivity
• Network services and management
• Compute services and management
• Data storage
• Security
There are various ways to break down SaaS, for example:
• Business process modeling
• Evaluation and analysis
• Process execution
After reading, I was interested in the benefits of virtualisationVirtualisation of IT systems has many advantages, which is why it has become so popular. Virtualisation expedites the server provisioning procedure and also improves capacity management. Virtualisation allows for partitioning multiple applications and supporting multiple OSs within a single physical system. Other significant benefits of virtualisation include effective segregation of duties, simulation support with multiple versions of the same or different OSs, more continuity options and expansion of the test environment.
From a security point of view, the advantages of virtualisation are:
1)Better forensic capabilities.
2)Faster recovery after an attack
3)Safer and more effective patching
4)Better control over desktop resources
5)More cost-effective security devices
The most interesting part I think is Security Risks in Virtual IT Systems. Even though they have many advantages, virtual IT systems are not risk-free or completely secure. Organisations need to take care of the security risks when using virtual IT systems. ‘Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration and mismanagement. Compromise of the virtualization foundation is a worst-case scenario. And The security risks in virtual IT systems can be broadly classified into three types: Architectural vulnerability; Software vulnerability; Configuration risks. Establishing policies and procedures for virtual IT systems is the responsibility of the organization and Vital for managers.
Through reading, I understand the IT audit of cloud and Saas.
The key to IT audits of cloud computing and SaaS is to choose a framework for the components to help carry out an effective risk assessment of these technologies.
Some key points for deciding to use SaaS are the complexity of the environment, the need to purchase smaller parts/modules, compatible with existing products, systems and IT, easy operation and purchase, easy integration, project management, scalable infrastructure and billing /cost.
In a sense, reviewing cloud computing is like reviewing any new IT, understanding IT, identifying risks, evaluating mitigation controls, and reviewing risky objects. This understanding and risk assessment can pass a good framework that considers IT and risk, therefore, assisting IT auditors in effective risk assessment.
Virtualisation is a software technology that divides a physical resource, such as a server, into virtual resources called virtual machines (VMs). Virtualisation can be applied to OSs, desktops, applications, storage and networks. VM technology is also being used in data storage, such as storage area networks, and inside OSs, such as Windows Server 2008 with Hyper-V. there are there areas storage virtualization, network virtualization and server virtualization.
After reading “IT Audits of Cloud and SaaS”, I am interested in cloud computing.The article discusses two cloud frameworks— Infrastructure as a Service (IaaS) and Software as a Service (SaaS). Infrastructure as a Service (IaaS) provides online processing or data storage capacity. Software as a Service (SaaS) provides a business application used by many individuals/organizations simultaneously. Each of these services are unique in its own way and require different focus points.
When reading the article” Auditing Risks in Virtual IT Systems”, I am interested in hoe to audit virtual IT systems. it is becoming more and more popular in large enterprises. First of all, we should have a basic understanding of virtual IT systems. Virtualisation can be categorised into
three areas: Storage virtualization, Network virtualization and Server virtualization. Second we should stay awake The enterprise information system architecture has changed a lot. Such as Server virtualisation allows multiple operating systems and applications to run concurrently on a single hardware, while not all virtualisation solutions leverage a hypervisor. Third we need to aware of security risks in virtual IT systems. The security risks in virtual IT systems can be broadly
classified into three types: architectural vulnerability, software vulnerability, configuration risks. The most important thing is in the last. First, The IT auditor should assess the business need for moving from physical to virtual and whether doing so would provide any real benefit to the organization. After that the information security auditor should evaluate the process of creation. Last The auditor should check the DR plan for the virtual IT system and should evaluate the test results and evaluate the sufficiency of existing controls, such as firewalls, intrusion detection systems, intrusion prevention systems and network port security. At the end of the article, it gives us key points of security audit for virtual IT systems, it will be a useful assistant to us in our practical work.
Virtualization is a software development that transforms physical resources into virtual resources. Server virtualization is increasingly becoming the norm in data centers. Through server virtualization, each physical server supports multiple virtual machines. The virtual machine runs its own operating system, middleware and applications. Virtualization has many advantages, including higher utilization, better data security, less user outage time and lower power consumption. IT auditors should assess the business needs of moving from physical to virtual, and whether doing so will bring benefits to the organization.
Virtualisation in a computing system adds a layer of abstraction between two layers in that computer system. Virtualisation can be applied to OSs, desktops, applications, storage and networks. VM technology is also being used in data storage, such as storage area networks, and inside OSs.
Virtualisation can be categorised into three areas:Storage virtualisation; Network virtualisation; Server virtualisation.
At the same time, virtualisation of IT systems has many advantages: better forensic capabilities; faster recovery after an attack; safer and more effective patching; better control over desktop resources; more cost-effective security devices.
Even though they have many advantages, virtual IT systems are not risk-free or completely secure. Organisations need to take care of the security risks when using virtual IT systems, such as architectural vulnerability, software vulnerability and configuration risks. Basic audit techniques coupled with proper control over the unique aspects of virtualisation technology can help mitigate the security risks of virtual IT systems. The audit guideline provided can assist in identifying and fixing the weaknesses of virtual IT systems and can help improve the operational efficiency of VMs so that organisations benefit from virtualisation technology.
I’m particularly interested in “IT auditing for the cloud and SaaS” because SaaS is critical to developers and we use cloud computing almost everywhere in our work. Cloud computing involves sharing pools of physical and virtual resources over the Internet, rather than using location-based systems and networks.
The information I can receive from the reading of the two articles is :
At first, it is critical for utilizing IT auditor to participate in all phases of the system, the reason is that the auditors find and give suggestions do not stand at the position of the designers of the system, they consider the alignment between the system and the requirement of its users, besides, they also examine the risks in the system can be controlled in a limited scope at the stage of the utilization of the sytem in the real environment.
Secondly, to some extent, setting IT audit in the system can be benefical to ensure the application of the system in real environment, because their works are able to check all aspects to combine the system with the requirement of its users.
Auditing cloud computing in one sense is like auditing any new IT—understand the IT, identify the risks, evaluate mitigating controls and audit the risky objects. The understanding and risk assessment can be enhanced with a good framework to think about the IT and risks and, thus, assist the IT auditor in conducting an effectual risk assessment.
Virtualization is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware. Most commonly, it refers to running multiple operating systems on a computer system at the same time. It is the same on its own dedicated computer, where the operating system, libraries and other programs are unique to the guest virtual system, and are not connected to the host operating system located on the host under it. Servers can be virtualized as virtual servers, which creates convenience and saves money by reducing purchase, maintenance and power costs.
Virtual machine migration is a process of transferring a virtual machine from a physical computer at the migration end to a physical computer at the migration end through a certain method. In the entire process of virtual machine migration, there is a lack of security reinforcement methods for the migration end and the migration end, and the attacker uses it to steal the virtual machine information; the virtual machine migrates between physical servers/LANs with different trust levels, resulting in mixed trust levels , Increase the risk; after the migration, the data residual problem at the migration end, etc. In addition, the dynamic migration of most virtual machines through the network transmission in clear text is likely to cause the leakage of sensitive information.
One of the things that interests me through reading materials is that virtualization is the process of running virtual instances of a computer system from a layer of abstraction from the actual hardware. Although server virtualization is the most popular technology, virtualization is not limited to servers. In order to understand virtualization more clearly, people divide virtualization into storage virtualization, network virtualization and server virtualization. In addition, the security risks in virtual IT systems can be roughly divided into three categories: architecture vulnerabilities, software vulnerabilities, and configuration risks. The policies and procedures for establishing a virtual IT system are the responsibility of the organization and are of vital importance to managers.
“Auditing Risks in Virtual IT Systems
I searched some articals about the auditing risk in virtual system.I specially interest in the Game Industry.When performing revenue audits of online game companies, IT audits should be the basis.IT audit experts evaluate the IT environment of the game network system, conduct system tests on self-operated platforms or joint-operated platforms, etc., to determine whether the entire game network system is safe and effective, and whether the business data is truthfully, accurately and completely recorded..
I am interested in the article “Audit Risks of Virtual IT Systems”: In today’s environment where companies widely use SAAS technology, how IT auditors should establish effective audit methods to identify key risks and provide solutions for these risks.
Because in practice, the application of SAAS is currently quite extensive. Almost in large enterprises, staff will use cloud computing. The key to cloud computing and SAAS IT auditing is to choose a framework for components to help with these technologies. Conduct an effective risk assessment. Nowadays, there is a security audit system that combines distributed data collection and centralized data analysis. The system implements the security audit function of the SaaS platform, and provides a basis for the platform to take further security measures.
I learn something about risk-based audit planning.
Risk-based audit planning is the deployment of audit resources to areas within an organization that represent the greatest risk. It requires an understanding of the organization and its environment, specifically:
• External and internal factors affecting the organization
• The organization’s selection and application of policies and procedures
• The organization’s objectives and strategies
• Measurement and review of the organization’s performance
The interesting thing that I found is the audit of virtual IT systems. IT auditors should have an adequate understanding of the VM, understanding of the business need, and evaluate the process of creation, development and change management of the VM. Therefore, IT auditors should understand the development and maintenance process, VM itself, as well as the business needs to see whether moving servers to VM could bring real benefit to the business. IT is interesting to know because other than another auditing, audit VM requires far more technical knowledge in order to effectively audit, which means IT auditors would spend more time to interview IT team in order to have good enough understanding. At the same time, understanding the business needs are always the key to a successful audit.
Virtualization is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware. Most commonly, it refers to running multiple operating systems on a computer system simultaneously. To the applications running on top of the virtualized machine, it can appear as if they are on their own dedicated machine, where the operating system, libraries, and other programs are unique to the guest virtualized system and unconnected to the host operating system which sits below it. A web server, database sever, logic server, backup server could all be virtualized into virtual server, which creates convenience and save money by reducing acquisition, maintenance and electricity costs. This explains the reason why cloud computing is becoming a growing trend in our daily lives.
By reading materials,one thing that interested me is that auditing cloud computing in one sense is like auditing any new IT-understand the IT,identify the risks,evaluate mitigating controls and audit the risky objects.The understanding and risk assessment can be enhanced with a good framework to think about the IT and risks and,thus,assist the IT auditor in conducting an effectual risk assessment.The IaaS/SaaS framework described here is intended to assist IT auditors in performing their duties associated with computing.
I am interested in this point in the “Auditing Risks in Virtual IT Systems” article: In an environment where SAAS technology is now so extensively used by enterprises, how should IT auditors establish effective methods to identify key risks and provide for these risks Develop an effective technical audit.
I am especially interested in “IT Audits of Cloud and SaaS”, for SaaS makes a vital part for developers, and we use cloud computing almost everywhere in our work. As for IT auditing, a key to IT audits of cloud computing and SaaS is to choose a framework for the components that assists an effective risk assessment of those technologies. Once a proper risk assessment is produced, the IT audit becomes a natural extension of auditing for the identified risks, especially where controls have not adequately mitigated the risk.
Virtualisation is a software technology that divides a physical resource, such as a server, into virtual resources called virtual machines (VMs). Virtualisation helps to consolidate physical resources, simplify deployment and administration, and reduce power and cooling requirements.
Virtualisation can be categorised into three areas:
1. Storage virtualisation—Virtualises the physical storage from multiple network storage devices so that they appear to be a single storage device. In general, ‘virtualisation’ refers to server virtualisation.
2. Network virtualisation—Combines computing resources in a network by splitting the available bandwidth into independent channels that can be assigned to a particular server or device in real time.
3. Server virtualisation—Hides the physical nature of server resources, including the number and identity of individual servers, processors and OSs from the software running on them.
From a security point of view, the advantages of virtualisation are:
• Better forensic capabilities
• Faster recovery after an attack
• Safer and more effective patching
• Better control over desktop resources
• More cost-effective security devices
I am interested in “cloud and SaaS IT audits” because SaaS is very important to developers and we use cloud computing almost everywhere in our work. Cloud computing involves the sharing of a pool of physical and virtual resources via the Internet rather than using locally based systems and net work.
SaaS provides software operation services.For IT audits, the key to cloud computing and SaaS IT audits is to choose a framework for components to help conduct effective risk assessments on these technologies.
T Auditors should fully understand the VM, understand the business requirements, and evaluate the VM creation, development, and change management processes. Of course, the most interesting is virtualization. Web servers, database servers, logic servers, and backup servers can all be virtualized as virtual servers, creating convenience and saving money by reducing acquisition, maintenance, and power costs.
In ISACA “Auditing Risks in Virtual IT Systems,”but one interesting thing for me is that virtualization is defined as a software technology that divides a physical resource (e.g. server) into virtual resources called virtual machines (VMs). People usually use Virtualization to consolidate physical resources, simplify deployment and administration, and reduce power and cooling requirements.
Although server virtualization technology is the most popular technology, virtualization is not limited to servers. In order to have a clearer understanding of virtualization, people categorized virtualization into storage virtualization, network virtualization, and server virtualization.
Virtualization has a lot of benefits from a security perspective. It has better forensic capabilities, faster recovery after an attack, safer and more effective patching, better control over desktop resources, and more cost-effective security devices.
And virtualisation can be categorised into three areas:
1.Storage virtualisation
2.Network virtualisation
3.Server virtualisation
Auditing cloud computing in one sense is like auditing any new IT—understand the IT, identify the risks, evaluate mitigating controls and audit the risky objects.
There are various ways to break down IaaS, for example:
• Connectivity
• Network services and management
• Compute services and management
• Data storage
• Security
There are various ways to break down SaaS, for example:
• Business process modeling
• Evaluation and analysis
• Process execution
After reading, I was interested in the benefits of virtualisationVirtualisation of IT systems has many advantages, which is why it has become so popular. Virtualisation expedites the server provisioning procedure and also improves capacity management. Virtualisation allows for partitioning multiple applications and supporting multiple OSs within a single physical system. Other significant benefits of virtualisation include effective segregation of duties, simulation support with multiple versions of the same or different OSs, more continuity options and expansion of the test environment.
From a security point of view, the advantages of virtualisation are:
1)Better forensic capabilities.
2)Faster recovery after an attack
3)Safer and more effective patching
4)Better control over desktop resources
5)More cost-effective security devices
The most interesting part I think is Security Risks in Virtual IT Systems. Even though they have many advantages, virtual IT systems are not risk-free or completely secure. Organisations need to take care of the security risks when using virtual IT systems. ‘Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration and mismanagement. Compromise of the virtualization foundation is a worst-case scenario. And The security risks in virtual IT systems can be broadly classified into three types: Architectural vulnerability; Software vulnerability; Configuration risks. Establishing policies and procedures for virtual IT systems is the responsibility of the organization and Vital for managers.
Through reading, I understand the IT audit of cloud and Saas.
The key to IT audits of cloud computing and SaaS is to choose a framework for the components to help carry out an effective risk assessment of these technologies.
Some key points for deciding to use SaaS are the complexity of the environment, the need to purchase smaller parts/modules, compatible with existing products, systems and IT, easy operation and purchase, easy integration, project management, scalable infrastructure and billing /cost.
In a sense, reviewing cloud computing is like reviewing any new IT, understanding IT, identifying risks, evaluating mitigation controls, and reviewing risky objects. This understanding and risk assessment can pass a good framework that considers IT and risk, therefore, assisting IT auditors in effective risk assessment.
Virtualisation is a software technology that divides a physical resource, such as a server, into virtual resources called virtual machines (VMs). Virtualisation can be applied to OSs, desktops, applications, storage and networks. VM technology is also being used in data storage, such as storage area networks, and inside OSs, such as Windows Server 2008 with Hyper-V. there are there areas storage virtualization, network virtualization and server virtualization.
After reading “IT Audits of Cloud and SaaS”, I am interested in cloud computing.The article discusses two cloud frameworks— Infrastructure as a Service (IaaS) and Software as a Service (SaaS). Infrastructure as a Service (IaaS) provides online processing or data storage capacity. Software as a Service (SaaS) provides a business application used by many individuals/organizations simultaneously. Each of these services are unique in its own way and require different focus points.
When reading the article” Auditing Risks in Virtual IT Systems”, I am interested in hoe to audit virtual IT systems. it is becoming more and more popular in large enterprises. First of all, we should have a basic understanding of virtual IT systems. Virtualisation can be categorised into
three areas: Storage virtualization, Network virtualization and Server virtualization. Second we should stay awake The enterprise information system architecture has changed a lot. Such as Server virtualisation allows multiple operating systems and applications to run concurrently on a single hardware, while not all virtualisation solutions leverage a hypervisor. Third we need to aware of security risks in virtual IT systems. The security risks in virtual IT systems can be broadly
classified into three types: architectural vulnerability, software vulnerability, configuration risks. The most important thing is in the last. First, The IT auditor should assess the business need for moving from physical to virtual and whether doing so would provide any real benefit to the organization. After that the information security auditor should evaluate the process of creation. Last The auditor should check the DR plan for the virtual IT system and should evaluate the test results and evaluate the sufficiency of existing controls, such as firewalls, intrusion detection systems, intrusion prevention systems and network port security. At the end of the article, it gives us key points of security audit for virtual IT systems, it will be a useful assistant to us in our practical work.
Virtualization is a software development that transforms physical resources into virtual resources. Server virtualization is increasingly becoming the norm in data centers. Through server virtualization, each physical server supports multiple virtual machines. The virtual machine runs its own operating system, middleware and applications. Virtualization has many advantages, including higher utilization, better data security, less user outage time and lower power consumption. IT auditors should assess the business needs of moving from physical to virtual, and whether doing so will bring benefits to the organization.
Virtualisation in a computing system adds a layer of abstraction between two layers in that computer system. Virtualisation can be applied to OSs, desktops, applications, storage and networks. VM technology is also being used in data storage, such as storage area networks, and inside OSs.
Virtualisation can be categorised into three areas:Storage virtualisation; Network virtualisation; Server virtualisation.
At the same time, virtualisation of IT systems has many advantages: better forensic capabilities; faster recovery after an attack; safer and more effective patching; better control over desktop resources; more cost-effective security devices.
Even though they have many advantages, virtual IT systems are not risk-free or completely secure. Organisations need to take care of the security risks when using virtual IT systems, such as architectural vulnerability, software vulnerability and configuration risks. Basic audit techniques coupled with proper control over the unique aspects of virtualisation technology can help mitigate the security risks of virtual IT systems. The audit guideline provided can assist in identifying and fixing the weaknesses of virtual IT systems and can help improve the operational efficiency of VMs so that organisations benefit from virtualisation technology.
I’m particularly interested in “IT auditing for the cloud and SaaS” because SaaS is critical to developers and we use cloud computing almost everywhere in our work. Cloud computing involves sharing pools of physical and virtual resources over the Internet, rather than using location-based systems and networks.
The information I can receive from the reading of the two articles is :
At first, it is critical for utilizing IT auditor to participate in all phases of the system, the reason is that the auditors find and give suggestions do not stand at the position of the designers of the system, they consider the alignment between the system and the requirement of its users, besides, they also examine the risks in the system can be controlled in a limited scope at the stage of the utilization of the sytem in the real environment.
Secondly, to some extent, setting IT audit in the system can be benefical to ensure the application of the system in real environment, because their works are able to check all aspects to combine the system with the requirement of its users.
Auditing cloud computing in one sense is like auditing any new IT—understand the IT, identify the risks, evaluate mitigating controls and audit the risky objects. The understanding and risk assessment can be enhanced with a good framework to think about the IT and risks and, thus, assist the IT auditor in conducting an effectual risk assessment.
Virtualization is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware. Most commonly, it refers to running multiple operating systems on a computer system at the same time. It is the same on its own dedicated computer, where the operating system, libraries and other programs are unique to the guest virtual system, and are not connected to the host operating system located on the host under it. Servers can be virtualized as virtual servers, which creates convenience and saves money by reducing purchase, maintenance and power costs.
I am interested in virtual machine migration
Virtual machine migration is a process of transferring a virtual machine from a physical computer at the migration end to a physical computer at the migration end through a certain method. In the entire process of virtual machine migration, there is a lack of security reinforcement methods for the migration end and the migration end, and the attacker uses it to steal the virtual machine information; the virtual machine migrates between physical servers/LANs with different trust levels, resulting in mixed trust levels , Increase the risk; after the migration, the data residual problem at the migration end, etc. In addition, the dynamic migration of most virtual machines through the network transmission in clear text is likely to cause the leakage of sensitive information.
One of the things that interests me through reading materials is that virtualization is the process of running virtual instances of a computer system from a layer of abstraction from the actual hardware. Although server virtualization is the most popular technology, virtualization is not limited to servers. In order to understand virtualization more clearly, people divide virtualization into storage virtualization, network virtualization and server virtualization. In addition, the security risks in virtual IT systems can be roughly divided into three categories: architecture vulnerabilities, software vulnerabilities, and configuration risks. The policies and procedures for establishing a virtual IT system are the responsibility of the organization and are of vital importance to managers.
“Auditing Risks in Virtual IT Systems
I searched some articals about the auditing risk in virtual system.I specially interest in the Game Industry.When performing revenue audits of online game companies, IT audits should be the basis.IT audit experts evaluate the IT environment of the game network system, conduct system tests on self-operated platforms or joint-operated platforms, etc., to determine whether the entire game network system is safe and effective, and whether the business data is truthfully, accurately and completely recorded..
I am interested in the article “Audit Risks of Virtual IT Systems”: In today’s environment where companies widely use SAAS technology, how IT auditors should establish effective audit methods to identify key risks and provide solutions for these risks.
Because in practice, the application of SAAS is currently quite extensive. Almost in large enterprises, staff will use cloud computing. The key to cloud computing and SAAS IT auditing is to choose a framework for components to help with these technologies. Conduct an effective risk assessment. Nowadays, there is a security audit system that combines distributed data collection and centralized data analysis. The system implements the security audit function of the SaaS platform, and provides a basis for the platform to take further security measures.