Abstract-Cloud computing presents a new model for IT service delivery and it typically involves over-a-network, on-demand, self-service access, which is dynamically scalable and elastic, utilising pools of often virtualized resources. Through these features, cloud computing has the potential to improve the way businesses and IT operate by offering fast start-up, flexibility, scalability and cost efficiency. Even though cloud computing provides compelling benefits and cost-effective options for IT hosting and expansion, new risks and opportunities for security exploits are introduced. Standards, policies and controls are therefore of the essence to assist management in protecting and safeguarding systems and data. Management should understand and analyse cloud computing risks in order to protect systems and data from security exploits. The focus of this paper is on mitigation for cloud computing security risks as a fundamental step towards ensuring secure cloud computing environments.
This paper has critically assessed a Higher Education Institution's (HEI) Examination Paper Preparation Process (EPPP) to identify threats and vulnerabilities that could place the security of the process at a risk; thus, compromising the security of the examination papers. Surveys were utilized to identify examiners' behaviour which could pose a risk to the security of the examination papers. The paper further highlights the vital role the human factor plays in ensuring that the EPPP is secure. The paper proposes an Information Security Assurance Model (ISAM) that is based on information security principles and best practices to manage and improve the security of the EPPP. The model provides a step-by-step guide which could be followed to ensure that relevant information security aspects are covered to ensure that examination papers are handled more securely. The aim of the model is to ensure that examination papers are not accessible to unauthorized individuals; which, may lead to some students being conferred with qualifications that they do not deserve.
The increasing dependence upon Information Systems (IS) in the last few decades by businesses has resulted in many concerns regarding auditing. Traditional IS auditing has changed from auditing "around the computer" to a hands-on approach (auditing through and with the computer). Technology is changing rapidly and so is the profession of IS auditing.As IS auditing is dependent on Information Technology (IT), it is essential that an IS auditor possesses IT and auditing knowledge to bridge the gap between the IT and auditing professions.The aim of the study is to: 1) define the roles and responsibilities expected from IS auditors, based on the different types of audit assignments and the steps involved in performing an IS audit assignment; 2) describe the basic IT and audit knowledge required from IS auditors based on the roles and responsibilities identified; 3) describe the soft skills required from IS auditors to successfully perform an IS audit assignment; 4) define the main types of IS audit tools and techniques used most often to assist IS auditors in executing IS audit roles and responsibilities; and 5) establish an IS auditor's profile based on the 4 characteristics defined above.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.