The EU-SEC Continuous auditing based certification training and awareness package
EU-SEC’s continuous auditing approach will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications. The method developed for this is called continuous auditing based certification. By using technology to monitor and flag non- compliant activity on an ongoing basis, continuous auditing delivers an enhancement to traditional certification. It increases the assessment frequency via a continuous workflow. State of the art security monitoring systems supervise the IT’s security status by collecting data from the CSP’s information system. This collected data is further assessed and used as the basis for continuous auditing.
A high level motivation and explanation of continuous auditing based certification can be found in our explanation video at this site.
In addition, the EU-SEC continuous auditing based certification training and awareness package contains guidelines, slides and documents that allow auditors, CSPs, Cloud Service Customers and regulators to understand the principles and details that are required for an implementation of continuous auditing based certification. The package contains
The Scientific Papers
- Continuous Location Validation of Cloud Service Components
- A Process Model to Support Continuous Certification of Cloud Services
- Towards Continuous Security Certification of SaaS Applications Using Web Application Testing Techniques
- Evaluating the Performance of Continuous Test-based Cloud Service Certification