• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Evidence-based accountability audits for cloud computing

Rübsamen, Thomas January 2016 (has links)
Cloud computing is known for its on-demand service provisioning and has now become mainstream. Many businesses as well as individuals are using cloud services on a daily basis. There is a big variety of services that ranges from the provision of computing resources to services such as productivity suites and social networks. The nature of these services varies heavily in terms of what kind of information is being out-sourced to the cloud provider. Often, that data is sensitive, for instance when PII is being shared by an individual. Also, businesses that move (parts of) their processes to the cloud are actively participating in a major paradigm shift from having data on-premise to transfering data to a third-party provider. However, many new challenges come along with this trend, which are closely tied to the loss of control over data. When moving to the cloud, direct control over geographical storage location, who has access to it and how it is shared and processed is given up. Because of this loss of control, cloud customers have to trust cloud providers that they treat their data in an appropriate and responsible way. Cloud audits can be used to check how data has been processed in the cloud (i.e., by whom, for what purpose) and whether or not this happened in compliance with what has been defined in agreed-upon privacy and data storage, usage and maintenance (i.e., data handling) policies. This way, a cloud customer can regain some of the control he has given up by moving to the cloud. In this thesis, accountability audits are presented as a way to strengthen trust in cloud computing by providing assurance about the processing of data in the cloud according to data handling and privacy policies. In cloud accountability audits, various distributed evidence sources need to be considered. The research presented in this thesis discusses the use of various heterogeous evidence sources on all cloud layers. This way, a complete picture of the actual data handling practices that is based on hard facts can be presented to the cloud consumer. Furthermore, this strengthens transparency of data processing in the cloud, which can lead to improved trust in cloud providers, if they choose to adopt these mechanisms in order to assure their customers that their data is being handled according to their expectations. The system presented in this thesis enables continuous auditing of a cloud provider's adherence to data handling policies in an automated way that shortens audit intervals and that is based on evidence that is produced by cloud subsystems. An important aspect of many cloud offerings is the combination of multiple distinct cloud services that are offered by independent providers. Data is thereby freuqently exchanged between the cloud providers. This also includes trans-border flows of data, where one provider may be required to adhere to more strict data protection requirements than the others. The system presented in this thesis addresses such scenarios by enabling the collection of evidence at providers and evaluating it during audits. Securing evidence quickly becomes a challenge in the system design, when information that is needed for the audit is deemed sensitive or confidential. This means that securing the evidence at-rest as well as in-transit is of utmost importance, in order not to introduce a new liability by building an insecure data heap. This research presents the identification of security and privacy protection requirements alongside proposed solutions that enable the development of an architecture for secure, automated, policy-driven and evidence-based accountability audits.
2

Risker i den digitala revisionsprocessen : En kvalitativ studie om hur svenska revisorer identifierar och hanterar digitala risker

Gumpert, Theodor, Allert, Carl January 2017 (has links)
As a result of technological improvements, the efficiency of the audit industry increased greatly in the 1950’s. Since then, technological development has increased significantly. The industry is currently undergoing a digitalization process, similar to that already experienced by the society. The audit agencies researched in this study are striving to replace paper-based audits and to be completely digitalized, by using digital auditing tools throughout the entire audit process. Prior research, regarding the digitalization of the audit process, has focused on the advantages or the disadvantages. How the auditors in practice identify and handle digital risks is, however, lacking in this earlier research. The purpose of this study is to understand how auditors identify and handle the risks that digitalization entails in the gathering and use of digital audit evidence. In order to achieve the purpose of this study, the gathering of empirical evidence has been based on a qualitative method. Twelve respondents, nine of whom are auditors and three audit associates, were interviewed using semi-structured interviews. Conclusions generated by this study are that IT skills, experience, industry knowledge and the understanding of the company audited are the fundamental factors affecting the auditor's ability to identify and handle digital risks. Furthermore, the risks due to digitalization have neither increased nor become of greater importance than previously, rather the opposite. The advantages resulting from the digitalization of the audit process outweigh the disadvantages. Overall, the digitalization affects the auditor's ability to comment on a company's financial reports and management in a positive manner.

Page generated in 0.0474 seconds