Research Article
BibTex RIS Cite

Bulut güvenlik denetimi: Bulut siber güvenlik uygulamalarında iç denetim

Year 2024, Volume: 17 Issue: 3, 667 - 690, 31.07.2024
https://doi.org/10.25287/ohuiibf.1482734

Abstract

İşletmelerin kimlik bilgilerinden gerçekleştirmiş oldukları faaliyetleri ve faaliyetlerini gerçekleştirme
yöntemlerinden denetlenme süreçlerine kadar bütün aşamaların bulut ortama taşınması çeşitli güvenlik
problemlerini gündeme getirmektedir. Bu bağlamda hali hazırda sınırlı sayıda bulut güvenlik modelleri ve
standartları bulunsa da bahsedilen modeller proaktif olmaktan öte reaktif bir yapıya sahip olmalarından dolayı
yeterli görülmemektedir. Siber alanların bulut uygulamalar içerisinde merkezi bir konuma yerleşmesi,
işletmelerin iç denetim faaliyetlerinin; kim tarafından, nasıl, hangi yöntemlerle, nasıl yetenekler bağlamında
yerine getirilmesi gerektiği sorularını gündeme getirmektedir. Dolayısı ile bu çalışmada bulut güvenlik
uygulamalarının denetlenmesinde iç denetimin rolünün ve gelecekte ki yapısının nasıl olacağına açıklık
getirilmesi amaçlanmıştır. Pratikte siber alanlar ile bulut uygulamalar geniş bir alana yayılmış olsa da iç
denetim çerçevesinde yapılan çalışmaların sınırlı olduğu görülmektedir. Erişim güçlüğü yaşanması ve
Türkiye’de bahsedilen uygulamaların sınırlı kullanımından dolayı bu çalışma teorik bir perspektiften ele
alınmıştır. Gelecekte iç denetim açısından yapılması gerekli görülen uygulamalara yönelik öneriler
getirilmiştir.

References

  • Albersmeier, F., H. Schulze, G. Jahn, & Spiller, A. (2009). The reliability of third-party certification in the food chain: from checklists to risk-oriented auditing, Food Control, 20(10), 927–935.
  • Alliance, C., (2011). Security guidance for critical areas of focus in cloud computing V3.0, Cloud Security Alliance, https://cloudsecurityalliance.org/guidance/ csaguide.v3.0.pdf, (Erişim tarihi: 10.08.2023)
  • Alliance, C. S. (2016). The Treacherous Twelve - Cloud Computing Top Threats İn 2016. https://cloudsecurityalliance.org/press-releases/2016/02/29/cloud-security-alliance-releases-the- treacherous-twelve-cloud-computing-top-threats-in-2016/ (Erişim Tarihi: 27.07.2023)
  • Anderson, R. J. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems, C. A. Long, Ed. Wiley USA.
  • Archer, J. & Boehm, A. (2009). Security guidance for critical areas of focus in cloud computing, Cloud Security Alliance, 2, 1-76.
  • Arjoon, S. (2012). Corporate Governance: An Ethical Perspective. J. Bus. Ethics, 61(4), 343–352.
  • Ashton, R. H. (1974). An experimental study of internal control judgements. J. Account. Research, pp. 143-157.
  • Australia Government. (2013). Strong And Secure. A Strategy For Australias National Security.
  • Baldwin, A. D. Pym, & Shiu, S. (2013). Enterprise ınformation risk management: dealing with cloud computing, Abdn.Ac. Uk, 257-291.
  • Behl, A. & Behl, K. (2012). An analysis of cloud computing security issues, İn Information And Communication Technologies (Wıct), 2012 World Congress On, 109-114.
  • Bernstein, D., E. Ludvigson, K. Sankar, S. Diamond, & Morrow, M. (2009). Blueprint For The İntercloud - Protocols And Formats For Cloud Computing İnteroperability. İn Proc. 2009 4th Int. Conf. Internet Web Appl. Serv. Icıw,pp. 328–336.
  • Bernstein, D., E. Ludvigson, K. Sankar, S. Diamond, & Morrow, M. (2009). Blueprint for the intercloud - Protocols and formats for cloud computing interoperability. In Proc. 2009 4th Int. Conf. Internet Web Appl. Serv. ICIW 2009, 328–336.
  • Bruma, L. M. (2021). Cloud security audit – issues and challenges. The 16th International Conference on Computer Science & Education (ICCSE 2021) August 18-20, 263-266.
  • Canada Government (2010). Canadas cyber security strategy. Canada: For A Stronger and More Prosperous.
  • Catteddu, D. (2010). Cloud computing: bene_ts, risks and recommendations for information security. Springer, 17(17), 1-15.
  • Catteddu, D. & Hogben, G. (2009). Cloud computing: benefits, risks and recommendations for ınformation security, Computing, 72(1), 2009-2013.
  • Chapin, F.S., G. P. Kofinas & Folke, C. (2009). Principles of Ecosystem Stewardship: Resilience-Based Natural Resource Management in a Changing World. Springer, 1-14.

CLOUD SECURITY AUDIT: INTERNAL AUDIT IN CLOUD CYBER SECURITY APPLICATIONS

Year 2024, Volume: 17 Issue: 3, 667 - 690, 31.07.2024
https://doi.org/10.25287/ohuiibf.1482734

Abstract

Moving all stages of businesses, from their identity information to their activities and methods of carrying out
their activities to their auditing processes, to the cloud environment brings various security problems to the
agenda. In this context, although there are currently a limited number of cloud security models and standards,
the mentioned models are not considered sufficient because they have a reactive structure rather than a
proactive one. The placement of cyberspaces in a central position within cloud applications, the internal audit
activities of enterprises; It raises the questions of who, how, by what methods, and in the context of capabilities.
Therefore, in this study, it is aimed to clarify the role and future structure of internal audit in auditing cloud
security applications. In practice, although cyberspace and cloud applications have spread over a wide area,
it is seen that the studies carried out within the framework of internal audit are limited. Due to the difficulties
of access in practice and the limited use of the applications mentioned in Turkey, this study has been discussed
from a theoretical perspective. Suggestions have been made for the practices deemed necessary in terms of
internal auditing in the future.

References

  • Albersmeier, F., H. Schulze, G. Jahn, & Spiller, A. (2009). The reliability of third-party certification in the food chain: from checklists to risk-oriented auditing, Food Control, 20(10), 927–935.
  • Alliance, C., (2011). Security guidance for critical areas of focus in cloud computing V3.0, Cloud Security Alliance, https://cloudsecurityalliance.org/guidance/ csaguide.v3.0.pdf, (Erişim tarihi: 10.08.2023)
  • Alliance, C. S. (2016). The Treacherous Twelve - Cloud Computing Top Threats İn 2016. https://cloudsecurityalliance.org/press-releases/2016/02/29/cloud-security-alliance-releases-the- treacherous-twelve-cloud-computing-top-threats-in-2016/ (Erişim Tarihi: 27.07.2023)
  • Anderson, R. J. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems, C. A. Long, Ed. Wiley USA.
  • Archer, J. & Boehm, A. (2009). Security guidance for critical areas of focus in cloud computing, Cloud Security Alliance, 2, 1-76.
  • Arjoon, S. (2012). Corporate Governance: An Ethical Perspective. J. Bus. Ethics, 61(4), 343–352.
  • Ashton, R. H. (1974). An experimental study of internal control judgements. J. Account. Research, pp. 143-157.
  • Australia Government. (2013). Strong And Secure. A Strategy For Australias National Security.
  • Baldwin, A. D. Pym, & Shiu, S. (2013). Enterprise ınformation risk management: dealing with cloud computing, Abdn.Ac. Uk, 257-291.
  • Behl, A. & Behl, K. (2012). An analysis of cloud computing security issues, İn Information And Communication Technologies (Wıct), 2012 World Congress On, 109-114.
  • Bernstein, D., E. Ludvigson, K. Sankar, S. Diamond, & Morrow, M. (2009). Blueprint For The İntercloud - Protocols And Formats For Cloud Computing İnteroperability. İn Proc. 2009 4th Int. Conf. Internet Web Appl. Serv. Icıw,pp. 328–336.
  • Bernstein, D., E. Ludvigson, K. Sankar, S. Diamond, & Morrow, M. (2009). Blueprint for the intercloud - Protocols and formats for cloud computing interoperability. In Proc. 2009 4th Int. Conf. Internet Web Appl. Serv. ICIW 2009, 328–336.
  • Bruma, L. M. (2021). Cloud security audit – issues and challenges. The 16th International Conference on Computer Science & Education (ICCSE 2021) August 18-20, 263-266.
  • Canada Government (2010). Canadas cyber security strategy. Canada: For A Stronger and More Prosperous.
  • Catteddu, D. (2010). Cloud computing: bene_ts, risks and recommendations for information security. Springer, 17(17), 1-15.
  • Catteddu, D. & Hogben, G. (2009). Cloud computing: benefits, risks and recommendations for ınformation security, Computing, 72(1), 2009-2013.
  • Chapin, F.S., G. P. Kofinas & Folke, C. (2009). Principles of Ecosystem Stewardship: Resilience-Based Natural Resource Management in a Changing World. Springer, 1-14.
There are 17 citations in total.

Details

Primary Language Turkish
Subjects Business Systems in Context (Other)
Journal Section Articles
Authors

Ali Kestane 0000-0002-7049-0354

Ganite Kurt 0000-0001-6438-2501

Publication Date July 31, 2024
Submission Date May 12, 2024
Acceptance Date June 28, 2024
Published in Issue Year 2024 Volume: 17 Issue: 3

Cite

APA Kestane, A., & Kurt, G. (2024). Bulut güvenlik denetimi: Bulut siber güvenlik uygulamalarında iç denetim. Ömer Halisdemir Üniversitesi İktisadi Ve İdari Bilimler Fakültesi Dergisi, 17(3), 667-690. https://doi.org/10.25287/ohuiibf.1482734

Creative Commons Lisansı
Ömer Halisdemir Universitesi Iktisadi ve Idari Bilimler Fakültesi Dergisi (OHUIIBF) is licensed under the Creative Commons Attribution-Noncommercial-Pseudonymity License 4.0 international license.