The main objective of this dissertation is the development of a security framework that encompasses all cloud environments regardless of the model, type, provider, service, or resources that are implemented.
To achieve that, interviews were conducted with audit professionals from the Big 4 firms and from the banking sector IT and cloud experts, on topics like audit approach, risks in the cloud, control evaluation, audit procedures, cloud environment, and documentation approach.
With the data collected, it was possible to construct a framework that covers IT and IS areas such as logical access control, operations management, change management, environment security, network integrity, and information protection.
