7                                                     Security


            5)      Key management and data encryption audit: As encryption is the core mechanism to protect data
                    in the cloud computing environment regardless of whether the service model is IaaS, PaaS or even
                    SaaS, audit requirements should include the implementation and processing of key management
                    and data encryption.

            6)      Emergency response and management audit: Audit requirements focus mainly on an emergency
                    plan,  a  centralized  management  of  security  incidents,  and  a  correlation  analysis  between  the
                    different security events.
















































































            1038