Cargando…

Federal cloud computing : the definitive guide for cloud service providers /

"In recent years 'cloud computing' has emerged as a model for providing IT infrastructure, resources and services that has the potential to drive significant value to organizations through increased IT efficiency, agility and innovation. However, Federal agencies who were early adopte...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Metheny, Matthew
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Amsterdam ; Boston : Elsevier/Syngress, 2012.
Edición:1st ed.
Temas:
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Ch. 1 Introduction to the Federal Cloud Computing Strategy
  • Introduction
  • A Historical View of Federal IT
  • The Early Years and the Mainframe Era
  • Shifting to Minicomputer
  • Decentralization: The Microcomputer ("Personal Computer")
  • Transitioning to Mobility
  • Evolution of Federal IT Policy
  • Cloud Computing: Drivers in Federal IT Transformation
  • Drivers for Adoption
  • Cloud Benefits
  • Decision Framework for Cloud Migration
  • Selecting Services to Move to the Cloud
  • Provisioning Cloud Services Effectively
  • Managing Services Rather Than Assets
  • Summary
  • ch. 2 Cloud Computing Standards
  • Introduction
  • Standards Development Primer
  • Cloud Computing Standardization Drivers
  • Federal Laws and Policy
  • Adoption Barriers
  • Identifying Standards for Federal Cloud Computing Adoption
  • Standards Development Organizations (SDOs) and Other Community-Driven Organizations
  • Standards Inventory
  • Summary
  • ch. 3 A Case for Open Source
  • Introduction
  • Open Source and the Federal Government
  • OSS Adoption Challenges: Acquisition and Security
  • Acquisition Challenges
  • Security Challenges
  • OSS and Federal Cloud Computing
  • Summary
  • ch. 4 Security and Privacy in Public Cloud Computing
  • Introduction
  • Security and Privacy in the Context of the Public Cloud
  • Federal Privacy Laws and Policies
  • Privacy Act of 1974
  • E-Government Act of 2002, Federal Information Security Management Act (FISMA)
  • OMB Memorandum Policies
  • Safeguarding Privacy Information
  • Privacy Controls
  • Data Breaches, Impacts, and Consequences
  • Security and Privacy Issues
  • Summary
  • ch. 5 Applying the NIST Risk Management Framework
  • Introduction to FISMA
  • Purpose
  • Role and Responsibilities
  • Risk Management Framework Overview
  • The Role of Risk Management
  • The NIST RMF and the System Development Life Cycle
  • NIST RMF Process
  • Information System Categorization
  • Security Control Selection
  • Security Controls Implementation
  • Security Controls Assessment
  • Information System Authorization
  • Security Controls Monitoring
  • Summary
  • ch. 6 Risk Management
  • Introduction to Risk Management
  • Federal Information Security Risk Management Practices
  • Overview of Enterprise-Wide Risk Management
  • Components of the NIST Risk Management Process
  • Multi-Tiered Risk Management
  • NIST Risk Management Process
  • Framing Risk
  • Risk Assessment
  • Responding to Risk
  • Monitoring Risk
  • Comparing the NIST and ISO/IEC Risk Management Processes
  • Summary
  • ch. 7 Comparison of Federal and International Security Certification Standards
  • Introduction
  • Overview of Certification and Accreditation
  • Evolution of the Federal C&A Processes
  • Towards a Unified Approach to C&A
  • NIST and ISO/IEC Information Security Standards
  • Boundary and Scope Definition
  • Security Policy
  • Risk Management Strategy (Context)
  • Risk Management Process
  • Security Objectives and Controls
  • Summary
  • ch. 8 FedRAMP Primer
  • Introduction to FedRAMP
  • FedRAMP Policy Memo
  • Primary Stakeholders
  • FedRAMP Concept of Operations
  • Operational Processes
  • Third Party Assessment Organization Program
  • Summary
  • ch. 9 The FedRAMP Cloud Computing Security Requirements
  • Security Control Selection Process
  • Selecting the Security Control Baseline
  • Tailoring and Supplementing Security Control Baseline
  • FedRAMP Cloud Computing Overlay
  • FedRAMP Cloud Computing Security Requirements
  • Policy and Procedures
  • Harmonizing FedRAMP Requirements
  • Assurance of External Service Providers Compliance
  • Approaches to Implementing FedRAMP Security Controls
  • FedRAMP Security Control Requirements
  • Summary
  • ch. 10 Security Assessment and Authorization: Governance, Preparation, and Execution
  • Introduction to the Security Assessment Process
  • Governance in the Security Assessment
  • Preparing for the Security Assessment
  • Security Assessment Customer Responsibilities
  • Security Assessment Provider Responsibilities
  • Executing the Security Assessment Plan
  • Summary
  • ch. 11 Strategies for Continuous Monitoring
  • Introduction to Continuous Monitoring
  • Organizational Governance
  • CM Strategy
  • CM Program
  • The Continuous Monitoring Process
  • Defining a CM Strategy
  • Implementing a CM Program
  • Review and Update CM Strategy and Program
  • Continuous Monitoring within FedRAMP
  • Summary
  • ch. 12 Cost-Effective Compliance Using Security Automation
  • Introduction
  • CM Reference Architectures
  • Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture
  • CAESARS Framework Extension Reference Architecture
  • Security Automation Standards and Specifications
  • Security Content Automation Protocol
  • Cybersecurity Information Exchange Framework
  • Operational Visibility and Continuous Monitoring
  • Summary
  • ch. 13 A Case Study for Cloud Service Providers
  • Case Study Scenario: "Healthcare Exchange"
  • Applying the Risk Management Framework within FedRAMP
  • Categorize Information System
  • Select Security Controls
  • Implement and Document Security Controls
  • Assessing Security Controls
  • Summary.