SlideShare a Scribd company logo

Background  A small non-profit organization (SNPO-MC) has rec.docx

Download as DOCX, PDF
A
AMMY30

Background :  A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the grant overseers.  Tasking :  You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non-profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery. As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization. Your deliverable  for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats. https://it.tufts.edu/cloud-pol https://www.american.edu/policies/upload/IT-Security-Policy-2013.pdf Organization Profile :  The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are volunteers who work from their home offices using personally owned equipment. The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees are set on a sliding scale based upon the client’s ability to pay. The organization receives additional funding to support its administrative costs, including IT and IT security, through grants and donations from several Fortune 500 companies. The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 person) professional IT staff that includes one information security specialist. These staff members are located in the Boston headquarters office. Definitions :  Employees of the organization are referred to as employees. Executives and other staff who are “on loan” from Fortune 500 companies are referred to a ...

Education
1 of 8
Background : A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the grant overseers. Tasking : You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non- profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery. As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization.
Your deliverable for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats. https://it.tufts.edu/cloud-pol https://www.american.edu/policies/upload/IT-Security-Policy- 2013.pdf Organization Profile : The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are volunteers who work from their home offices using personally owned equipment. The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees are set on a sliding scale based upon the client’s ability to pay. The organization receives additional funding to support its administrative costs, including IT and IT security, through grants and donations from several Fortune 500 companies.
The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 person) professional IT staff that includes one information security specialist. These staff members are located in the Boston headquarters office. Definitions : Employees of the organization are referred to as employees. Executives and other staff who are “on loan” from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year. Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week. Cloud Computing includes but is not restricted to: · Platform as a Service · Infrastructure as a Service
· Software as a Service Issues List : · Who speaks with authority for the firm? · Who monitors and manages compliance with laws and regulations? · Ownership of content · Privacy and confidentiality · Enforcement · Penalties for violations of policy ·
Use by sales and marketing · Use by customer service / outreach · Use by public relations and corporate communications (e.g. information for shareholders, customers, general public) · Use for advertising and e-commerce · Use by teleworkers · Review requirements (when, by whom) · Use of content and services monitoring tools · Content generation and management (documents, email, cloud storage) · Additional issues listed in
http://www.cloud-council.org/Security_for_Cloud_Computing- Final_080912.pdf Resources (suggested by the organization’s IT Staff for your consideration) : 1. http://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidan ce.pdf 2. http://www.cloud-council.org/Security_for_Cloud_Computing- Final_080912.pdf 3. http://www.sans.org/reading-room/whitepapers/analyst/cloud- security-compliance-primer-34910 4. http://csrc.nist.gov/publications/nistpubs/800-144/SP800- 144.pdf The documents below are useful resources in planning your cloud security policy: Cloud Security: A Comprehensive Guide to Secure Cloud Computing by
Ronald L. Krutz and Russell Dean Vines John Wiley & Sons © 2010(384 pages), ISBN: 9780470589878 Chapter 3: Cloud Computing Software Security Fundamentals http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?book id=34770 NIST Guide to Information Technology Security Services at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=906567 25 point implementation plan to reform information technology http://www.dhs.gov/sites/default/files/publications/digital- strategy/25-point-implementation-plan-to-reform-federal-it.pdf Understanding Cloud Computing (NIST SP 500-291) and (NIST SP 500-292) http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909024 500-291 - Standards: Chapter 3 and Chapter 5.5 White Paper: “Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory
Background  A small non-profit organization (SNPO-MC) has rec.docx

Recommended

Project 6 - Cloud Computing Security PolicyThis week you will pr.docx
Project 6 - Cloud Computing Security PolicyThis week you will pr.docxProject 6 - Cloud Computing Security PolicyThis week you will pr.docx
Project 6 - Cloud Computing Security PolicyThis week you will pr.docxanitramcroberts
 
Bullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxBullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxCruzIbarra161
 
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxPage 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxalfred4lewis58146
 
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdfBerryHughes
 
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxRunning head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxjeanettehully
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxtodd581
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxglendar3
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 

Recommended

Project 6 - Cloud Computing Security PolicyThis week you will pr.docx
Project 6 - Cloud Computing Security PolicyThis week you will pr.docxProject 6 - Cloud Computing Security PolicyThis week you will pr.docx
Project 6 - Cloud Computing Security PolicyThis week you will pr.docxanitramcroberts
 
Bullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxBullzeye is a discount retailer offering a wide range of products,.docx
Bullzeye is a discount retailer offering a wide range of products,.docxCruzIbarra161
 
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxPage 1 of 4 Bullzeye Data Breach Readiness Assessment .docx
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxalfred4lewis58146
 
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdfBerryHughes
 
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxRunning head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docx
Running head PROJECT PLAN INCEPTION1PROJECT PLAN INCEPTION .docxjeanettehully
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxtodd581
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxglendar3
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONHOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONSHANTO-MARIAM UNIVERSITY OF CREATIVE AND TECHNOLOGY
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxsodhi3
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 EssayMichelle Bojorquez
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job DescriptionDanai Thongsin
 
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docx
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docxTechnology integrationTECHNOLOGY INTEGRATION Student’s name.docx
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docxmattinsonjanel
 
IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docxMikealay Desta
 
Hello Wendy, Here is an assignment I need done today.  The class i.docx
Hello Wendy, Here is an assignment I need done today.  The class i.docxHello Wendy, Here is an assignment I need done today.  The class i.docx
Hello Wendy, Here is an assignment I need done today.  The class i.docxaidaclewer
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Dawn Simpson
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Electronic Commerce
Electronic CommerceElectronic Commerce
Electronic Commerceellamee27
 
After reviewing the Coleman (2016) article on executive compensation.docx
After reviewing the Coleman (2016) article on executive compensation.docxAfter reviewing the Coleman (2016) article on executive compensation.docx
After reviewing the Coleman (2016) article on executive compensation.docxAMMY30
 
After reviewing the chapter on Recognizing Contributions, perform .docx
After reviewing the chapter on Recognizing Contributions, perform .docxAfter reviewing the chapter on Recognizing Contributions, perform .docx
After reviewing the chapter on Recognizing Contributions, perform .docxAMMY30
 
After reviewing the chapter on Recognizing Contributions, perform a .docx
After reviewing the chapter on Recognizing Contributions, perform a .docxAfter reviewing the chapter on Recognizing Contributions, perform a .docx
After reviewing the chapter on Recognizing Contributions, perform a .docxAMMY30
 
After reviewing the background materials and doing your own research.docx
After reviewing the background materials and doing your own research.docxAfter reviewing the background materials and doing your own research.docx
After reviewing the background materials and doing your own research.docxAMMY30
 
After reviewing the articles and videos, please address the followin.docx
After reviewing the articles and videos, please address the followin.docxAfter reviewing the articles and videos, please address the followin.docx
After reviewing the articles and videos, please address the followin.docxAMMY30
 
After reviewing Georgia v. Randolph and Fernandez v. Californi.docx
After reviewing Georgia v. Randolph and Fernandez v. Californi.docxAfter reviewing Georgia v. Randolph and Fernandez v. Californi.docx
After reviewing Georgia v. Randolph and Fernandez v. Californi.docxAMMY30
 

More Related Content

Similar to Background  A small non-profit organization (SNPO-MC) has rec.docx

Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxsodhi3
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job DescriptionDanai Thongsin
 
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docx
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docxTechnology integrationTECHNOLOGY INTEGRATION Student’s name.docx
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docxmattinsonjanel
 
IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docxMikealay Desta
 
Hello Wendy, Here is an assignment I need done today.  The class i.docx
Hello Wendy, Here is an assignment I need done today.  The class i.docxHello Wendy, Here is an assignment I need done today.  The class i.docx
Hello Wendy, Here is an assignment I need done today.  The class i.docxaidaclewer
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Dawn Simpson
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Electronic Commerce
Electronic CommerceElectronic Commerce
Electronic Commerceellamee27
 

Similar to Background  A small non-profit organization (SNPO-MC) has rec.docx (16)

Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATIONHOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
HOW INFORMATION SYSTEM IS EFFECT ON AN ORGANIZATION
 
Replies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docxReplies Required for below Posting 1 user security awarene.docx
Replies Required for below Posting 1 user security awarene.docx
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive Biography
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 Essay
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job Description
 
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docx
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docxTechnology integrationTECHNOLOGY INTEGRATION Student’s name.docx
Technology integrationTECHNOLOGY INTEGRATION Student’s name.docx
 
IPM Individual Assignment.docx
IPM Individual Assignment.docxIPM Individual Assignment.docx
IPM Individual Assignment.docx
 
Hello Wendy, Here is an assignment I need done today.  The class i.docx
Hello Wendy, Here is an assignment I need done today.  The class i.docxHello Wendy, Here is an assignment I need done today.  The class i.docx
Hello Wendy, Here is an assignment I need done today.  The class i.docx
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docx
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Electronic Commerce
Electronic CommerceElectronic Commerce
Electronic Commerce
 

More from AMMY30

After reviewing the Coleman (2016) article on executive compensation.docx
After reviewing the Coleman (2016) article on executive compensation.docxAfter reviewing the Coleman (2016) article on executive compensation.docx
After reviewing the Coleman (2016) article on executive compensation.docxAMMY30
 
After reviewing the chapter on Recognizing Contributions, perform .docx
After reviewing the chapter on Recognizing Contributions, perform .docxAfter reviewing the chapter on Recognizing Contributions, perform .docx
After reviewing the chapter on Recognizing Contributions, perform .docxAMMY30
 
After reviewing the chapter on Recognizing Contributions, perform a .docx
After reviewing the chapter on Recognizing Contributions, perform a .docxAfter reviewing the chapter on Recognizing Contributions, perform a .docx
After reviewing the chapter on Recognizing Contributions, perform a .docxAMMY30
 
After reviewing the background materials and doing your own research.docx
After reviewing the background materials and doing your own research.docxAfter reviewing the background materials and doing your own research.docx
After reviewing the background materials and doing your own research.docxAMMY30
 
After reviewing the articles and videos, please address the followin.docx
After reviewing the articles and videos, please address the followin.docxAfter reviewing the articles and videos, please address the followin.docx
After reviewing the articles and videos, please address the followin.docxAMMY30
 
After reviewing Georgia v. Randolph and Fernandez v. Californi.docx
After reviewing Georgia v. Randolph and Fernandez v. Californi.docxAfter reviewing Georgia v. Randolph and Fernandez v. Californi.docx
After reviewing Georgia v. Randolph and Fernandez v. Californi.docxAMMY30
 
After reviewing chapter 11 of the E-Text and the Required Resources .docx
After reviewing chapter 11 of the E-Text and the Required Resources .docxAfter reviewing chapter 11 of the E-Text and the Required Resources .docx
After reviewing chapter 11 of the E-Text and the Required Resources .docxAMMY30
 
After reading Library ArticlesDevine, K., Kloppenborg, .docx
After reading Library ArticlesDevine, K., Kloppenborg, .docxAfter reading Library ArticlesDevine, K., Kloppenborg, .docx
After reading Library ArticlesDevine, K., Kloppenborg, .docxAMMY30
 
After reading Trifles by Susan Glaspell complete the following works.docx
After reading Trifles by Susan Glaspell complete the following works.docxAfter reading Trifles by Susan Glaspell complete the following works.docx
After reading Trifles by Susan Glaspell complete the following works.docxAMMY30
 
After reading through Chapter 1, the focus was on targeting the five.docx
After reading through Chapter 1, the focus was on targeting the five.docxAfter reading through Chapter 1, the focus was on targeting the five.docx
After reading through Chapter 1, the focus was on targeting the five.docxAMMY30
 
After reading There Is No Unmarked Woman, by Deborah Tannen, a.docx
After reading There Is No Unmarked Woman, by Deborah Tannen, a.docxAfter reading There Is No Unmarked Woman, by Deborah Tannen, a.docx
After reading There Is No Unmarked Woman, by Deborah Tannen, a.docxAMMY30
 
After reading the U.S. Constitution and the Amendments respond t.docx
After reading the U.S. Constitution and the Amendments respond t.docxAfter reading the U.S. Constitution and the Amendments respond t.docx
After reading the U.S. Constitution and the Amendments respond t.docxAMMY30
 
After reading the two short primary source documents listed below, c.docx
After reading the two short primary source documents listed below, c.docxAfter reading the two short primary source documents listed below, c.docx
After reading the two short primary source documents listed below, c.docxAMMY30
 
After reading the section titled Dominant Microprocessor Company In.docx
After reading the section titled Dominant Microprocessor Company In.docxAfter reading the section titled Dominant Microprocessor Company In.docx
After reading the section titled Dominant Microprocessor Company In.docxAMMY30
 
After reading the section titled Dominant Microprocessor Compan.docx
After reading the section titled Dominant Microprocessor Compan.docxAfter reading the section titled Dominant Microprocessor Compan.docx
After reading the section titled Dominant Microprocessor Compan.docxAMMY30
 
After reading the paper for this week, Steinfield C, LaRose R, C.docx
After reading the paper for this week, Steinfield C, LaRose R, C.docxAfter reading the paper for this week, Steinfield C, LaRose R, C.docx
After reading the paper for this week, Steinfield C, LaRose R, C.docxAMMY30
 
After reading the Martin Luther King, Jr. speech in the attached lin.docx
After reading the Martin Luther King, Jr. speech in the attached lin.docxAfter reading the Martin Luther King, Jr. speech in the attached lin.docx
After reading the Martin Luther King, Jr. speech in the attached lin.docxAMMY30
 
After reading the material from Shafer-Landau concerning the appeal .docx
After reading the material from Shafer-Landau concerning the appeal .docxAfter reading the material from Shafer-Landau concerning the appeal .docx
After reading the material from Shafer-Landau concerning the appeal .docxAMMY30
 
After reading the IMAA article this week on Effective Manageme.docx
After reading the IMAA article this week on Effective Manageme.docxAfter reading the IMAA article this week on Effective Manageme.docx
After reading the IMAA article this week on Effective Manageme.docxAMMY30
 
After reading the essay, Why Rational People Buy into Conspiracy Th.docx
After reading the essay, Why Rational People Buy into Conspiracy Th.docxAfter reading the essay, Why Rational People Buy into Conspiracy Th.docx
After reading the essay, Why Rational People Buy into Conspiracy Th.docxAMMY30
 

More from AMMY30 (20)

After reviewing the Coleman (2016) article on executive compensation.docx
After reviewing the Coleman (2016) article on executive compensation.docxAfter reviewing the Coleman (2016) article on executive compensation.docx
After reviewing the Coleman (2016) article on executive compensation.docx
 
After reviewing the chapter on Recognizing Contributions, perform .docx
After reviewing the chapter on Recognizing Contributions, perform .docxAfter reviewing the chapter on Recognizing Contributions, perform .docx
After reviewing the chapter on Recognizing Contributions, perform .docx
 
After reviewing the chapter on Recognizing Contributions, perform a .docx
After reviewing the chapter on Recognizing Contributions, perform a .docxAfter reviewing the chapter on Recognizing Contributions, perform a .docx
After reviewing the chapter on Recognizing Contributions, perform a .docx
 
After reviewing the background materials and doing your own research.docx
After reviewing the background materials and doing your own research.docxAfter reviewing the background materials and doing your own research.docx
After reviewing the background materials and doing your own research.docx
 
After reviewing the articles and videos, please address the followin.docx
After reviewing the articles and videos, please address the followin.docxAfter reviewing the articles and videos, please address the followin.docx
After reviewing the articles and videos, please address the followin.docx
 
After reviewing Georgia v. Randolph and Fernandez v. Californi.docx
After reviewing Georgia v. Randolph and Fernandez v. Californi.docxAfter reviewing Georgia v. Randolph and Fernandez v. Californi.docx
After reviewing Georgia v. Randolph and Fernandez v. Californi.docx
 
After reviewing chapter 11 of the E-Text and the Required Resources .docx
After reviewing chapter 11 of the E-Text and the Required Resources .docxAfter reviewing chapter 11 of the E-Text and the Required Resources .docx
After reviewing chapter 11 of the E-Text and the Required Resources .docx
 
After reading Library ArticlesDevine, K., Kloppenborg, .docx
After reading Library ArticlesDevine, K., Kloppenborg, .docxAfter reading Library ArticlesDevine, K., Kloppenborg, .docx
After reading Library ArticlesDevine, K., Kloppenborg, .docx
 
After reading Trifles by Susan Glaspell complete the following works.docx
After reading Trifles by Susan Glaspell complete the following works.docxAfter reading Trifles by Susan Glaspell complete the following works.docx
After reading Trifles by Susan Glaspell complete the following works.docx
 
After reading through Chapter 1, the focus was on targeting the five.docx
After reading through Chapter 1, the focus was on targeting the five.docxAfter reading through Chapter 1, the focus was on targeting the five.docx
After reading through Chapter 1, the focus was on targeting the five.docx
 
After reading There Is No Unmarked Woman, by Deborah Tannen, a.docx
After reading There Is No Unmarked Woman, by Deborah Tannen, a.docxAfter reading There Is No Unmarked Woman, by Deborah Tannen, a.docx
After reading There Is No Unmarked Woman, by Deborah Tannen, a.docx
 
After reading the U.S. Constitution and the Amendments respond t.docx
After reading the U.S. Constitution and the Amendments respond t.docxAfter reading the U.S. Constitution and the Amendments respond t.docx
After reading the U.S. Constitution and the Amendments respond t.docx
 
After reading the two short primary source documents listed below, c.docx
After reading the two short primary source documents listed below, c.docxAfter reading the two short primary source documents listed below, c.docx
After reading the two short primary source documents listed below, c.docx
 
After reading the section titled Dominant Microprocessor Company In.docx
After reading the section titled Dominant Microprocessor Company In.docxAfter reading the section titled Dominant Microprocessor Company In.docx
After reading the section titled Dominant Microprocessor Company In.docx
 
After reading the section titled Dominant Microprocessor Compan.docx
After reading the section titled Dominant Microprocessor Compan.docxAfter reading the section titled Dominant Microprocessor Compan.docx
After reading the section titled Dominant Microprocessor Compan.docx
 
After reading the paper for this week, Steinfield C, LaRose R, C.docx
After reading the paper for this week, Steinfield C, LaRose R, C.docxAfter reading the paper for this week, Steinfield C, LaRose R, C.docx
After reading the paper for this week, Steinfield C, LaRose R, C.docx
 
After reading the Martin Luther King, Jr. speech in the attached lin.docx
After reading the Martin Luther King, Jr. speech in the attached lin.docxAfter reading the Martin Luther King, Jr. speech in the attached lin.docx
After reading the Martin Luther King, Jr. speech in the attached lin.docx
 
After reading the material from Shafer-Landau concerning the appeal .docx
After reading the material from Shafer-Landau concerning the appeal .docxAfter reading the material from Shafer-Landau concerning the appeal .docx
After reading the material from Shafer-Landau concerning the appeal .docx
 
After reading the IMAA article this week on Effective Manageme.docx
After reading the IMAA article this week on Effective Manageme.docxAfter reading the IMAA article this week on Effective Manageme.docx
After reading the IMAA article this week on Effective Manageme.docx
 
After reading the essay, Why Rational People Buy into Conspiracy Th.docx
After reading the essay, Why Rational People Buy into Conspiracy Th.docxAfter reading the essay, Why Rational People Buy into Conspiracy Th.docx
After reading the essay, Why Rational People Buy into Conspiracy Th.docx
 

Recently uploaded

CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Recently uploaded (20)

CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Background  A small non-profit organization (SNPO-MC) has rec.docx

  • 1. Background : A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the grant overseers. Tasking : You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non- profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery. As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization.
  • 2. Your deliverable for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats. https://it.tufts.edu/cloud-pol https://www.american.edu/policies/upload/IT-Security-Policy- 2013.pdf Organization Profile : The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are volunteers who work from their home offices using personally owned equipment. The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees are set on a sliding scale based upon the client’s ability to pay. The organization receives additional funding to support its administrative costs, including IT and IT security, through grants and donations from several Fortune 500 companies.
  • 3. The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 person) professional IT staff that includes one information security specialist. These staff members are located in the Boston headquarters office. Definitions : Employees of the organization are referred to as employees. Executives and other staff who are “on loan” from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year. Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week. Cloud Computing includes but is not restricted to: · Platform as a Service · Infrastructure as a Service
  • 4. · Software as a Service Issues List : · Who speaks with authority for the firm? · Who monitors and manages compliance with laws and regulations? · Ownership of content · Privacy and confidentiality · Enforcement · Penalties for violations of policy ·
  • 5. Use by sales and marketing · Use by customer service / outreach · Use by public relations and corporate communications (e.g. information for shareholders, customers, general public) · Use for advertising and e-commerce · Use by teleworkers · Review requirements (when, by whom) · Use of content and services monitoring tools · Content generation and management (documents, email, cloud storage) · Additional issues listed in
  • 6. http://www.cloud-council.org/Security_for_Cloud_Computing- Final_080912.pdf Resources (suggested by the organization’s IT Staff for your consideration) : 1. http://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidan ce.pdf 2. http://www.cloud-council.org/Security_for_Cloud_Computing- Final_080912.pdf 3. http://www.sans.org/reading-room/whitepapers/analyst/cloud- security-compliance-primer-34910 4. http://csrc.nist.gov/publications/nistpubs/800-144/SP800- 144.pdf The documents below are useful resources in planning your cloud security policy: Cloud Security: A Comprehensive Guide to Secure Cloud Computing by
  • 7. Ronald L. Krutz and Russell Dean Vines John Wiley & Sons © 2010(384 pages), ISBN: 9780470589878 Chapter 3: Cloud Computing Software Security Fundamentals http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?book id=34770 NIST Guide to Information Technology Security Services at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=906567 25 point implementation plan to reform information technology http://www.dhs.gov/sites/default/files/publications/digital- strategy/25-point-implementation-plan-to-reform-federal-it.pdf Understanding Cloud Computing (NIST SP 500-291) and (NIST SP 500-292) http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909024 500-291 - Standards: Chapter 3 and Chapter 5.5 White Paper: “Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory