SlideShare a Scribd company logo

Project 6 - Cloud Computing Security PolicyThis week you will pr.docx

Download as DOCX, PDF
A
anitramcroberts

Project 6 - Cloud Computing Security Policy This week you will prepare a cloud security policy. The first CIO of the US mandated that cloud services be implemented in organizations whenever possible. Review the scenario below and prepare a cloud security policy for the organization. Complete the following section readings from “ Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory, sections 1.1, 1.3, 1.6, 1.8, and 1.9; prior to starting your work on the policy: PROCESS-ORIENTED SECURITY REQUIREMENTS 1.1 NIST SP 800-53 SECURITY CONTROLS FOR CLOUD-BASED INFORMATION SYSTEMS: page 10 1.3  CLOUD CERTIFICATION AND ACCREDITATION: page 17 1.6 CLARITY ON CLOUD ACTORS SECURITY ROLES AND RESPONSIBILITIES: page 27 1.8 BUSINESS CONTINUITY AND DISASTER RECOVERY: page 31 1.9 TECHNICAL CONTINUOUS MONITORING CAPABILITIES: page 34 Background :  A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the grant overseers.  Tasking :  You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non-profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery. As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization. Your deliverable  for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats. https://it.tufts.edu/cloud-pol https://www.american.edu/policies/upload/IT-Security-Policy-2013.pdf Organization Profile :  The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining.

Education
1 of 7
Project 6 - Cloud Computing Security Policy This week you will prepare a cloud security policy. The first CIO of the US mandated that cloud services be implemented in organizations whenever possible. Review the scenario below and prepare a cloud security policy for the organization. Complete the following section readings from “ Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory, sections 1.1, 1.3, 1.6, 1.8, and 1.9; prior to starting your work on the policy: PROCESS-ORIENTED SECURITY REQUIREMENTS 1.1 NIST SP 800-53 SECURITY CONTROLS FOR CLOUD- BASED INFORMATION SYSTEMS: page 10 1.3 CLOUD CERTIFICATION AND ACCREDITATION: page 17 1.6 CLARITY ON CLOUD ACTORS SECURITY ROLES AND RESPONSIBILITIES: page 27 1.8 BUSINESS CONTINUITY AND DISASTER RECOVERY: page 31 1.9 TECHNICAL CONTINUOUS MONITORING CAPABILITIES: page 34 Background : A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud
computing security policy to the grant overseers. Tasking : You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non- profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery. As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization. Your deliverable for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats. https://it.tufts.edu/cloud-pol https://www.american.edu/policies/upload/IT-Security-Policy- 2013.pdf Organization Profile : The organization is headquartered in Boston, MA and has two
additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are volunteers who work from their home offices using personally owned equipment. The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees are set on a sliding scale based upon the client’s ability to pay. The organization receives additional funding to support its administrative costs, including IT and IT security, through grants and donations from several Fortune 500 companies. The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 person) professional IT staff that includes one information security specialist. These staff members are located in the Boston headquarters office. Definitions : Employees of the organization are referred to as employees. Executives and other staff who are “on loan” from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year. Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week. Cloud Computing includes but is not restricted to: ·
Platform as a Service · Infrastructure as a Service · Software as a Service Issues List : · Who speaks with authority for the firm? · Who monitors and manages compliance with laws and regulations? · Ownership of content · Privacy and confidentiality · Enforcement · Penalties for violations of policy · Use by sales and marketing · Use by customer service / outreach
· Use by public relations and corporate communications (e.g. information for shareholders, customers, general public) · Use for advertising and e-commerce · Use by teleworkers · Review requirements (when, by whom) · Use of content and services monitoring tools · Content generation and management (documents, email, cloud storage) · Additional issues listed in http://www.cloud-council.org/Security_for_Cloud_Computing- Final_080912.pdf Resources (suggested by the organization’s IT Staff for your consideration) : 1. http://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidan ce.pdf 2. http://www.cloud-council.org/Security_for_Cloud_Computing-
Final_080912.pdf 3. http://www.sans.org/reading-room/whitepapers/analyst/cloud- security-compliance-primer-34910 4. http://csrc.nist.gov/publications/nistpubs/800-144/SP800- 144.pdf The documents below are useful resources in planning your cloud security policy: Cloud Security: A Comprehensive Guide to Secure Cloud Computing by Ronald L. Krutz and Russell Dean Vines John Wiley & Sons © 2010(384 pages), ISBN: 9780470589878 Chapter 3: Cloud Computing Software Security Fundamentals http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?book id=34770 NIST Guide to Information Technology Security Services at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=906567 25 point implementation plan to reform information technology http://www.dhs.gov/sites/default/files/publications/digital- strategy/25-point-implementation-plan-to-reform-federal-it.pdf Understanding Cloud Computing (NIST SP 500-291) and (NIST SP 500-292) http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909024 500-291 - Standards: Chapter 3 and Chapter 5.5
White Paper: “Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory

Recommended

Background  A small non-profit organization (SNPO-MC) has rec.docx
Background  A small non-profit organization (SNPO-MC) has rec.docxBackground  A small non-profit organization (SNPO-MC) has rec.docx
Background  A small non-profit organization (SNPO-MC) has rec.docxAMMY30
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woerm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxTerm Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 

Recommended

Background  A small non-profit organization (SNPO-MC) has rec.docx
Background  A small non-profit organization (SNPO-MC) has rec.docxBackground  A small non-profit organization (SNPO-MC) has rec.docx
Background  A small non-profit organization (SNPO-MC) has rec.docxAMMY30
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woerm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxTerm Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
 
BMIS 664 Final Project.docx
BMIS 664 Final Project.docxBMIS 664 Final Project.docx
BMIS 664 Final Project.docxwrite31
 
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEMMIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEMShehanperamuna
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Executive Leaders Network
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Cisco Domain Ten solution overview
Cisco Domain Ten solution overviewCisco Domain Ten solution overview
Cisco Domain Ten solution overviewCharles Malkiel
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
As an IT analyst for a company providing voting.docx
As an IT analyst for a company providing voting.docxAs an IT analyst for a company providing voting.docx
As an IT analyst for a company providing voting.docx4934bk
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 EssayMichelle Bojorquez
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
As an IT analyst for Ballot a company providing.docx
As an IT analyst for Ballot a company providing.docxAs an IT analyst for Ballot a company providing.docx
As an IT analyst for Ballot a company providing.docx4934bk
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxtodd581
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxglendar3
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 
Propose recommendations to create an age diverse workforce.W.docx
Propose recommendations to create an age diverse workforce.W.docxPropose recommendations to create an age diverse workforce.W.docx
Propose recommendations to create an age diverse workforce.W.docxanitramcroberts
 
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docxProsecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docxanitramcroberts
 

More Related Content

Similar to Project 6 - Cloud Computing Security PolicyThis week you will pr.docx

MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEMMIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEMShehanperamuna
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Executive Leaders Network
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Cisco Domain Ten solution overview
Cisco Domain Ten solution overviewCisco Domain Ten solution overview
Cisco Domain Ten solution overviewCharles Malkiel
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
As an IT analyst for a company providing voting.docx
As an IT analyst for a company providing voting.docxAs an IT analyst for a company providing voting.docx
As an IT analyst for a company providing voting.docx4934bk
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
As an IT analyst for Ballot a company providing.docx
As an IT analyst for Ballot a company providing.docxAs an IT analyst for Ballot a company providing.docx
As an IT analyst for Ballot a company providing.docx4934bk
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxtodd581
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxglendar3
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 

Similar to Project 6 - Cloud Computing Security PolicyThis week you will pr.docx (20)

MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEMMIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
MIS Notes For University Students.MANAGEMENT INFORMATION SYSTEM
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docx
 
Mike Schleif - Executive Biography
Mike Schleif - Executive BiographyMike Schleif - Executive Biography
Mike Schleif - Executive Biography
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
Streaming Processes: Creating a Start-up Within a Big Corporate (Mohammad Sha...
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Cisco Domain Ten solution overview
Cisco Domain Ten solution overviewCisco Domain Ten solution overview
Cisco Domain Ten solution overview
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docx
 
As an IT analyst for a company providing voting.docx
As an IT analyst for a company providing voting.docxAs an IT analyst for a company providing voting.docx
As an IT analyst for a company providing voting.docx
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 Essay
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
As an IT analyst for Ballot a company providing.docx
As an IT analyst for Ballot a company providing.docxAs an IT analyst for Ballot a company providing.docx
As an IT analyst for Ballot a company providing.docx
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docx
 
Running Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docxRunning Head Operational Components1Operational Component.docx
Running Head Operational Components1Operational Component.docx
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
 

More from anitramcroberts

Propose recommendations to create an age diverse workforce.W.docx
Propose recommendations to create an age diverse workforce.W.docxPropose recommendations to create an age diverse workforce.W.docx
Propose recommendations to create an age diverse workforce.W.docxanitramcroberts
 
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docxProsecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docxanitramcroberts
 
PromptTopic Joseph is scheduled to have hip replacement surgery .docx
PromptTopic Joseph is scheduled to have hip replacement surgery .docxPromptTopic Joseph is scheduled to have hip replacement surgery .docx
PromptTopic Joseph is scheduled to have hip replacement surgery .docxanitramcroberts
 
Property TaxThe property tax has been criticized as an unfair ba.docx
Property TaxThe property tax has been criticized as an unfair ba.docxProperty TaxThe property tax has been criticized as an unfair ba.docx
Property TaxThe property tax has been criticized as an unfair ba.docxanitramcroberts
 
Prosecutors and VictimsWrite a 2 page paper.  Address the follow.docx
Prosecutors and VictimsWrite a 2 page paper.  Address the follow.docxProsecutors and VictimsWrite a 2 page paper.  Address the follow.docx
Prosecutors and VictimsWrite a 2 page paper.  Address the follow.docxanitramcroberts
 
Prompt Discuss the recent public policy decisions made in Texas wit.docx
Prompt Discuss the recent public policy decisions made in Texas wit.docxPrompt Discuss the recent public policy decisions made in Texas wit.docx
Prompt Discuss the recent public policy decisions made in Texas wit.docxanitramcroberts
 
Properties of LifeChapter 1 of the text highlights the nine proper.docx
Properties of LifeChapter 1 of the text highlights the nine proper.docxProperties of LifeChapter 1 of the text highlights the nine proper.docx
Properties of LifeChapter 1 of the text highlights the nine proper.docxanitramcroberts
 
Proofread and complete your manual that includes the following ite.docx
Proofread and complete your manual that includes the following ite.docxProofread and complete your manual that includes the following ite.docx
Proofread and complete your manual that includes the following ite.docxanitramcroberts
 
Proof Reading and adding 5 pages to chapter 2The pre-thesis .docx
Proof Reading and adding 5 pages to chapter 2The pre-thesis .docxProof Reading and adding 5 pages to chapter 2The pre-thesis .docx
Proof Reading and adding 5 pages to chapter 2The pre-thesis .docxanitramcroberts
 
prompt:Leadership Culture - Describe the leadership culture in ope.docx
prompt:Leadership Culture - Describe the leadership culture in ope.docxprompt:Leadership Culture - Describe the leadership culture in ope.docx
prompt:Leadership Culture - Describe the leadership culture in ope.docxanitramcroberts
 
Prompt  These two poems are companion pieces from a collection by.docx
Prompt  These two poems are companion pieces from a collection by.docxPrompt  These two poems are companion pieces from a collection by.docx
Prompt  These two poems are companion pieces from a collection by.docxanitramcroberts
 
PromptTopic Robert was quite active when he first started colleg.docx
PromptTopic Robert was quite active when he first started colleg.docxPromptTopic Robert was quite active when he first started colleg.docx
PromptTopic Robert was quite active when he first started colleg.docxanitramcroberts
 
PromptTopic Outline the flow of blood through the heart.  Explai.docx
PromptTopic Outline the flow of blood through the heart.  Explai.docxPromptTopic Outline the flow of blood through the heart.  Explai.docx
PromptTopic Outline the flow of blood through the heart.  Explai.docxanitramcroberts
 
PromptTopic Deborah has 2 preschool-age children and one school-.docx
PromptTopic Deborah has 2 preschool-age children and one school-.docxPromptTopic Deborah has 2 preschool-age children and one school-.docx
PromptTopic Deborah has 2 preschool-age children and one school-.docxanitramcroberts
 
PROMPTAnalyze from Amreeka the scene you found most powerfu.docx
PROMPTAnalyze from Amreeka the scene you found most powerfu.docxPROMPTAnalyze from Amreeka the scene you found most powerfu.docx
PROMPTAnalyze from Amreeka the scene you found most powerfu.docxanitramcroberts
 
Prompt What makes a poem good or bad  Use Chapter 17 to identi.docx
Prompt What makes a poem good or bad  Use Chapter 17 to identi.docxPrompt What makes a poem good or bad  Use Chapter 17 to identi.docx
Prompt What makes a poem good or bad  Use Chapter 17 to identi.docxanitramcroberts
 
PromptTopic Anton grew up in France and has come to America for .docx
PromptTopic Anton grew up in France and has come to America for .docxPromptTopic Anton grew up in France and has come to America for .docx
PromptTopic Anton grew up in France and has come to America for .docxanitramcroberts
 
Prompt #1 Examples of Inductive InferencePrepare To prepare to.docx
Prompt #1 Examples of Inductive InferencePrepare To prepare to.docxPrompt #1 Examples of Inductive InferencePrepare To prepare to.docx
Prompt #1 Examples of Inductive InferencePrepare To prepare to.docxanitramcroberts
 
Project This project requires you to identify and analyze le.docx
Project This project requires you to identify and analyze le.docxProject This project requires you to identify and analyze le.docx
Project This project requires you to identify and analyze le.docxanitramcroberts
 
ProjectUsing the information you learned from your assessments and.docx
ProjectUsing the information you learned from your assessments and.docxProjectUsing the information you learned from your assessments and.docx
ProjectUsing the information you learned from your assessments and.docxanitramcroberts
 

More from anitramcroberts (20)

Propose recommendations to create an age diverse workforce.W.docx
Propose recommendations to create an age diverse workforce.W.docxPropose recommendations to create an age diverse workforce.W.docx
Propose recommendations to create an age diverse workforce.W.docx
 
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docxProsecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
Prosecuting Cybercrime  The Jurisdictional ProblemIn this discuss.docx
 
PromptTopic Joseph is scheduled to have hip replacement surgery .docx
PromptTopic Joseph is scheduled to have hip replacement surgery .docxPromptTopic Joseph is scheduled to have hip replacement surgery .docx
PromptTopic Joseph is scheduled to have hip replacement surgery .docx
 
Property TaxThe property tax has been criticized as an unfair ba.docx
Property TaxThe property tax has been criticized as an unfair ba.docxProperty TaxThe property tax has been criticized as an unfair ba.docx
Property TaxThe property tax has been criticized as an unfair ba.docx
 
Prosecutors and VictimsWrite a 2 page paper.  Address the follow.docx
Prosecutors and VictimsWrite a 2 page paper.  Address the follow.docxProsecutors and VictimsWrite a 2 page paper.  Address the follow.docx
Prosecutors and VictimsWrite a 2 page paper.  Address the follow.docx
 
Prompt Discuss the recent public policy decisions made in Texas wit.docx
Prompt Discuss the recent public policy decisions made in Texas wit.docxPrompt Discuss the recent public policy decisions made in Texas wit.docx
Prompt Discuss the recent public policy decisions made in Texas wit.docx
 
Properties of LifeChapter 1 of the text highlights the nine proper.docx
Properties of LifeChapter 1 of the text highlights the nine proper.docxProperties of LifeChapter 1 of the text highlights the nine proper.docx
Properties of LifeChapter 1 of the text highlights the nine proper.docx
 
Proofread and complete your manual that includes the following ite.docx
Proofread and complete your manual that includes the following ite.docxProofread and complete your manual that includes the following ite.docx
Proofread and complete your manual that includes the following ite.docx
 
Proof Reading and adding 5 pages to chapter 2The pre-thesis .docx
Proof Reading and adding 5 pages to chapter 2The pre-thesis .docxProof Reading and adding 5 pages to chapter 2The pre-thesis .docx
Proof Reading and adding 5 pages to chapter 2The pre-thesis .docx
 
prompt:Leadership Culture - Describe the leadership culture in ope.docx
prompt:Leadership Culture - Describe the leadership culture in ope.docxprompt:Leadership Culture - Describe the leadership culture in ope.docx
prompt:Leadership Culture - Describe the leadership culture in ope.docx
 
Prompt  These two poems are companion pieces from a collection by.docx
Prompt  These two poems are companion pieces from a collection by.docxPrompt  These two poems are companion pieces from a collection by.docx
Prompt  These two poems are companion pieces from a collection by.docx
 
PromptTopic Robert was quite active when he first started colleg.docx
PromptTopic Robert was quite active when he first started colleg.docxPromptTopic Robert was quite active when he first started colleg.docx
PromptTopic Robert was quite active when he first started colleg.docx
 
PromptTopic Outline the flow of blood through the heart.  Explai.docx
PromptTopic Outline the flow of blood through the heart.  Explai.docxPromptTopic Outline the flow of blood through the heart.  Explai.docx
PromptTopic Outline the flow of blood through the heart.  Explai.docx
 
PromptTopic Deborah has 2 preschool-age children and one school-.docx
PromptTopic Deborah has 2 preschool-age children and one school-.docxPromptTopic Deborah has 2 preschool-age children and one school-.docx
PromptTopic Deborah has 2 preschool-age children and one school-.docx
 
PROMPTAnalyze from Amreeka the scene you found most powerfu.docx
PROMPTAnalyze from Amreeka the scene you found most powerfu.docxPROMPTAnalyze from Amreeka the scene you found most powerfu.docx
PROMPTAnalyze from Amreeka the scene you found most powerfu.docx
 
Prompt What makes a poem good or bad  Use Chapter 17 to identi.docx
Prompt What makes a poem good or bad  Use Chapter 17 to identi.docxPrompt What makes a poem good or bad  Use Chapter 17 to identi.docx
Prompt What makes a poem good or bad  Use Chapter 17 to identi.docx
 
PromptTopic Anton grew up in France and has come to America for .docx
PromptTopic Anton grew up in France and has come to America for .docxPromptTopic Anton grew up in France and has come to America for .docx
PromptTopic Anton grew up in France and has come to America for .docx
 
Prompt #1 Examples of Inductive InferencePrepare To prepare to.docx
Prompt #1 Examples of Inductive InferencePrepare To prepare to.docxPrompt #1 Examples of Inductive InferencePrepare To prepare to.docx
Prompt #1 Examples of Inductive InferencePrepare To prepare to.docx
 
Project This project requires you to identify and analyze le.docx
Project This project requires you to identify and analyze le.docxProject This project requires you to identify and analyze le.docx
Project This project requires you to identify and analyze le.docx
 
ProjectUsing the information you learned from your assessments and.docx
ProjectUsing the information you learned from your assessments and.docxProjectUsing the information you learned from your assessments and.docx
ProjectUsing the information you learned from your assessments and.docx
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

Project 6 - Cloud Computing Security PolicyThis week you will pr.docx

  • 1. Project 6 - Cloud Computing Security Policy This week you will prepare a cloud security policy. The first CIO of the US mandated that cloud services be implemented in organizations whenever possible. Review the scenario below and prepare a cloud security policy for the organization. Complete the following section readings from “ Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory, sections 1.1, 1.3, 1.6, 1.8, and 1.9; prior to starting your work on the policy: PROCESS-ORIENTED SECURITY REQUIREMENTS 1.1 NIST SP 800-53 SECURITY CONTROLS FOR CLOUD- BASED INFORMATION SYSTEMS: page 10 1.3 CLOUD CERTIFICATION AND ACCREDITATION: page 17 1.6 CLARITY ON CLOUD ACTORS SECURITY ROLES AND RESPONSIBILITIES: page 27 1.8 BUSINESS CONTINUITY AND DISASTER RECOVERY: page 31 1.9 TECHNICAL CONTINUOUS MONITORING CAPABILITIES: page 34 Background : A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud
  • 2. computing security policy to the grant overseers. Tasking : You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non- profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery. As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization. Your deliverable for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats. https://it.tufts.edu/cloud-pol https://www.american.edu/policies/upload/IT-Security-Policy- 2013.pdf Organization Profile : The organization is headquartered in Boston, MA and has two
  • 3. additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are volunteers who work from their home offices using personally owned equipment. The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees are set on a sliding scale based upon the client’s ability to pay. The organization receives additional funding to support its administrative costs, including IT and IT security, through grants and donations from several Fortune 500 companies. The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 person) professional IT staff that includes one information security specialist. These staff members are located in the Boston headquarters office. Definitions : Employees of the organization are referred to as employees. Executives and other staff who are “on loan” from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year. Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week. Cloud Computing includes but is not restricted to: ·
  • 4. Platform as a Service · Infrastructure as a Service · Software as a Service Issues List : · Who speaks with authority for the firm? · Who monitors and manages compliance with laws and regulations? · Ownership of content · Privacy and confidentiality · Enforcement · Penalties for violations of policy · Use by sales and marketing · Use by customer service / outreach
  • 5. · Use by public relations and corporate communications (e.g. information for shareholders, customers, general public) · Use for advertising and e-commerce · Use by teleworkers · Review requirements (when, by whom) · Use of content and services monitoring tools · Content generation and management (documents, email, cloud storage) · Additional issues listed in http://www.cloud-council.org/Security_for_Cloud_Computing- Final_080912.pdf Resources (suggested by the organization’s IT Staff for your consideration) : 1. http://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidan ce.pdf 2. http://www.cloud-council.org/Security_for_Cloud_Computing-
  • 6. Final_080912.pdf 3. http://www.sans.org/reading-room/whitepapers/analyst/cloud- security-compliance-primer-34910 4. http://csrc.nist.gov/publications/nistpubs/800-144/SP800- 144.pdf The documents below are useful resources in planning your cloud security policy: Cloud Security: A Comprehensive Guide to Secure Cloud Computing by Ronald L. Krutz and Russell Dean Vines John Wiley & Sons © 2010(384 pages), ISBN: 9780470589878 Chapter 3: Cloud Computing Software Security Fundamentals http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?book id=34770 NIST Guide to Information Technology Security Services at http://www.nist.gov/customcf/get_pdf.cfm?pub_id=906567 25 point implementation plan to reform information technology http://www.dhs.gov/sites/default/files/publications/digital- strategy/25-point-implementation-plan-to-reform-federal-it.pdf Understanding Cloud Computing (NIST SP 500-291) and (NIST SP 500-292) http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909024 500-291 - Standards: Chapter 3 and Chapter 5.5
  • 7. White Paper: “Challenging Security Requirements for US Government Cloud Computing Adoption,” NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program, Information Technology Laboratory