Federal Cloud Computing (2nd Ed.) The Definitive Guide for Cloud Service Providers
Auteur : Metheny Matthew
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.
You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.
This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.
1. Introduction to the federal cloud computing strategy 2. Cloud computing standards 3. A case for open source 4. Security and privacy in public cloud computing 5. Applying the NIST risk management framework 6. Risk management 7. Comparison of federal and international security certification standards 8. FedRAMP primer 9. The FedRAMP cloud computing security requirements 10. Security testing: Vulnerability assessments and penetration testing 11. Security assessment and authorization: Governance, preparation, and execution 12. Strategies for continuous monitoring 13. Continuous monitoring through security automation 14. A case study for cloud service providers
Information security professionals and consultants, system administrators, IT administrators and managers focused on information security, as well as security auditors, security engineers, virtualization specialists, software developers, and compliance specialists.
Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing.
Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSA’s Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelor’s degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University C
- Provides a common understanding of the federal requirements as they apply to cloud computing
- Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
- Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization
Date de parution : 01-2017
Ouvrage de 536 p.
19x23.4 cm
Thèmes de Federal Cloud Computing :
Mots-clés :
25 Point Implementation Plan; 3PAO; Acquisition; Attack vector; Authorization; C&A; CM; CM program; CM reference architecture; CM requirements; CM solutions; CM strategy; CONOPS; Case study; Certification and accreditation; Certifications standards; Cloud First policy; Cloud computing; Cloud migration; Cloud strategy; Concept of operations; Continuous monitoring; Control selection process; ERM; Enterprise-wide risk management; FISMA; FedRAMP; Federal IT policies; Federal IT transformation; Federal privacy laws; Federal security; Healthcare exchange; ISO/IEC; Information security; JAB; NIST; NIST Conceptual Reference Model; OMB policies; OSS; OSS adoption; Open source software; Organizational governance; Penetration test; Penetration test plan; Personally identifiable information (PII); Policy memo; Privacy; Public cloud; Public cloud computing; RMF; ROE; Risk management; Rules of engagement; SDLC; SDOs; Security; Security assessment plan; Security assessment process; Security assessment report; Security automation; Security control baseline; Security requirements; Security standards; Security testing; Standardization; Standardization drivers; System security plan; Vulnerability assessment; Vulnerability scanning
