Atjaunināt sīkdatņu piekrišanu

E-grāmata: Federal Cloud Computing: The Definitive Guide for Cloud Service Providers

4.33/5 (3 ratings by Goodreads)
(Chief Information Security Officer and Director of Cyber Security Operations, Court Services and Offender Supervision Agency (CSOSA))
  • Formāts: EPUB+DRM
  • Izdošanas datums: 05-Jan-2017
  • Izdevniecība: Syngress Media,U.S.
  • Valoda: eng
  • ISBN-13: 9780128096871
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 56,53 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Federal Cloud Computing: The Definitive Guide for Cloud Service ProvidersPalielināt
  • Formāts: EPUB+DRM
  • Izdošanas datums: 05-Jan-2017
  • Izdevniecība: Syngress Media,U.S.
  • Valoda: eng
  • ISBN-13: 9780128096871
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.

Users will learn the basics of the NIST risk management framework (RMF), with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps on how to cost-effectively implement the Assessment and Authorization (A&A) process, along with strategies for implementing Continuous Monitoring and enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.

The completely updated Second Edition covers all the changes to FedRAMP, including clarifying guidance on the three paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.

  • Provides a common understanding of the federal requirements as they apply to cloud computing
  • Presents a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
  • Includes both technical and non-technical perspectives of the Federal Assessment and Authorization process that speaks across the organization
  • Completely updated Second Edition covers all the current changes users need to achieve FedRAMP compliance

Papildus informācija

The only book to provide a roadmap for navigating federal cloud computing guidelines.
About the Author xiii
About the Technical Editor xv
Foreword xvii
William Corrington
Foreword xix
Jim Reavis
Chapter 1 Introduction to the federal cloud computing strategy
1(34)
Introduction
1(5)
A Historical View of Federal IT
6(17)
The Early Years and the Mainframe Era
7(2)
Shifting to Minicomputer
9(1)
Decentralization: The Microcomputer ("Personal Computer")
10(1)
Transitioning to Mobility
11(2)
Evolution of Federal IT Policy
13(10)
Cloud Computing: Drivers in Federal IT Transformation
23(7)
Drivers for Adoption
25(3)
Cloud Benefits
28(2)
Decision Framework for Cloud Migration
30(3)
Selecting Services to Move to the Cloud
31(1)
Provisioning Cloud Services Effectively
32(1)
Managing Services Rather Than Assets
33(1)
Summary
33(1)
References
33(2)
Chapter 2 Cloud computing standards
35(24)
Introduction
35(4)
Standards Development Primer
39(3)
Cloud Computing Standardization Drivers
42(3)
Federal Laws and Policy
43(1)
Adoption Barriers
44(1)
Identifying Standards for Federal Cloud Computing Adoption
45(12)
Standards Development Organizations (SDOs) and Other Community-Driven Organizations
48(1)
Standards Inventory
48(9)
Summary
57(1)
References
57(2)
Chapter 3 A Case for Open Source
59(20)
Introduction
59(4)
Open Source Software and the Federal Government
63(5)
Open Source Software Adoption Challenges: Acquisition and Security
68(4)
Acquisition Challenges
68(3)
Security Challenges
71(1)
Open Source Software and Federal Cloud Computing
72(3)
Summary
75(1)
References
76(3)
Chapter 4 Security and privacy in public cloud computing
79(38)
Introduction
79(2)
Security and Privacy in the Context of the Public Cloud
81(7)
Federal Privacy Laws and Policies
83(3)
Privacy Act of 1974
86(2)
Federal Information Security Modernization Act (FISMA)
88(1)
OMB Memorandum Policies
89(1)
Safeguarding Privacy Information
90(22)
Privacy Controls
94(15)
Data Breaches, Impacts, and Consequences
109(3)
Security and Privacy Issues
112(1)
Summary
113(1)
References
113(4)
Chapter 5 Applying the NIST risk management framework
117(68)
Introduction to FISMA
117(8)
Purpose
117(2)
Roles and Responsibilities
119(6)
Risk Management Framework Overview
125(3)
The Role of Risk Management
126(2)
The NIST RMF and the System Development Life Cycle
128(1)
NIST RMF Process
128(54)
Information System Categorization
131(15)
Security Controls Selection
146(13)
Security Controls Implementation
159(2)
Security Controls Assessment
161(5)
Information System Authorization
166(9)
Security Controls Monitoring
175(7)
Summary
182(1)
References
182(3)
Chapter 6 Risk management
185(26)
Introduction to Risk Management
185(3)
Federal Information Security Risk Management Practices
188(3)
Overview of Enterprise-Wide Risk Management
191(7)
Components of the NIST Risk Management Process
191(4)
Multitiered Risk Management
195(3)
NIST Risk Management Process
198(6)
Framing Risk
199(1)
Assessing Risk
200(2)
Responding to Risk
202(1)
Monitoring Risk
203(1)
Comparing the NIST and ISO/IEC Risk Management Processes
204(5)
Summary
209(1)
References
209(2)
Chapter 7 Comparison of federal and international security certification standards
211(28)
Introduction
211(1)
Overview of Certification and Accreditation
212(10)
Evolution of the Federal C&A Processes
214(6)
Towards a Unified Approach to C&A
220(2)
NIST and ISO/IEC Information Security Standards
222(14)
Boundary and Scope Definition
225(1)
Security Policy
226(1)
Risk Management Strategy (Context)
227(1)
Risk Management Process
227(1)
Security Objectives and Controls
228(8)
Summary
236(1)
References
236(3)
Chapter 8 FedRAMP primer
239(30)
Introduction to FedRAMP
239(2)
FedRAMP Overview
241(1)
FedRAMP Policy Memo
242(2)
FedRAMP Governance and Stakeholders
244(5)
Primary Stakeholders
245(4)
FedRAMP Accelerated Process
249(4)
FedRAMP Security Assessment Framework
253(12)
FedRAMP Security Assessment Framework Phases
256(9)
Third Party Assessment Organization Program
265(2)
Summary
267(1)
References
267(2)
Chapter 9 The FedRAMP cloud computing security requirements
269(110)
Security Control Selection Process
269(3)
Selecting the Security Control Baseline
270(1)
Tailoring and Supplementing Security Control Baseline
270(1)
FedRAMP Cloud Computing Overlay
271(1)
FedRAMP Cloud Computing Security Requirements
272(90)
Policy and Procedures
273(3)
Harmonizing FedRAMP Requirements
276(1)
Assurance of External Service Providers Compliance
277(2)
Approaches to Implementing FedRAMP Security Controls
279(2)
FedRAMP Security Control Requirements
281(81)
Federal Laws, Executive Orders, Policies, Directives, Regulations, Standards and Guidelines
362(14)
Federal Laws and Executive Orders
363(1)
Federal Policies, Directives, and Regulations
363(3)
Federal Standards
366(1)
Federal Guidelines and Interagency Reports
367(9)
Summary
376(1)
References
376(3)
Chapter 10 Security testing: vulnerability assessments and penetration testing
379(22)
Introduction to Security Testing
379(2)
Vulnerability Assessment
381(6)
Penetration Testing
387(5)
FedRAMP Vulnerability Scan and Penetration Testing Requirements
392(8)
General
397(1)
Web Application
397(1)
Social Engineering
397(3)
Summary
400(1)
References
400(1)
Chapter 11 Security assessment and authorization: Governance, preparation, and execution
401(24)
Introduction to the Security Assessment Process
401(3)
Governance in the Security Assessment
404(3)
Preparing for the Security Assessment
407(14)
Security Assessment Customer Responsibilities
409(1)
Selecting a Security Assessment Provider
410(4)
Security Assessment Provider Responsibilities
414(7)
Executing the Security Assessment Plan
421(2)
Summary
423(1)
References
424(1)
Chapter 12 Strategies for continuous monitoring
425(28)
Introduction to Continuous Monitoring
425(10)
Organizational Governance
427(4)
CM Strategy
431(3)
CM Program
434(1)
The Continuous Monitoring Process
435(8)
Defining a CM Strategy
435(2)
Implementing a CM Program
437(6)
Review and Update CM Strategy and Program
443(1)
Continuous Monitoring within FedRAMP
443(8)
Summary
451(1)
References
452(1)
Chapter 13 Continuous monitoring through security automation
453(20)
Introduction
453(3)
CM Reference Architectures
456(10)
Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture
456(1)
CAESARS Framework Extension Reference Architecture
456(10)
Security Automation Standards and Specifications
466(2)
Security Content Automation Protocol
467(1)
Cybersecurity Information Exchange Framework
468(1)
Operational Visibility and Continuous Monitoring
468(3)
Summary
471(1)
References
471(2)
Chapter 14 A Case Study for Cloud Service Providers
473(26)
Case Study Scenario: "Healthcare Exchange"
473(1)
Applying the Risk Management Framework within FedRAMP
474(23)
Categorize Information System
475(13)
Select Security Controls
488(5)
Implement and Document Security Controls
493(4)
Assessing Security Controls
497(1)
Summary
497(1)
References
498(1)
Index 499
Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing.

Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSAs enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSAs Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelors degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University College. He also holds the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Auditor (CISA), Certified Authorization Professional (CAP), Project Management Professional (PMP) and Certificate in Cloud Security Knowledge (CCSK) Certifications.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97801280968716e.html
Keywords: