Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO"

Transcription

1 Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an Imprint of Elsevier SYNGRESS

2 About the Author About the Technical Editor Foreword by William Corrington Foreword by Jim Reavis xxi xv xvii xix CHAPTER 1 INTRODUCTION TO THE FEDERAL CLOUD COMPUTING STRATEGY 1 Introduction 1 A Historical View of Federal IT 5 The Early Years and the Mainframe Era 5 Shifting to Minicomputer 7 Decentralization: The Microcomputer ("Personal Computer") 8 Transitioning to Mobility 10 Evolution of Federal IT Policy 11 Cloud Computing: Drivers in Federal IT Transformation 19 Drivers for Adoption 20 Cloud Benefits 23 Decision Framework for Cloud Migration 25 Selecting Services to Move to the Cloud 26 Provisioning Cloud Services Effectively 27 Managing Services Rather Than Assets 28 Summary 28 CHAPTER 2 Cloud Computing Standards 31 Introduction 31 Standards Development Primer 34 Cloud Computing Standardization Drivers 36 Federal Laws and Policy 36 Adoption Barriers 37 Identifying Standards for Federal Cloud Computing Adoption 39 Standards Development Organizations (SDOs) and Other Community-Driven Organizations 40 Standards Inventory 40 Summary 50 ix

3 x Contents CHAPTER 3 A Case for Open Source 53 Introduction 53 Open Source and the Federal Government 55 OSS Adoption Challenges: Acquisition and Security 60 Acquisition Challenges 61 Security Challenges 62 OSS and Federal Cloud Computing 65 Summary 68 CHAPTER 4 Security and Privacy in Public Cloud Computing Introduction 71 Security and Privacy in the Context of the Public Cloud 73 Federal Privacy Laws and Policies 75 Privacy Act of E-Government Act of 2002, Federal Information Security Management Act (FISMA) 79 OMB Memorandum Policies 81 Safeguarding Privacy Information 82 Privacy Controls 84 Data Breaches, Impacts, and Consequences 97 Security and Privacy Issues 99 Summary 101 CHAPTER 5 Applying the NIST Risk Management Framework Introduction to FISMA 103 Purpose 103 Role and Responsibilities 104 Risk Management Framework Overview 109 The Role of Risk Management 110 The NIST RMF and the System Development Life Cycle NIST RMF Process 112 Information System Categorization 115 Security Control Selection 129 Security Controls Implementation 141 Security Controls Assessment 143 Information System Authorization 148 Security Controls Monitoring 157 Summary 165

4 xi CHAPTER 6 Risk Management 169 Introduction to Risk Management 169 Federal Information Security Risk Management Practices 172 Overview of Enterprise-Wide Risk Management 175 Components of the NIST Risk Management Process 175 Multi-Tiered Risk Management 179 NIST Risk Management Process 182 Framing Risk 183 Risk Assessment 185 Responding to Risk 186 Monitoring Risk 188 Comparing the NIST and ISO/IEC Risk Management Processes 189 Summary 193 CHAPTER 7 Comparison of Federal and International Security Certification Standards 195 Introduction 195 Overview of Certification and Accreditation 196 Evolution of the Federal C&A Processes 199 Towards a Unified Approach to C&A 204 NIST and ISO/IEC Information Security Standards 205 Boundary and Scope Definition 206 Security Policy 209 Risk Management Strategy (Context) 210 Risk Management Process 210 Security Objectives and Controls 211 Summary 215 CHAPTER 8 FedRAMP Primer 217 Introduction to FedRAMP 217 FedRAMP Policy Memo 219 Primary Stakeholders 221 FedRAMP Concept of Operations 225 Operational Processes 226 Third Party Assessment Organization Program 237 Summary 238

5 CHAPTER 9 The FedRAMP Cloud Computing Security Requirements 241 Security Control Selection Process 241 Selecting the Security Control Baseline 242 Tailoring and Supplementing Security Control Baseline 242 FedRAMP Cloud Computing Overlay 243 FedRAMP Cloud Computing Security Requirements 243 Policy and Procedures 245 Harmonizing FedRAMP Requirements 247 Assurance of External Service Providers Compliance 249 Approaches to Implementing FedRAMP Security Controls 250 FedRAMP Security Control Requirements 253 Summary 326 CHAPTER 10 Security Assessment and Authorization: Governance, Preparation, and Execution 329 Introduction to the Security Assessment Process 329 Governance in the Security Assessment 331 Preparing for the Security Assessment 334 Security Assessment Customer Responsibilities 336 Security Assessment Provider Responsibilities 339 Executing the Security Assessment Plan 346 Summary 348 CHAPTER 11 Strategies for Continuous Monitoring 349 Introduction to Continuous Monitoring 349 Organizational Governance 351 CM Strategy 354 CM Program 356 The Continuous Monitoring Process 356 Defining a CM Strategy 357 Implementing a CM Program 358 Review and Update CM Strategy and Program 363 Continuous Monitoring within FedRAMP 364 Summary 373 CHAPTER 12 Cost-Effective Compliance Using Security Automation 375 Introduction 375 CM Reference Architectures 377

6 xiii Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture 378 CAESARS Framework Extension Reference Architecture Security Automation Standards and Specifications 388 Security Content Automation Protocol 389 Cybersecurity Information Exchange Framework 389 Operational Visibility and Continuous Monitoring 390 Summary 393 CHAPTER 13 A Case Study for Cloud Service Providers 395 Case Study Scenario: "Healthcare Exchange" 395 Applying the Risk Management Framework within FedRAMP 396 Categorize Information System 396 Select Security Controls 412 Implement and Document Security Controls 415 Assessing Security Controls 415 Summary 419 INDEX 421

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Customer Relationship Management

Customer Relationship Management Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN i I I I THE PRACTITIONER'S GUIDE TO DATA QUALITY IMPROVEMENT DAVID LOSHIN ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann

More information

Risk Analysis and the Security Survey

Risk Analysis and the Security Survey Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Federal Cloud Computing

Federal Cloud Computing Federal Cloud Computing This page is intentionally left blank Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD

More information

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph David Loshin ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY

More information

Managing Data in Motion

Managing Data in Motion Managing Data in Motion Data Integration Best Practice Techniques and Technologies April Reeve ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Measuring Data Quality for Ongoing Improvement

Measuring Data Quality for Ongoing Improvement Measuring Data Quality for Ongoing Improvement A Data Quality Assessment Framework Laura Sebastian-Coleman ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Metrics and Methods for Security Risk Management

Metrics and Methods for Security Risk Management Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of

More information

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler Agile Development & Business Goals The Six Week Solution Bill Holtsnider Tom Wheeler George Stragand Joseph Gee AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Virtualization and Forensics

Virtualization and Forensics Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK

More information

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

Contents. Foreword. Acknowledgments Introduction

Contents. Foreword. Acknowledgments Introduction The Manager's Handbook for Corporate Security Establishing and Managing a Successful Assets Protection Program Dr. Gerald L Kovacich Edward P. Halibozek ilu TTERWORTH I N E M A N N An imprint of Elsevier

More information

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management Configuration Management for Senior Managers Essential Product Configuration and Lifecycle Management for Manufacturing Frank B. Watts ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier

More information

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON Fixed/Mobile Convergence and Beyond Unbounded Mobile Communications Richard Watson AMSTERDAM BOSTON. HEIDELBERG LONDON NEW YORK. OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY. TOKYO ELSEVIER

More information

Master Data Management

Master Data Management Master Data Management David Loshin AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Ик^И V^ SAN FRANCISCO SINGAPORE SYDNEY TOKYO W*m k^ MORGAN KAUFMANN PUBLISHERS IS AN IMPRINT OF ELSEVIER

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Program Management April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information

More information

Private Cloud Computing

Private Cloud Computing Private Cloud Computing Consolidation, Virilization, and Service-Oriented Infrastructure Stephen R. Smoot Nam K. Tan ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO M< SAN FRANCISCO

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier Trading and Money Management in a Student-Managed Portfolio Brian Bruce Jason Greene ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic

More information

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection

Measuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection Measuring and Communicating Security's Value A Compendium of Metrics for Enterprise Protection George Campbell AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Human Performance Improvement

Human Performance Improvement Human Performance Improvement Building Practitioner Competence Second Edition William J. Rothwell Carolyn K. Hohne Stephen B. King ELoEVIElx AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown. Enterprise Software Delivery Bringing Agility and Efficiency Global Software Supply Chain to the Alan W. Brown AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto

More information

Supply Chain Strategies

Supply Chain Strategies Supply Chain Strategies Customer-driven and customer-focused Tony Hines ELSEVIER BUTTERWORTH HEINEMANN AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Private Equity and Venture Capital in Europe

Private Equity and Venture Capital in Europe Private Equity and Venture Capital in Europe Markets, Techniques, and Deals Stefano Caselli AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO ELSEVIER

More information

Working Memory and Education

Working Memory and Education Working Memory and Education EDITED BY Susan J. Pickering ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of

More information

Data Warehousing in the Age of Big Data

Data Warehousing in the Age of Big Data Data Warehousing in the Age of Big Data Krish Krishnan AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD * PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier

More information

Practical Text Mining and Statistical Analysis for Non-structured Text Data Applications

Practical Text Mining and Statistical Analysis for Non-structured Text Data Applications Practical Text Mining and Statistical Analysis for Non-structured Text Data Applications Gary Miner Dursun Delen John Elder Charlottesville, VA, USA Andrew Fast Charlottesville, VA, USA Thomas Hill Robert

More information

for the Entire Organization

for the Entire Organization Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY.

More information

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan Security Metrics A Beginner's Guide Caroline Wong Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents FOREWORD

More information

Security Controls Assessment for Federal Information Systems

Security Controls Assessment for Federal Information Systems Security Controls Assessment for Federal Information Systems Census Software Process Improvement Program September 11, 2008 Kevin Stine Computer Security Division National Institute of Standards and Technology

More information

Engineering DOCUMENTATION CONTROL HANDBOOK

Engineering DOCUMENTATION CONTROL HANDBOOK Engineering DOCUMENTATION CONTROL HANDBOOK CONFIGURATION MANAGEMENT AND PRODUCT LIFECYCLE MANAGEMENT FOURTH EDITION FRANK B. WATTS Amsterdam Boston Heidelberg London New York Oxford Paris San Diego San

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

Data Model ing Essentials

Data Model ing Essentials Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

FSIS DIRECTIVE 1306.3

FSIS DIRECTIVE 1306.3 UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC FSIS DIRECTIVE 1306.3 REVISION 1 12/13/12 CONFIGURATION MANAGEMENT (CM) OF SECURITY CONTROLS FOR INFORMATION SYSTEMS

More information

Valvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE

Valvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE Valvation Theories and Concepts Rajesh Kumar Professor of Finance, Institute of Management Technology, Dubai, UAE ELSEVIER AMSTERDAM BOSTON CAMBRIDGE HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments

More information

Practical Web Analytics for User Experience

Practical Web Analytics for User Experience Practical Web Analytics for User Experience How Analytics Can Help You Understand Your Users Michael Beasley UX Designer, ITHAKA Ypsilanti, Michigan, USA üf IBs fmij ELSEVIER Amsterdam Boston Heidelberg

More information

Obj ect-oriented Construction Handbook

Obj ect-oriented Construction Handbook Obj ect-oriented Construction Handbook Developing Application-Oriented Software with the Tools & Materials Approach Heinz Züllighoven IT'Workplace Solutions, Inc., and LJniversity of Hamburg, Germany as

More information

Customer Relationship. Management. Ed Peelen and Rob Beltman

Customer Relationship. Management. Ed Peelen and Rob Beltman Customer Relationship Management Ed Peelen and Rob Beltman PEARSON Harlow, England London New York Boston San Francisco Toronto Sydney Auckland Singapore Hong Kong Tokyo Seoul Taipei New Delhi Cape Town

More information

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Eye Tracking in User Experience Design

Eye Tracking in User Experience Design Eye Tracking in User Experience Design Jennifer Romano Bergstrom, Ph.D Andrew Jonathan Schall i'p-&>,' JDIIL ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW Y0RK * OXFORD * PARIS * SAN DIEGO SAN FRANCISCO

More information

Molecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION

Molecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION Molecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION Susan Carson Heather B. Miller D.Scott Witherow ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

Digital Forensics with Open Source Tools

Digital Forensics with Open Source Tools Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process Job Hazard Analysis A Guide for Voluntary Compliance and Beyond From Hazard to Risk: Transforming the JHA from a Tool to a Process James E. Roughton Nathan Crutchfield E L S E V I E R AMSTERDAM. BOSTON.

More information

O 0. Visiting Reader, Plymouth Business School, University of Plymouth

O 0. Visiting Reader, Plymouth Business School, University of Plymouth »: : 0JO.J8>J O)_(O) _( )_( )_«* Wo* oiox 5) (COO O 0 o Jim Blythe Visiting Reader, Plymouth Business School, University of Plymouth Phil Megicks University of Plymouth Financial Times Prentice Hall is

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO DW2.0 The Architecture for the Next Generation of Data Warehousing W. H. Inmon Forest Rim Technology Derek Strauss Gavroshe Genia Neushloss Gavroshe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Relationship marketing

Relationship marketing Relationship marketing WBIbliothek Exploring relational strategies in marketing FOURTH EDITION JOHN EGAN London South Bank University Financial Times Prentice Hall is an imprint of Harlow, England London

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Risk Assessment January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information

More information

Platform Ecosystems. Aligning Architecture, Governance, and Strategy. Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO

Platform Ecosystems. Aligning Architecture, Governance, and Strategy. Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Platform Ecosystems Aligning Architecture, Governance, and Strategy Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann

More information

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE

More information

Winning the Hardware-Software Game

Winning the Hardware-Software Game Winning the Hardware-Software Game Using Game Theory to Optimize the Pace of New Technology Adoption Ruth D. Fisher PRENTICE Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal

More information

Continuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012

Continuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012 Monitoring in a Risk Management Framework US Census Bureau Oct 2012 Agenda Drivers for Monitoring What is Monitoring Monitoring in a Risk Management Framework (RMF) RMF Cost Efficiencies RMF Lessons Learned

More information

NIST Special Publication (SP) 800-64, Revision 2, Security Considerations in the System Development Life Cycle

NIST Special Publication (SP) 800-64, Revision 2, Security Considerations in the System Development Life Cycle THE SYSTEM DEVELOPMENT LIFE CYCLE (SDLC) Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology The most effective way to protect

More information

Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled

Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled Government Conference & Expo September 22, 2011 Disclaimer This

More information

Financial Statement Analysis

Financial Statement Analysis Financial Statement Analysis Valuation Credit analysis Executive compensation Christian V. Petersen and Thomas Plenborg Financial Times Prentice Hall is an imprint of Harlow, England London New York Boston

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Awareness and Training April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier Emerging Market Bank Lending and Credit Risk Control Evolving Strategies to Mitigate Credit Risk, Optimize Lending Portfolios, and Check Delinquent Loans Leo Onyiriuba ELSEVIER AMSTERDAM BOSTON HEIDELBERG

More information

Eleventh Hour Security+

Eleventh Hour Security+ Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.

More information

Governance Simplified

Governance Simplified Information Security Governance Simplified From the Boardroom to the Keyboard TODD FITZGERALD, cissp; cisa, cism Foreword by Tom Peltier CRC Press Taylor & Francis Croup Boca Raton London NewYork CRC Press

More information

Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions

Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions Benjamin Bergersen Certified in the Governance of Enterprise IT - CGEIT Certified Information Systems Security

More information

Minimum Security Requirements for Federal Information and Information Systems

Minimum Security Requirements for Federal Information and Information Systems FIPS PUB 200 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Minimum Security Requirements for Federal Information and Information Systems Computer Security Division Information Technology Laboratory

More information

Building Trust in Global Cloud Computing Systems

Building Trust in Global Cloud Computing Systems Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and

More information

SharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.

SharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli. Ec,V$%fMM SharePoint 2010 i ip?"^biifiis:'iissiipi Overview, Governance, (^Rll^^fc^ and Planning Ipft^'" Scott Jamison Susan Hanley Mauro Cardarelli Upper Saddle River, NJ Boston Indianapolis San Francisco

More information

Research Methods. A concise introduction to research in management and business consultancy. Second Edition

Research Methods. A concise introduction to research in management and business consultancy. Second Edition Research Methods A concise introduction to research in management and business consultancy Second Edition By David Crowther BA, MBA, MEd, PhD, DSocSc, DSc, PGCE, FCMA, CPFA, MCIM & Geoff Lancaster MSc,

More information

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco Software Development Using Scrum MIKE COHN VAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Madrid Cape Town Sydney Tokyo Singapore

More information

INTERNATIONAL MONEY AND FINANCE

INTERNATIONAL MONEY AND FINANCE INTERNATIONAL MONEY AND FINANCE EIGHTH EDITION MICHAEL MELVIN AND STEFAN C. NORRBIN ELSEVIER Amsterdam Boston Heidelberg London New york Oxford Paris San Diego San Francisco Singapore Sydney Tokyo Academic

More information

FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO

FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:

More information

Rapid System Prototyping with FPGAs

Rapid System Prototyping with FPGAs Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of

More information

From Chaos to Clarity: Embedding Security into the SDLC

From Chaos to Clarity: Embedding Security into the SDLC From Chaos to Clarity: Embedding Security into the SDLC Felicia Nicastro Security Testing Services Practice SQS USA Session Description This session will focus on the security testing requirements which

More information

Continuous Monitoring. Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity.

Continuous Monitoring. Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity. Continuous Monitoring Integrated services, best practices, and automation tools from Telos Corporation the leader in federal cybersecurity. Continuous Monitoring Continuous monitoring of information systems

More information

IT Manager's Handbook

IT Manager's Handbook IT Manager's Handbook Getting your new job done Third Edition Bill Holtsnider Brian D. Jaffe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan

More information

Public Relations in Schools

Public Relations in Schools Public Relations in Schools Fifth Edition Theodore J. Kowalski University of Dayton Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan

More information

Overview. FedRAMP CONOPS

Overview. FedRAMP CONOPS Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,

More information

superseries FIFTH EDITION

superseries FIFTH EDITION Prelims-I046413.qxd 3/19/07 1:04 PM Page i Institute of Leadership & Management superseries Motivating to Perform in the Workplace FIFTH EDITION Published for the Institute of Leadership & Management AMSTERDAM

More information

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.

Architectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with. Web Services, Service-Oriented Architectures, and Cloud Computing The Savvy Manager's Guide Second Edition Douglas K. Barry with David Dick ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Information Security for Managers

Information Security for Managers Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize

More information

Logistics Management and Strategy

Logistics Management and Strategy Logistics Management and Strategy Competing through the supply chain Fourth Edition Alan Harrison Remko van Hoek Financial Times Prentice Hall is an imprint of Harlow, England London New York Boston San

More information

Contents. xv xvii xxi. Case Studies Preface Acknowledgments

Contents. xv xvii xxi. Case Studies Preface Acknowledgments Contents Case Studies Preface Acknowledgments xv xvii xxi CHAPTER 1 CAATTs History 1 The New Audit Environment 2 The Age of Information Technology 3 Decentralization of Technology 3 Absence of the Paper

More information

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title RFID Field Guide Deploying Radio Frequency Identification Systems Manish Bhuptani Shahram Moradpour Sun Microsystems Press A Prentice Hall Title PRENTICE HALL PTR Prentice Hall Professional Technical Reference

More information

Electricity for the Entertainment Electrician Ef Technician

Electricity for the Entertainment Electrician Ef Technician Electricity for the Entertainment Electrician Ef Technician Richard Cadena ЩШ ' AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK JPPwlffl OXFORD PARIS SAN DIEGO SAN FRANCISCO л»еж SINGAPORE SYDNEY TOKYO ELSEVIER

More information

Service Operations Management

Service Operations Management Third Edition Robert Johnston and Graham Clark Service Operations Management Improving Service Delivery Prentice Hall FINANCIAL TIMES An imprint of Pearson Education Harlow, England London New York Boston

More information

2012 FISMA Executive Summary Report

2012 FISMA Executive Summary Report 2012 FISMA Executive Summary Report March 29, 2013 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 OI'!'ICEOI' lnstfl! C1'0R GENERAt MEMORANDUM March 29,2013 To: Jeff Heslop, Chief

More information

White Paper. Understanding NIST 800 37 FISMA Requirements

White Paper. Understanding NIST 800 37 FISMA Requirements White Paper Understanding NIST 800 37 FISMA Requirements Contents Overview... 3 I. The Role of NIST in FISMA Compliance... 3 II. NIST Risk Management Framework for FISMA... 4 III. Application Security

More information

Policy on Information Assurance Risk Management for National Security Systems

Policy on Information Assurance Risk Management for National Security Systems CNSSP No. 22 January 2012 Policy on Information Assurance Risk Management for National Security Systems THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION

More information

Get Confidence in Mission Security with IV&V Information Assurance

Get Confidence in Mission Security with IV&V Information Assurance Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving

More information

Information Assurance in the Cloud

Information Assurance in the Cloud Information Assurance in the Cloud The Status of FedRAMP, April 2013 AGA - Montgomery/Prince George s Chapter cliftonlarsonallen.com Session Outline 1. Cloud Services in Federal Government The Opportunity

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

The Data Access Handbook

The Data Access Handbook The Data Access Handbook Achieving Optimal Database Application Performance and Scalability John Goodson and Robert A. Steward PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New

More information

5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT

5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT 5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT 5 FAM 621 GENERAL (Office of Origin: IRM/BMP/SPO/PMD) a. The strategic importance of Information Technology (IT) to the mission of the State Department

More information

MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY

MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology

More information

Security Authorization Process Guide

Security Authorization Process Guide Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...

More information

2014 Audit of the Board s Information Security Program

2014 Audit of the Board s Information Security Program O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information