Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER
|
|
- Aubrie Doyle
- 8 years ago
- Views:
Transcription
1 Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of Elsevier SVNGRESS
2 Contents Acknowledgments About the Author About the Technical Editor Introduction xiii xv xvii xix CHAPTER 1 Introduction to Cloud Computing and Security 1 Understanding Cloud Computing 1 Cloud Scale, Patterns, and Operational Efficiency 2 A Synergistic Trick 3 Elasticity, Shape Shifling, and Security 3 The IT Foundation for Cloud 4 Cloud Computing as Foundation for Cloud Services 5 Cloud Computing Qualities 7 The Bottom Line 8 An Historical View: Roots of Cloud Computing 10 Decentralization and Proliferation 10 Networking, the Internet, and the Web 11 Virtualization 12 A Brief Primer on Security: From 50,000 ft 13 Terminology and Principles 14 Risk Management 17 Security Must Become a Business Enabler 17 A Brief Primer on Architecture 18 Systems Engineering 19 IT Architecture 20 Security Architecture: A Brief Discussion 20 Defense in Depth 23 Cloud Is Driving Broad Changes 23 Cloud Works Today 24 Valid Concerns 25 Summary 26 Endnotes 26 CHAPTER 2 Cloud Computing Architecture 29 Cloud Reference Architecture 29 Revisiting Essential Characteristics 30 Cloud Service Models 33 Cloud Deployment Models 35
3 viii Contents Control over Security in the Cloud Model 37 Cloud Application Programming Interfaces 39 Making Sense of Cloud Deployment 39 Public Clouds 40 Private Clouds 40 Community Clouds 41 Hybrid Clouds 41 Making Sense of Services Models 43 Cloud Software-as-a-Service 43 Cloud Platform-as-a-Service 43 Cloud Infrastructure-as-a-Service 43 How Clouds Are Formed and Key Examples 44 Using Virtualization to Form Clouds 45 Using Applications or Services to Form Clouds 48 Real-world Cloud Usage Scenarios 49 Virtualization Formed Clouds 49 Application/Service Formed Clouds 51 Hybrid Cloud Models 52 Summary 52 Endnotes 52 CHAPTER 3 Security Concerns, Risk Issues, and Legal Aspects 55 Cloud Computing: Security Concerns 56 A Closer Examination: Virtualization 57 A Closer Examination: Provisioning 62 A Closer Examination: Cloud Storage 64 A Closer Examination: Cloud Operation, Security, and Networking 66 Assessing Your Risk Tolerance in Cloud Computing 67 Assessing the Risk 68 Information Assets and Risk 69 Privacy and Confidentiality Concerns 70 Data Ownership and Locale Concerns 71 Auditing and Forensics 72 Emerging Threats 73 So, Is It Safe? 73 Legal and Regulatory Issues 74 Third Parties 75 Data Privacy 79 Litigation 84 Summary 85 Endnotes 87
4 Contents ix CHAPTER 4 Securing the Cloud: Architecture 89 Security Requirements for the Architecture 91 Physical Security 91 Cloud Security Standards and Policies 93 Cloud Security Requirements 94 Security Patterns and Architectural Elements 102 Defense In-depth 102 Honeypots 104 Sandboxes 104 Network Patterns 104 The Importance of a CMDB 107 Cabling Patterns 109 Resilience and Grace 110 Planning for Change Ill Cloud Security Architecture Ill Cloud Maturity and How It Relates to Security 112 Jericho Forum 113 Representative Commercial Cloud Architectures 114 Representative Cloud Security Architectures 115 Planning Key Strategies for Secure Operation 121 Classifying Data and Systems 121 Define Valid Roles for Cloud Personnel and Customers 122 Summary 123 Endnotes 123 CHAPTER 5 Securing the Cloud: Data Security 125 Overview of Data Security in Cloud Computing 125 Control over Data and Public Cloud Economics 126 Organizational Responsibility: Ownership and Custodianship 127 Data at Rest 128 Data in Motion 130 Common Risks with Cloud Data Security 130 Data Encryption: Applications and Limits 132 Overview of Cryptographic Techniques 133 Common Mistakes or Errors with Data Encryption 135 Cloud Data Security: Sensitive Data Categorization 137 Authentication and Identity 137 Access Control Techniques 138 Data Categorization and the Use of Data Labels 140 Application of Encryption for Data at Rest 141
5 X Contents Application of Encryption for Data in Motion 142 Impediments to Encryption in the Cloud 143 Deletion of Data 143 Data Masking 144 Cloud Data Storage 145 Cloud Lock-in (the Roach Motel Syndrome) 146 Metadata 148 Avoiding Cloud Lock-in (the Roach Motel Syndrome) 149 Summary 150 Endnotes 151 CHAPTER 6 Securing the Cloud: Key Strategies and Best Practices 153 Overall Strategy: Effectively Managing Risk 154 Risk Management: Stages and Activities 154 Overview of Security Controls 156 Cloud Security Controls Must Meet Your Needs 156 NIST Definitions for Security Controls 157 Unclassified Models 158 Classified Model 160 The Cloud Security Alliance Approach 161 The Limits of Security Controls 162 Security Exposure Will Vary over Time 164 Exploits Don't Play Fair 164 Best Practices 165 Best Practices for Cloud Computing: First Principals 165 Best Practices across the Cloud Community 170 Other Best Practices for Cloud Computing: Cloud Service Consumers 172 Other Best Practices for Cloud Computing: Cloud Service Providers 173 Security Monitoring 174 The Purpose of Security Monitoring 176 Transforming an Event Stream 177 The Need for C.I.A. in Security Monitoring 183 The Opportunity for MaaS 184 Summary 184 Endnotes 185 CHAPTER 7 Security Criteria: Building an Internal Cloud 187 Private Clouds: Motivation and Overview 187 Security Implications: Shared versus Dedicated Resources 189
6 Contents xi Considerations for Achieving Cost Savings 190 Private Clouds: The Castle Keep? 193 Analysis to Support Architecture Decisions 194 Security Criteria for Ensuring a Private Cloud 195 Network Considerations 196 Data Center Considerations 202 Operational Security Considerations 206 Regulation 208 Summary 209 Endnotes 210 CHAPTER 8 Security Criteria: Selecting an External Cloud Provider 211 Selecting a CSP: Overview of Assurance 211 Vendor Claims and Independent Verification 212 Selecting a CSP: Vendor Transparency 215 Selecting a CSP: Overview of Risks 217 Risk Will Vary by Customer and by CSP 217 Assessing Risk Factors 218 Selecting a CSP: Security Criteria 224 Security Criteria: Revisiting Defense-in-depth 225 Security Criteria: Other Considerations 227 Additional Security-relevant Criteria 229 Summary 232 Endnotes 232 CHAPTER 9 Evaluating Cloud Security: An Information Security Framework 233 Evaluating Cloud Security 234 Existing Work on Cloud Security Guidance or Frameworks 235 Checklists for Evaluating Cloud Security 237 Foundational Security 238 Business Considerations 240 Defense-in-depth 242 Operational Security 246 Metrics for the Checklists 249 Summary 249 Endnotes 250 CHAPTER 10 Operating a Cloud 253 From Architecture to Efficient and Secure Operations 255 The Scope of Planning 255 Physical Access, Security, and Ongoing Costs 256
7 xii Contents Logical and Virtual Access 257 Personnel Security 257 From the Physical Environment to the Logical 259 Bootstrapping Secure Operations 260 The Refinement of Procedures and Processes over Time 260 Efficiency and Cost 260 Security Operations Activities 262 Server Builds 263 Business Continuity, Backup, and Recovery 265 Managing Changes in Operational Environments 266 Information Security Management 269 Vulnerability and Penetration Testing 270 Security Monitoring and Response 271 Best Practices 274 Resilience in Operations 275 Summary 275 Endnotes 277 Index 279
Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO
Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
More informationIMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN
i I I I THE PRACTITIONER'S GUIDE TO DATA QUALITY IMPROVEMENT DAVID LOSHIN ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann
More informationCyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso
Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann
More informationVirtualization and Forensics
Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK
More informationRisk Analysis and the Security Survey
Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann
More informationManaging Data in Motion
Managing Data in Motion Data Integration Best Practice Techniques and Technologies April Reeve ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY
More informationOpen Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier
Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY
More informationNetwork Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor
Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN
More informationMaster Data Management
Master Data Management David Loshin AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Ик^И V^ SAN FRANCISCO SINGAPORE SYDNEY TOKYO W*m k^ MORGAN KAUFMANN PUBLISHERS IS AN IMPRINT OF ELSEVIER
More informationMeasuring Data Quality for Ongoing Improvement
Measuring Data Quality for Ongoing Improvement A Data Quality Assessment Framework Laura Sebastian-Coleman ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationMetrics and Methods for Security Risk Management
Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of
More informationSecuring SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER
Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationHacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS
Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationCustomer Relationship Management
Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY
More informationData Warehousing in the Age of Big Data
Data Warehousing in the Age of Big Data Krish Krishnan AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD * PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier
More informationRESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press
SECURE and RESILIENT SOFTWARE Requirements, Test Cases, and Testing Methods Mark S. Merkow and Lakshmikanth Raghavan CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint
More informationEleventh Hour Security+
Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.
More informationNetwork Security: A Practical Approach. Jan L. Harrington
Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of
More informationSecuring the Cloud Cloud Computer Security Techniques and Tactics
Securing the Cloud Cloud Computer Security Techniques and Tactics This page intentionally left blank Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor
More informationIT Manager's Handbook
IT Manager's Handbook Getting your new job done Third Edition Bill Holtsnider Brian D. Jaffe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan
More informationMeasuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection
Measuring and Communicating Security's Value A Compendium of Metrics for Enterprise Protection George Campbell AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationHow To Write A Diagram
Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier
Trading and Money Management in a Student-Managed Portfolio Brian Bruce Jason Greene ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic
More informationRapid System Prototyping with FPGAs
Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of
More informationConfiguration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management
Configuration Management for Senior Managers Essential Product Configuration and Lifecycle Management for Manufacturing Frank B. Watts ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS
More informationBig Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph
Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph David Loshin ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN
More informationHuman Performance Improvement
Human Performance Improvement Building Practitioner Competence Second Edition William J. Rothwell Carolyn K. Hohne Stephen B. King ELoEVIElx AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN
More informationCloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON
Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier
More informationfor the Entire Organization
Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY.
More informationDigital Forensics with Open Source Tools
Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
More informationAgile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler
Agile Development & Business Goals The Six Week Solution Bill Holtsnider Tom Wheeler George Stragand Joseph Gee AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationWinning the Hardware-Software Game
Winning the Hardware-Software Game Using Game Theory to Optimize the Pace of New Technology Adoption Ruth D. Fisher PRENTICE Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationSecurity Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan
Security Metrics A Beginner's Guide Caroline Wong Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents FOREWORD
More informationSupply Chain Strategies
Supply Chain Strategies Customer-driven and customer-focused Tony Hines ELSEVIER BUTTERWORTH HEINEMANN AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY
More informationBeginning SQL Server. 2012 Administration. Apress. Rob Walters Grant Fritchey
Beginning SQL Server 2012 Administration Rob Walters Grant Fritchey Apress Contents at a Glance About the Authors About the Technical Reviewer Acknowledgments Introduction xv xvi xvii xviii Chapter 1:
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationA Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing
International Journal of Emerging Engineering Research and Technology Volume 3, Issue 5, May 2015, PP 1-7 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) A Survey on Security Issues and Security Schemes
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationContents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5
Contents Preface Foreword xvii xxi 1 Introduction 1 Preamble 1 Scope and Structure of the Book 3 Acknowledgments 4 Endnotes 5 2 Engineering Systems 7 Introduction 8 Some Initial Observations 8 Deficient
More information^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA
^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book
More informationEngineering DOCUMENTATION CONTROL HANDBOOK
Engineering DOCUMENTATION CONTROL HANDBOOK CONFIGURATION MANAGEMENT AND PRODUCT LIFECYCLE MANAGEMENT FOURTH EDITION FRANK B. WATTS Amsterdam Boston Heidelberg London New York Oxford Paris San Diego San
More informationAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
DW2.0 The Architecture for the Next Generation of Data Warehousing W. H. Inmon Forest Rim Technology Derek Strauss Gavroshe Genia Neushloss Gavroshe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS
More informationClinical Trials in the Cloud: A New Paradigm?
Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand
More informationAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier
Emerging Market Bank Lending and Credit Risk Control Evolving Strategies to Mitigate Credit Risk, Optimize Lending Portfolios, and Check Delinquent Loans Leo Onyiriuba ELSEVIER AMSTERDAM BOSTON HEIDELBERG
More informationDelivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.
Enterprise Software Delivery Bringing Agility and Efficiency Global Software Supply Chain to the Alan W. Brown AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto
More informationEnsuring Cloud Security Using Cloud Control Matrix
International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring
More informationArchitectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.
Web Services, Service-Oriented Architectures, and Cloud Computing The Savvy Manager's Guide Second Edition Douglas K. Barry with David Dick ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS
More informationSecurity Issues in Cloud Computing
Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,
More informationCloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
More informationJob Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process
Job Hazard Analysis A Guide for Voluntary Compliance and Beyond From Hazard to Risk: Transforming the JHA from a Tool to a Process James E. Roughton Nathan Crutchfield E L S E V I E R AMSTERDAM. BOSTON.
More informationPractical Intrusion Analysis
Practical Intrusion Analysis PREVENTION AND DETECTION FOR THE TWENTY-FIRST CENTURY Ryan Trost TT Ar Addison-Wesley Upper Saddle River, NJ Boston Indianapolis * San Francisco New York Toronto Montreal London
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationCIMA'S Official Learning System
cima CIMA'S Official Learning System Strategic Level Paul M. Collier Sam Agyei-Ampomah ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Contents
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationImplementing Database Security and Auditing
Implementing Database Security and Auditing A guide for DBAs, information security administrators and auditors Ron Ben Natan ELSEVIER DIGITAL PRESS Amsterdam Boston Heidelberg London New York Oxford P
More informationWeb Application Security
Web Application Security A Beginner's Guide Bryan Sullivan Vincent Liu Mc r New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationBuilding VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&
Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationObj ect-oriented Construction Handbook
Obj ect-oriented Construction Handbook Developing Application-Oriented Software with the Tools & Materials Approach Heinz Züllighoven IT'Workplace Solutions, Inc., and LJniversity of Hamburg, Germany as
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationPrivate Cloud Computing
Private Cloud Computing Consolidation, Virilization, and Service-Oriented Infrastructure Stephen R. Smoot Nam K. Tan ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO M< SAN FRANCISCO
More informationThe Data Access Handbook
The Data Access Handbook Achieving Optimal Database Application Performance and Scalability John Goodson and Robert A. Steward PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New
More informationContents. Foreword. Acknowledgments
Foreword Preface Acknowledgments xv xvii xviii CHAPTER 1 Introduction 1 1.1 What Is Mission Critical? 1 1.2 Purpose of the Book 2 1.3 Network Continuity Versus Disaster Recovery 2 1.4 The Case for Mission-Critical
More informationAuditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A
Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring
More informationCloud Security Specialist Certification Self-Study Kit Bundle
Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams
More informationA HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY
Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY Subhash Sankuratripati NetApp SNIA Legal Notice The material contained in
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationSecurity in the Cloud
Security in the Cloud Visibility & Control of your Cloud Service Provider Murray Goldschmidt, Pierre Tagle, Ph.D. April 2012 Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney
More informationSecure Cloud Computing through IT Auditing
Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationDispelling the Myths about Cloud Computing Security
Dispelling the Myths about Cloud Computing Security security is no longer an hinderance to the cloud! Leo F. Howell, CISSP CISA CCSK Knowledge MYTH we are all talking about the same cloud Discussion cloud
More informationContents. BBS Software as a Service (SaaS),7. EH introducing aoudco.pu.ing 1. Distinguishing Cloud Types 4. Exploring
Contents Preface xvii EH introducing aoudco.pu.ing 1 Web 2.0 and the Cloud 3 Distinguishing Cloud Types 4 Cloud Deployment Models 5 Cloud Service Models 6 Exploring Uses of the Cloud 9 Introducing Scalability
More informationData Center Storage. Hubbert Smith. Implementation, and Management »C) Cost-Effective Strategies, CRC Press J Taylor & Francis Group
Data Center Storage Cost-Effective Strategies, Implementation, and Management Hubbert Smith»C) CRC Press J Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis
More informationBuilding. Applications. in the Cloud. Concepts, Patterns, and Projects. AAddison-Wesley. Christopher M. Mo^ar. Cape Town Sydney.
Building Applications in the Cloud Concepts, Patterns, and Projects Christopher M. Mo^ar Upper Saddle River, NJ Boston AAddison-Wesley New York 'Toronto Montreal London Munich Indianapolis San Francisco
More informationGovernance Simplified
Information Security Governance Simplified From the Boardroom to the Keyboard TODD FITZGERALD, cissp; cisa, cism Foreword by Tom Peltier CRC Press Taylor & Francis Croup Boca Raton London NewYork CRC Press
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationFixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON
Fixed/Mobile Convergence and Beyond Unbounded Mobile Communications Richard Watson AMSTERDAM BOSTON. HEIDELBERG LONDON NEW YORK. OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY. TOKYO ELSEVIER
More informationWhite paper Reaping Business Value from a Hybrid Cloud Strategy
White paper Fujitsu Hybrid Cloud Services White paper Reaping Business Value from a Hybrid Cloud Strategy How to embrace a hybrid cloud model to maximize the benefits of public and private cloud services
More informationEye Tracking in User Experience Design
Eye Tracking in User Experience Design Jennifer Romano Bergstrom, Ph.D Andrew Jonathan Schall i'p-&>,' JDIIL ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW Y0RK * OXFORD * PARIS * SAN DIEGO SAN FRANCISCO
More informationRFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title
RFID Field Guide Deploying Radio Frequency Identification Systems Manish Bhuptani Shahram Moradpour Sun Microsystems Press A Prentice Hall Title PRENTICE HALL PTR Prentice Hall Professional Technical Reference
More informationPlatform Ecosystems. Aligning Architecture, Governance, and Strategy. Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO
Platform Ecosystems Aligning Architecture, Governance, and Strategy Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann
More informationValvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE
Valvation Theories and Concepts Rajesh Kumar Professor of Finance, Institute of Management Technology, Dubai, UAE ELSEVIER AMSTERDAM BOSTON CAMBRIDGE HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN
More informationMichael Noel. Colin Spence. SharePoint UNLEASHED. 800 East 96th Street, Indianapolis, Indiana 46240 USA
Michael Noel Colin Spence SharePoint 2013 UNLEASHED 800 East 96th Street, Indianapolis, Indiana 46240 USA Table of Contents Introduction 1 Part I Planning for and Deploying SharePoint Server 2013 1 Introducing
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationSOFTWARE TESTING AS A SERVICE
SOFTWARE TESTING AS A SERVICE ASHFAQUE AHMED (g) CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business AN AUERBACH BOOK
More informationSecurity Officer s Checklist in a Sourcing Deal
Security Officer s Checklist in a Sourcing Deal Guide Share Europe Ostend, May 9th 2014 Johan Van Mengsel IBM Distinguished IT Specialist IBM Client Abstract Sourcing deals creates opportunities and challenges.
More informationSOA Governance. Stephen G. Bennett, Clive Gee, Robert Laird, Co-authored and edited by Thomas Erl. Governing
SOA Governance Governing Shared Services On-Premise and in the Cloud Co-authored and edited by Thomas Erl Stephen G. Bennett, Clive Gee, Robert Laird, Anne Thomas Manes, Robert Schneider, Leo Shuster,
More informationWork With Genesis Insurance Company
IN F O R M AT ION TEC HNOLOGY (IT ) SECURIT Y AT GEN ES I S security peace of mind You re covered. Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information
More informationElectricity for the Entertainment Electrician Ef Technician
Electricity for the Entertainment Electrician Ef Technician Richard Cadena ЩШ ' AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK JPPwlffl OXFORD PARIS SAN DIEGO SAN FRANCISCO л»еж SINGAPORE SYDNEY TOKYO ELSEVIER
More information