Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO
|
|
- Octavia Townsend
- 8 years ago
- Views:
Transcription
1 Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an Imprint of Elsevier SYNGRESS
2 About the Author About the Technical Editor Foreword by William Corrington Foreword by Jim Reavis xxi xv xvii xix CHAPTER 1 INTRODUCTION TO THE FEDERAL CLOUD COMPUTING STRATEGY 1 Introduction 1 A Historical View of Federal IT 5 The Early Years and the Mainframe Era 5 Shifting to Minicomputer 7 Decentralization: The Microcomputer ("Personal Computer") 8 Transitioning to Mobility 10 Evolution of Federal IT Policy 11 Cloud Computing: Drivers in Federal IT Transformation 19 Drivers for Adoption 20 Cloud Benefits 23 Decision Framework for Cloud Migration 25 Selecting Services to Move to the Cloud 26 Provisioning Cloud Services Effectively 27 Managing Services Rather Than Assets 28 Summary 28 CHAPTER 2 Cloud Computing Standards 31 Introduction 31 Standards Development Primer 34 Cloud Computing Standardization Drivers 36 Federal Laws and Policy 36 Adoption Barriers 37 Identifying Standards for Federal Cloud Computing Adoption 39 Standards Development Organizations (SDOs) and Other Community-Driven Organizations 40 Standards Inventory 40 Summary 50 ix
3 x Contents CHAPTER 3 A Case for Open Source 53 Introduction 53 Open Source and the Federal Government 55 OSS Adoption Challenges: Acquisition and Security 60 Acquisition Challenges 61 Security Challenges 62 OSS and Federal Cloud Computing 65 Summary 68 CHAPTER 4 Security and Privacy in Public Cloud Computing Introduction 71 Security and Privacy in the Context of the Public Cloud 73 Federal Privacy Laws and Policies 75 Privacy Act of E-Government Act of 2002, Federal Information Security Management Act (FISMA) 79 OMB Memorandum Policies 81 Safeguarding Privacy Information 82 Privacy Controls 84 Data Breaches, Impacts, and Consequences 97 Security and Privacy Issues 99 Summary 101 CHAPTER 5 Applying the NIST Risk Management Framework Introduction to FISMA 103 Purpose 103 Role and Responsibilities 104 Risk Management Framework Overview 109 The Role of Risk Management 110 The NIST RMF and the System Development Life Cycle NIST RMF Process 112 Information System Categorization 115 Security Control Selection 129 Security Controls Implementation 141 Security Controls Assessment 143 Information System Authorization 148 Security Controls Monitoring 157 Summary 165
4 xi CHAPTER 6 Risk Management 169 Introduction to Risk Management 169 Federal Information Security Risk Management Practices 172 Overview of Enterprise-Wide Risk Management 175 Components of the NIST Risk Management Process 175 Multi-Tiered Risk Management 179 NIST Risk Management Process 182 Framing Risk 183 Risk Assessment 185 Responding to Risk 186 Monitoring Risk 188 Comparing the NIST and ISO/IEC Risk Management Processes 189 Summary 193 CHAPTER 7 Comparison of Federal and International Security Certification Standards 195 Introduction 195 Overview of Certification and Accreditation 196 Evolution of the Federal C&A Processes 199 Towards a Unified Approach to C&A 204 NIST and ISO/IEC Information Security Standards 205 Boundary and Scope Definition 206 Security Policy 209 Risk Management Strategy (Context) 210 Risk Management Process 210 Security Objectives and Controls 211 Summary 215 CHAPTER 8 FedRAMP Primer 217 Introduction to FedRAMP 217 FedRAMP Policy Memo 219 Primary Stakeholders 221 FedRAMP Concept of Operations 225 Operational Processes 226 Third Party Assessment Organization Program 237 Summary 238
5 CHAPTER 9 The FedRAMP Cloud Computing Security Requirements 241 Security Control Selection Process 241 Selecting the Security Control Baseline 242 Tailoring and Supplementing Security Control Baseline 242 FedRAMP Cloud Computing Overlay 243 FedRAMP Cloud Computing Security Requirements 243 Policy and Procedures 245 Harmonizing FedRAMP Requirements 247 Assurance of External Service Providers Compliance 249 Approaches to Implementing FedRAMP Security Controls 250 FedRAMP Security Control Requirements 253 Summary 326 CHAPTER 10 Security Assessment and Authorization: Governance, Preparation, and Execution 329 Introduction to the Security Assessment Process 329 Governance in the Security Assessment 331 Preparing for the Security Assessment 334 Security Assessment Customer Responsibilities 336 Security Assessment Provider Responsibilities 339 Executing the Security Assessment Plan 346 Summary 348 CHAPTER 11 Strategies for Continuous Monitoring 349 Introduction to Continuous Monitoring 349 Organizational Governance 351 CM Strategy 354 CM Program 356 The Continuous Monitoring Process 356 Defining a CM Strategy 357 Implementing a CM Program 358 Review and Update CM Strategy and Program 363 Continuous Monitoring within FedRAMP 364 Summary 373 CHAPTER 12 Cost-Effective Compliance Using Security Automation 375 Introduction 375 CM Reference Architectures 377
6 xiii Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture 378 CAESARS Framework Extension Reference Architecture Security Automation Standards and Specifications 388 Security Content Automation Protocol 389 Cybersecurity Information Exchange Framework 389 Operational Visibility and Continuous Monitoring 390 Summary 393 CHAPTER 13 A Case Study for Cloud Service Providers 395 Case Study Scenario: "Healthcare Exchange" 395 Applying the Risk Management Framework within FedRAMP 396 Categorize Information System 396 Select Security Controls 412 Implement and Document Security Controls 415 Assessing Security Controls 415 Summary 419 INDEX 421
Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER
Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationIMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN
i I I I THE PRACTITIONER'S GUIDE TO DATA QUALITY IMPROVEMENT DAVID LOSHIN ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann
More informationCustomer Relationship Management
Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY
More informationRisk Analysis and the Security Survey
Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann
More informationNetwork Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor
Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN
More informationBig Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph
Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph David Loshin ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN
More informationOpen Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier
Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY
More informationManaging Data in Motion
Managing Data in Motion Data Integration Best Practice Techniques and Technologies April Reeve ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY
More informationMeasuring Data Quality for Ongoing Improvement
Measuring Data Quality for Ongoing Improvement A Data Quality Assessment Framework Laura Sebastian-Coleman ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationFederal Cloud Computing
Federal Cloud Computing This page is intentionally left blank Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD
More informationMetrics and Methods for Security Risk Management
Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of
More informationVirtualization and Forensics
Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK
More informationAgile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler
Agile Development & Business Goals The Six Week Solution Bill Holtsnider Tom Wheeler George Stragand Joseph Gee AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationCloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON
Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier
More informationMaster Data Management
Master Data Management David Loshin AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Ик^И V^ SAN FRANCISCO SINGAPORE SYDNEY TOKYO W*m k^ MORGAN KAUFMANN PUBLISHERS IS AN IMPRINT OF ELSEVIER
More informationFixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON
Fixed/Mobile Convergence and Beyond Unbounded Mobile Communications Richard Watson AMSTERDAM BOSTON. HEIDELBERG LONDON NEW YORK. OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY. TOKYO ELSEVIER
More informationCyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso
Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann
More informationConfiguration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management
Configuration Management for Senior Managers Essential Product Configuration and Lifecycle Management for Manufacturing Frank B. Watts ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS
More informationSecurity Control Standard
Department of the Interior Security Control Standard Program Management April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information
More informationPrivate Cloud Computing
Private Cloud Computing Consolidation, Virilization, and Service-Oriented Infrastructure Stephen R. Smoot Nam K. Tan ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO M< SAN FRANCISCO
More informationAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier
Trading and Money Management in a Student-Managed Portfolio Brian Bruce Jason Greene ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationSecuring SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER
Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationHuman Performance Improvement
Human Performance Improvement Building Practitioner Competence Second Edition William J. Rothwell Carolyn K. Hohne Stephen B. King ELoEVIElx AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN
More informationData Warehousing in the Age of Big Data
Data Warehousing in the Age of Big Data Krish Krishnan AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD * PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier
More informationMeasuring and. Communicating. Security's Value. A Compendium of Metrics. for Enterprise Protection
Measuring and Communicating Security's Value A Compendium of Metrics for Enterprise Protection George Campbell AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationSupply Chain Strategies
Supply Chain Strategies Customer-driven and customer-focused Tony Hines ELSEVIER BUTTERWORTH HEINEMANN AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY
More informationPrivate Equity and Venture Capital in Europe
Private Equity and Venture Capital in Europe Markets, Techniques, and Deals Stefano Caselli AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO ELSEVIER
More informationPractical Text Mining and Statistical Analysis for Non-structured Text Data Applications
Practical Text Mining and Statistical Analysis for Non-structured Text Data Applications Gary Miner Dursun Delen John Elder Charlottesville, VA, USA Andrew Fast Charlottesville, VA, USA Thomas Hill Robert
More informationfor the Entire Organization
Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY.
More informationWorking Memory and Education
Working Memory and Education EDITED BY Susan J. Pickering ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of
More informationSecurity Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan
Security Metrics A Beginner's Guide Caroline Wong Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents FOREWORD
More informationDelivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.
Enterprise Software Delivery Bringing Agility and Efficiency Global Software Supply Chain to the Alan W. Brown AAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto
More informationFSIS DIRECTIVE 1306.3
UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC FSIS DIRECTIVE 1306.3 REVISION 1 12/13/12 CONFIGURATION MANAGEMENT (CM) OF SECURITY CONTROLS FOR INFORMATION SYSTEMS
More informationValvation. Theories and Concepts. Rajesh Kumar. Professor of Finance, Institute of Management Technology, Dubai, UAE
Valvation Theories and Concepts Rajesh Kumar Professor of Finance, Institute of Management Technology, Dubai, UAE ELSEVIER AMSTERDAM BOSTON CAMBRIDGE HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN
More informationEngineering DOCUMENTATION CONTROL HANDBOOK
Engineering DOCUMENTATION CONTROL HANDBOOK CONFIGURATION MANAGEMENT AND PRODUCT LIFECYCLE MANAGEMENT FOURTH EDITION FRANK B. WATTS Amsterdam Boston Heidelberg London New York Oxford Paris San Diego San
More informationHow To Write A Diagram
Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationSecurity Controls Assessment for Federal Information Systems
Security Controls Assessment for Federal Information Systems Census Software Process Improvement Program September 11, 2008 Kevin Stine Computer Security Division National Institute of Standards and Technology
More informationPractical Web Analytics for User Experience
Practical Web Analytics for User Experience How Analytics Can Help You Understand Your Users Michael Beasley UX Designer, ITHAKA Ypsilanti, Michigan, USA üf IBs fmij ELSEVIER Amsterdam Boston Heidelberg
More informationHacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS
Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationDigital Forensics with Open Source Tools
Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
More informationCustomer Relationship. Management. Ed Peelen and Rob Beltman
Customer Relationship Management Ed Peelen and Rob Beltman PEARSON Harlow, England London New York Boston San Francisco Toronto Sydney Auckland Singapore Hong Kong Tokyo Seoul Taipei New Delhi Cape Town
More informationRelationship marketing
Relationship marketing WBIbliothek Exploring relational strategies in marketing FOURTH EDITION JOHN EGAN London South Bank University Financial Times Prentice Hall is an imprint of Harlow, England London
More informationAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO
DW2.0 The Architecture for the Next Generation of Data Warehousing W. H. Inmon Forest Rim Technology Derek Strauss Gavroshe Genia Neushloss Gavroshe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS
More informationSecurity Control Standard
Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,
More informationJob Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process
Job Hazard Analysis A Guide for Voluntary Compliance and Beyond From Hazard to Risk: Transforming the JHA from a Tool to a Process James E. Roughton Nathan Crutchfield E L S E V I E R AMSTERDAM. BOSTON.
More informationEye Tracking in User Experience Design
Eye Tracking in User Experience Design Jennifer Romano Bergstrom, Ph.D Andrew Jonathan Schall i'p-&>,' JDIIL ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW Y0RK * OXFORD * PARIS * SAN DIEGO SAN FRANCISCO
More informationSecurity Control Standard
Department of the Interior Security Control Standard Risk Assessment January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information
More informationFinancial Statement Analysis
Financial Statement Analysis Valuation Credit analysis Executive compensation Christian V. Petersen and Thomas Plenborg Financial Times Prentice Hall is an imprint of Harlow, England London New York Boston
More informationHow To Control A System
Department of the Interior Security Control Standard Awareness and Training April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information
More informationIT Manager's Handbook
IT Manager's Handbook Getting your new job done Third Edition Bill Holtsnider Brian D. Jaffe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan
More informationMolecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION
Molecular Biology Techniques: A Classroom Laboratory Manual THIRD EDITION Susan Carson Heather B. Miller D.Scott Witherow ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN
More informationWinning the Hardware-Software Game
Winning the Hardware-Software Game Using Game Theory to Optimize the Pace of New Technology Adoption Ruth D. Fisher PRENTICE Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal
More informationPlatform Ecosystems. Aligning Architecture, Governance, and Strategy. Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO
Platform Ecosystems Aligning Architecture, Governance, and Strategy Amrit Tiwana AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann
More informationObj ect-oriented Construction Handbook
Obj ect-oriented Construction Handbook Developing Application-Oriented Software with the Tools & Materials Approach Heinz Züllighoven IT'Workplace Solutions, Inc., and LJniversity of Hamburg, Germany as
More informationContinuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012
Monitoring in a Risk Management Framework US Census Bureau Oct 2012 Agenda Drivers for Monitoring What is Monitoring Monitoring in a Risk Management Framework (RMF) RMF Cost Efficiencies RMF Lessons Learned
More informationEleventh Hour Security+
Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.
More informationAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier
Emerging Market Bank Lending and Credit Risk Control Evolving Strategies to Mitigate Credit Risk, Optimize Lending Portfolios, and Check Delinquent Loans Leo Onyiriuba ELSEVIER AMSTERDAM BOSTON HEIDELBERG
More informationSharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.
Ec,V$%fMM SharePoint 2010 i ip?"^biifiis:'iissiipi Overview, Governance, (^Rll^^fc^ and Planning Ipft^'" Scott Jamison Susan Hanley Mauro Cardarelli Upper Saddle River, NJ Boston Indianapolis San Francisco
More informationArchitectures, and. Service-Oriented. Cloud Computing. Web Services, The Savvy Manager's Guide. Second Edition. Douglas K. Barry. with.
Web Services, Service-Oriented Architectures, and Cloud Computing The Savvy Manager's Guide Second Edition Douglas K. Barry with David Dick ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS
More informationGlobal Efforts to Secure Cloud Computing
April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationMIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco
Software Development Using Scrum MIKE COHN VAddison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Madrid Cape Town Sydney Tokyo Singapore
More informationRapid System Prototyping with FPGAs
Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of
More informationINTERNATIONAL MONEY AND FINANCE
INTERNATIONAL MONEY AND FINANCE EIGHTH EDITION MICHAEL MELVIN AND STEFAN C. NORRBIN ELSEVIER Amsterdam Boston Heidelberg London New york Oxford Paris San Diego San Francisco Singapore Sydney Tokyo Academic
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationsuperseries FIFTH EDITION
Prelims-I046413.qxd 3/19/07 1:04 PM Page i Institute of Leadership & Management superseries Motivating to Perform in the Workplace FIFTH EDITION Published for the Institute of Leadership & Management AMSTERDAM
More informationPublic Relations in Schools
Public Relations in Schools Fifth Edition Theodore J. Kowalski University of Dayton Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan
More informationFedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO
FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:
More informationGovernance Simplified
Information Security Governance Simplified From the Boardroom to the Keyboard TODD FITZGERALD, cissp; cisa, cism Foreword by Tom Peltier CRC Press Taylor & Francis Croup Boca Raton London NewYork CRC Press
More informationNIST Special Publication (SP) 800-64, Revision 2, Security Considerations in the System Development Life Cycle
THE SYSTEM DEVELOPMENT LIFE CYCLE (SDLC) Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology The most effective way to protect
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More informationDeveloper's Handbook
IMS Application Developer's Handbook Creating and Deploying Innovative IMS Applications Rogier Noldus Ulf Olsson Catherine Mulligan loannis Fikouras Anders Ryde Mats Stifle AMSTERDAM BOSTON HEIDELBERG
More informationMinimum Security Requirements for Federal Information and Information Systems
FIPS PUB 200 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Minimum Security Requirements for Federal Information and Information Systems Computer Security Division Information Technology Laboratory
More informationMaking Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled
Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled Government Conference & Expo September 22, 2011 Disclaimer This
More informationRFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title
RFID Field Guide Deploying Radio Frequency Identification Systems Manish Bhuptani Shahram Moradpour Sun Microsystems Press A Prentice Hall Title PRENTICE HALL PTR Prentice Hall Professional Technical Reference
More informationEnterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions
Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions Benjamin Bergersen Certified in the Governance of Enterprise IT - CGEIT Certified Information Systems Security
More informationHow To Build Trust In The Cloud
Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and
More informationElectricity for the Entertainment Electrician Ef Technician
Electricity for the Entertainment Electrician Ef Technician Richard Cadena ЩШ ' AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK JPPwlffl OXFORD PARIS SAN DIEGO SAN FRANCISCO л»еж SINGAPORE SYDNEY TOKYO ELSEVIER
More informationThe Data Access Handbook
The Data Access Handbook Achieving Optimal Database Application Performance and Scalability John Goodson and Robert A. Steward PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationNetwork Security: A Practical Approach. Jan L. Harrington
Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of
More informationCIMA'S Official Learning System
cima CIMA'S Official Learning System Strategic Level Paul M. Collier Sam Agyei-Ampomah ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Contents
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationCompensating the Sales Force
Compensating the Sales Force A Practical Guide to Designing Winning Sales Reward Programs Second Edition David J. Cichelli Me Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan
More informationPOSTAL REGULATORY COMMISSION
POSTAL REGULATORY COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT INFORMATION SECURITY MANAGEMENT AND ACCESS CONTROL POLICIES Audit Report December 17, 2010 Table of Contents INTRODUCTION... 1 Background...1
More information2012 FISMA Executive Summary Report
2012 FISMA Executive Summary Report March 29, 2013 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 OI'!'ICEOI' lnstfl! C1'0R GENERAt MEMORANDUM March 29,2013 To: Jeff Heslop, Chief
More informationFrom Chaos to Clarity: Embedding Security into the SDLC
From Chaos to Clarity: Embedding Security into the SDLC Felicia Nicastro Security Testing Services Practice SQS USA Session Description This session will focus on the security testing requirements which
More informationDevelopment Effort & Duration
Practical Software Project Estimation: A Toolkit for Estimating Software Development Effort & Duration International Software Benchmarking Standards Group Compiled and edited by Peter R. Hill Mc Grauu
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationContents. xv xvii xxi. Case Studies Preface Acknowledgments
Contents Case Studies Preface Acknowledgments xv xvii xxi CHAPTER 1 CAATTs History 1 The New Audit Environment 2 The Age of Information Technology 3 Decentralization of Technology 3 Absence of the Paper
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationCTR System Report - 2008 FISMA
CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationWhite Paper. Understanding NIST 800 37 FISMA Requirements
White Paper Understanding NIST 800 37 FISMA Requirements Contents Overview... 3 I. The Role of NIST in FISMA Compliance... 3 II. NIST Risk Management Framework for FISMA... 4 III. Application Security
More informationSecurity Authorization Process Guide
Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...
More information5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT
5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT 5 FAM 621 GENERAL (Office of Origin: IRM/BMP/SPO/PMD) a. The strategic importance of Information Technology (IT) to the mission of the State Department
More information