LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Book sale: Save up to 25% on print and eBooks. No promo code needed.
Book sale: Save up to 25% on print and eBooks.
Federal Cloud Computing
The Definitive Guide for Cloud Service Providers
1st Edition - November 27, 2012
Author: Matthew Metheny
eBook ISBN:
9 7 8 - 1 - 5 9 7 4 9 - 7 3 9 - 8
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government,… Read more
Purchase Options
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.
You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.
- Provides a common understanding of the federal requirements as they apply to cloud computing
- Provides a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
- Provides both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization
Executives (CIOs/CFOs), IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Virtualization Specialists, Software Developers, Consultants, etc.)
Dedication 1
Dedication 2
About the Author
About the Technical Editor
Foreword by William Corrington
Foreword by Jim Reavis
Chapter 1. Introduction to the Federal Cloud Computing Strategy
Introduction
A Historical View of Federal IT
Cloud Computing: Drivers in Federal IT Transformation
Decision Framework for Cloud Migration
Summary
References
Chapter 2. Cloud Computing Standards
Introduction
Standards Development Primer
Cloud Computing Standardization Drivers
Identifying Standards for Federal Cloud Computing Adoption
Summary
References
Chapter 3. A Case for Open Source
Introduction
Open Source and the Federal Government
OSS Adoption Challenges: Acquisition and Security
OSS and Federal Cloud Computing
Summary
References
Chapter 4. Security and Privacy in Public Cloud Computing
Introduction
Security and Privacy in the Context of the Public Cloud
Federal Privacy Laws and Policies
Safeguarding Privacy Information
Security and Privacy Issues
Summary
References
Chapter 5. Applying the NIST Risk Management Framework
Introduction to FISMA
Risk Management Framework Overview
NIST RMF Process
Summary
References
Chapter 6. Risk Management
Introduction to Risk Management
Federal Information Security Risk Management Practices
Overview of Enterprise-Wide Risk Management
NIST Risk Management Process
Comparing the NIST and ISO/IEC Risk Management Processes
Summary
References
Chapter 7. Comparison of Federal and International Security Certification Standards
Introduction
Overview of Certification and Accreditation
NIST and ISO/IEC Information Security Standards
Summary
References
Chapter 8. FedRAMP Primer
Introduction to FedRAMP
FedRAMP Policy Memo
FedRAMP Concept of Operations
Third Party Assessment Organization Program
Summary
References
Chapter 9. The FedRAMP Cloud Computing Security Requirements
Security Control Selection Process
FedRAMP Cloud Computing Security Requirements
Summary
References
Chapter 10. Security Assessment and Authorization: Governance, Preparation, and Execution
Introduction to the Security Assessment Process
Governance in the Security Assessment
Preparing for the Security Assessment
Executing the Security Assessment Plan
Summary
References
Chapter 11. Strategies for Continuous Monitoring
Introduction to Continuous Monitoring
The Continuous Monitoring Process
Continuous Monitoring within FedRAMP
Summary
References
Chapter 12. Cost-Effective Compliance Using Security Automation
Introduction
CM Reference Architectures
Security Automation Standards and Specifications
Operational Visibility and Continuous Monitoring
Summary
References
Chapter 13. A Case Study for Cloud Service Providers
Case Study Scenario: “Healthcare Exchange”
Applying the Risk Management Framework within FedRAMP
References
Index
- No. of pages: 448
- Language: English
- Published: November 27, 2012
- Imprint: Syngress
- eBook ISBN: 9781597497398
MM
Matthew Metheny
Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing.
Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSA’s Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelor’s degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University College. He also holds the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Auditor (CISA), Certified Authorization Professional (CAP), Project Management Professional (PMP) and Certificate in Cloud Security Knowledge (CCSK) Certifications.
Affiliations and expertise
Chief Information Security Officer and Director of Cyber Security Operations, Court Services and Offender Supervision Agency (CSOSA)