Federal Cloud Computing - 2nd Edition - ISBN: 9780128097106, 9780128096871

Federal Cloud Computing

2nd Edition

The Definitive Guide for Cloud Service Providers

Authors: Matthew Metheny
eBook ISBN: 9780128096871
Paperback ISBN: 9780128097106
Imprint: Syngress
Published Date: 19th January 2017
Page Count: 536
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
75.41
52.79
52.79
52.79
52.79
52.79
60.33
60.33
50.95
35.66
35.66
35.66
35.66
35.66
40.76
40.76
69.95
48.97
48.97
48.97
48.97
48.97
55.96
55.96
42.99
30.09
30.09
30.09
30.09
30.09
34.39
34.39
Unavailable
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation.

You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.

This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.

Key Features

  • Provides a common understanding of the federal requirements as they apply to cloud computing
  • Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
  • Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Readership

Information security professionals and consultants, system administrators, IT administrators and managers focused on information security, as well as security auditors, security engineers, virtualization specialists, software developers, and compliance specialists

Table of Contents

  • Dedication
  • About the Author
  • About the Technical Editor
  • Foreword by William Corrington
  • Foreword by Jim Reavis
  • Chapter 1. Introduction to the federal cloud computing strategy
    • Abstract
    • Introduction
    • A Historical View of Federal IT
    • Cloud Computing: Drivers in Federal IT Transformation
    • Decision Framework for Cloud Migration
    • Summary
    • References
  • Chapter 2. Cloud computing standards
    • Abstract
    • Introduction
    • Standards Development Primer
    • Cloud Computing Standardization Drivers
    • Identifying Standards for Federal Cloud Computing Adoption
    • Summary
    • References
  • Chapter 3. A case for open source
    • Abstract
    • Introduction
    • Open Source Software and the Federal Government
    • Open Source Software Adoption Challenges: Acquisition and Security
    • Open Source Software and Federal Cloud Computing
    • Summary
    • References
  • Chapter 4. Security and privacy in public cloud computing
    • Abstract
    • Introduction
    • Security and Privacy in the Context of the Public Cloud
    • Federal Privacy Laws and Policies
    • Federal Information Security Modernization Act (FISMA)
    • OMB Memorandum Policies
    • Safeguarding Privacy Information
    • Security and Privacy Issues
    • Summary
    • References
  • Chapter 5. Applying the NIST risk management framework
    • Abstract
    • Introduction to FISMA
    • Risk Management Framework Overview
    • NIST RMF Process
    • Summary
    • References
  • Chapter 6. Risk management
    • Abstract
    • Introduction to Risk Management
    • Federal Information Security Risk Management Practices
    • Overview of Enterprise-Wide Risk Management
    • NIST Risk Management Process
    • Comparing the NIST and ISO/IEC Risk Management Processes
    • Summary
    • References
  • Chapter 7. Comparison of federal and international security certification standards
    • Abstract
    • Introduction
    • Overview of Certification and Accreditation
    • NIST and ISO/IEC Information Security Standards
    • Summary
    • References
  • Chapter 8. FedRAMP primer
    • Abstract
    • Introduction to FedRAMP
    • FedRAMP Overview
    • FedRAMP Policy Memo
    • FedRAMP Governance and Stakeholders
    • FedRAMP Accelerated Process
    • FedRAMP Security Assessment Framework
    • Third Party Assessment Organization Program
    • Summary
    • References
  • Chapter 9. The FedRAMP cloud computing security requirements
    • Abstract
    • Security Control Selection Process
    • FedRAMP Cloud Computing Security Requirements
    • Federal Laws, Executive Orders, Policies, Directives, Regulations, Standards and Guidelines
    • Summary
    • References
  • Chapter 10. Security testing: Vulnerability assessments and penetration testing
    • Abstract
    • Introduction to Security Testing
    • Vulnerability Assessment
    • Penetration Testing
    • FedRAMP Vulnerability Scan and Penetration Testing Requirements
    • Summary
    • References
  • Chapter 11. Security assessment and authorization: Governance, preparation, and execution
    • Abstract
    • Introduction to the Security Assessment Process
    • Governance in the Security Assessment
    • Preparing for the security assessment
    • Executing the Security Assessment Plan
    • Summary
    • References
  • Chapter 12. Strategies for continuous monitoring
    • Abstract
    • Introduction to Continuous Monitoring
    • The Continuous Monitoring Process
    • Continuous Monitoring within FedRAMP
    • Summary
    • References
  • Chapter 13. Continuous monitoring through security automation
    • Abstract
    • Introduction
    • CM Reference Architectures
    • Security Automation Standards and Specifications
    • Operational Visibility and Continuous Monitoring
    • Summary
    • References
  • Chapter 14. A case study for cloud service providers
    • Abstract
    • Case Study Scenario: “Healthcare Exchange”
    • Applying the Risk Management Framework within FedRAMP
    • Summary
    • References
  • Index

Details

No. of pages:
536
Language:
English
Copyright:
© Syngress 2017
Published:
Imprint:
Syngress
eBook ISBN:
9780128096871
Paperback ISBN:
9780128097106

About the Author

Matthew Metheny

Matthew Metheny

Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing.

Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSA’s Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelor’s degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University College. He also holds the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Auditor (CISA), Certified Authorization Professional (CAP), Project Management Professional (PMP) and Certificate in Cloud Security Knowledge (CCSK) Certifications.

Affiliations and Expertise

Chief Information Security Officer and Director of Cyber Security Operations, Court Services and Offender Supervision Agency (CSOSA)