Federal Cloud Computing

Federal Cloud Computing

The Definitive Guide for Cloud Service Providers

1st Edition - November 27, 2012

Write a review

  • Author: Matthew Metheny
  • eBook ISBN: 9781597497398

Purchase options

Purchase options
DRM-free (EPub, PDF, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis.

Key Features

  • Provides a common understanding of the federal requirements as they apply to cloud computing
  • Provides a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
  • Provides both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization

Readership

Executives (CIOs/CFOs), IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Virtualization Specialists, Software Developers, Consultants, etc.)

Table of Contents

  • Dedication 1

    Dedication 2

    About the Author

    About the Technical Editor

    Foreword by William Corrington

    Foreword by Jim Reavis

    Chapter 1. Introduction to the Federal Cloud Computing Strategy

    Introduction

    A Historical View of Federal IT

    Cloud Computing: Drivers in Federal IT Transformation

    Decision Framework for Cloud Migration

    Summary

    References

    Chapter 2. Cloud Computing Standards

    Introduction

    Standards Development Primer

    Cloud Computing Standardization Drivers

    Identifying Standards for Federal Cloud Computing Adoption

    Summary

    References

    Chapter 3. A Case for Open Source

    Introduction

    Open Source and the Federal Government

    OSS Adoption Challenges: Acquisition and Security

    OSS and Federal Cloud Computing

    Summary

    References

    Chapter 4. Security and Privacy in Public Cloud Computing

    Introduction

    Security and Privacy in the Context of the Public Cloud

    Federal Privacy Laws and Policies

    Safeguarding Privacy Information

    Security and Privacy Issues

    Summary

    References

    Chapter 5. Applying the NIST Risk Management Framework

    Introduction to FISMA

    Risk Management Framework Overview

    NIST RMF Process

    Summary

    References

    Chapter 6. Risk Management

    Introduction to Risk Management

    Federal Information Security Risk Management Practices

    Overview of Enterprise-Wide Risk Management

    NIST Risk Management Process

    Comparing the NIST and ISO/IEC Risk Management Processes

    Summary

    References

    Chapter 7. Comparison of Federal and International Security Certification Standards

    Introduction

    Overview of Certification and Accreditation

    NIST and ISO/IEC Information Security Standards

    Summary

    References

    Chapter 8. FedRAMP Primer

    Introduction to FedRAMP

    FedRAMP Policy Memo

    FedRAMP Concept of Operations

    Third Party Assessment Organization Program

    Summary

    References

    Chapter 9. The FedRAMP Cloud Computing Security Requirements

    Security Control Selection Process

    FedRAMP Cloud Computing Security Requirements

    Summary

    References

    Chapter 10. Security Assessment and Authorization: Governance, Preparation, and Execution

    Introduction to the Security Assessment Process

    Governance in the Security Assessment

    Preparing for the Security Assessment

    Executing the Security Assessment Plan

    Summary

    References

    Chapter 11. Strategies for Continuous Monitoring

    Introduction to Continuous Monitoring

    The Continuous Monitoring Process

    Continuous Monitoring within FedRAMP

    Summary

    References

    Chapter 12. Cost-Effective Compliance Using Security Automation

    Introduction

    CM Reference Architectures

    Security Automation Standards and Specifications

    Operational Visibility and Continuous Monitoring

    Summary

    References

    Chapter 13. A Case Study for Cloud Service Providers

    Case Study Scenario: “Healthcare Exchange”

    Applying the Risk Management Framework within FedRAMP

    References

    Index

Product details

  • No. of pages: 448
  • Language: English
  • Copyright: © Syngress 2012
  • Published: November 27, 2012
  • Imprint: Syngress
  • eBook ISBN: 9781597497398

About the Author

Matthew Metheny

Matthew Metheny

Matthew Metheny, PMP, CISSP, CAP, CISA, CSSLP, CRISC, CCSK, is an Information Security Executive and Professional with twenty years of experience in the areas of finance management, information technology, information security, risk management, compliance programs, security operations and capabilities, secure software development, security assessment and auditing, security architectures, information security policies/processes, incident response and forensics, and application security and penetration testing.

Mr. Metheny is the Chief Information Security Officer and Director of Cyber Security Operations at the Court Services and Offender Supervision Agency (CSOSA), and is responsible for managing CSOSA’s enterprise-wide information security and risk management program, and cyber security operations. Prior to joining CSOSA, Mr. Metheny was employed at the US Government Publishing Office (GPO), where he led the Agency Governance, Risk Management, and Compliance (GRC) Program and served as the Agency subject matter expert for cloud security, responsible for evaluating service provider solutions against federal and industry security standards and integrating Agency and service provider security services. Mr. Metheny was the founder and instructor at CloudSecurityTraining.com, a business unit of One Enterprise Consulting Group, LLC, which was an approved training partner with the Cloud Security Alliance (CSA). He was also the Co-Chair for the CSA CloudTrust Protocol (CTP) Working Group, a Founding Member and Member of the Board of Director for the CSA-DC Chapter which was CSA’s Federal Cloud Center of Excellence, and a Founding Member of the OpenStack DC user group focused on expanding the knowledge of OpenStack within the Washington, DC metro area. Mr. Metheny received a Bachelor’s degree in Computer and Information Science from the University of Maryland University College and a Master's degree in Information Assurance from University of Maryland University College. He also holds the Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Auditor (CISA), Certified Authorization Professional (CAP), Project Management Professional (PMP) and Certificate in Cloud Security Knowledge (CCSK) Certifications.

Affiliations and Expertise

Chief Information Security Officer and Director of Cyber Security Operations, Court Services and Offender Supervision Agency (CSOSA)

Ratings and Reviews

Write a review

There are currently no reviews for "Federal Cloud Computing"