User Account

All Pages

Cloud computing security policy

Assignment Help Computer Network Security
Reference no: EM13923145

Background:

A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the grant overseers.

Tasking:

You are a cybersecurity professional who is "on loan" from your employer, a management consulting firm, to a small non-profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery.

As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization.

Your deliverable for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats.

https://it.tufts.edu/cloud-pol
https://www.american.edu/policies/upload/IT-Security-Policy-2013.pdf

Organization Profile:

The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are volunteers who work from their home offices using personally owned equipment.

The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees are set on a sliding scale based upon the client's ability to pay. The organization receives additional funding to support its administrative costs, including IT and IT security, through grants and donations from several Fortune 500 companies.

The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 person) professional IT staff that includes one information security specialist. These staff members are located in the Boston headquarters office.

Definitions:

Employees of the organization are referred to as employees.

Executives and other staff who are "on loan" from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year.

Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week.

Cloud Computing includes but is not restricted to:
· Platform as a Service
· Infrastructure as a Service
· Software as a Service

Issues List:
· Who speaks with authority for the firm?
· Who monitors and manages compliance with laws and regulations?
· Ownership of content
· Privacy and confidentiality
· Enforcement
· Penalties for violations of policy
· Use by sales and marketing
· Use by customer service / outreach
· Use by public relations and corporate communications (e.g. information for shareholders, customers, general public)
· Use for advertising and e-commerce
· Use by teleworkers
· Review requirements (when, by whom)
· Use of content and services monitoring tools
· Content generation and management (documents, email, cloud storage)
· Additional issues listed in https://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf

Reference no: EM13923145

Questions Cloud

Modelling integration of mnch commodity : Modelling integration of MNCH commodity logistics and supply chain management on outcomes of MNCH services at service delivery points in Nigeria.
Discuss the key components and players : Discuss the key components and players involved in effective city planning and innovative planning practices. In your discussion, include issues that arrive concerning eminent domain. Discuss how the no-growth movement influences city growth.
Provide a profile of your chosen struggling company : For this assignment, due in Module Six, you will submit a one- to two-page document that will provide a profile of your chosen struggling company, CHOOSE ONE OF THE FOLLOWING COMPANIES: Toyota, WorldCom, EnronMotorola and Eastman Kodak
Four sequential phases in corporations : In a survey of 50 corporations, which of the following was rated as a benefit of strategic management?
Cloud computing security policy : A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take advantage of the monies provided by this grant, it must present an acceptable cloud comp..
What are main reason for resource changes in an organisation : What are the main reasons for resource changes in an organisation? How do they affect sustainable competitive advantage and value added? Give examples to support your explanation.
Developing a capacity plan for a health care operation : ISO audits result in certifications that are done by first, second, or third parties. Which of the following result in the best certification of a firm?
What conclusions would you draw from your analysis : Take industry with which you are familiar and estimate its degree of concentration. You might pick university and college of higher education market in a particular country. What conclusions would you draw from your analysis?
Design two suitable resistance training programs : Design two suitable resistance training programs with suitable progressions from Program 1 (Weeks 1 to 6) to Program 2 (Weeks 7 to 12). Ensure you include some exercises that will help Christine avoid injury.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Compute value of shared secret key

You have secretly picked value SA = 17. You begin session by sending Bob your computed value of TA. Bob responds by sending you value TB = 291. What is the value of your shared secret key?

  Determine what the risk to an organisation is

Determine what the risk to an organisation is, you need to know what the problems could be - how it performs its attack and the mitigation strategies. The risk to an organisation using vulnerable systems should also be determined.

  Write a report on web security services using xml encryption

Write a report on Web security services using XML Encryption and Signatures. The report must have a title, an abstract, an introduction and at least one section that extensively reviews the literature you have read.

  Exchange keys out of band in symmetric encryption

In symmetric encryption, why is it significant to exchange keys "out of band"? Write down the difference between "digital signature" and "digital certificate"?

  Des operating on a general plaintext input

DES operating on a general plaintext input 1st with key K1 and then with key K2 manufactures the same output as if K2 were first used and then K1.

  Identify and prioritize it security controls

Using the case study and NIST SP 800-53, Identify and prioritize IT Security controls that should be implemented. Discuss any applicable US Government regulations/standards that apply to this organization

  Research paper about data encryption techniques

Write a research paper about data encryption techniques. Your content should include the following: Business advantages and disadvantages of full disk encryption, compared to other types of encryption techniques.

  Ethics or values within the hacking subculture.

Write a 1-2 page essay defining and showing examples of hacking and its subculture. Do hackers have ethics or values? If so, give examples of ethics or values within the hacking subculture.

  The performance of a wimax network appears to be lower than

the performance of a wimax network appears to be lower than expected and you suspect interference to be the cause.

  Design a security plan that describes counter-measures

Design a security plan that describes counter-measures that will manage the threats that put the organisation's information assets at risk. The security plan should cover a full range of protection measures

  Problem regarding the cyber-attack

This exercise is to identify and characterize assets. Imagine there is a severe natural calamity in your area and your personal vehicles have been rendered immobile. The local mayor is running school buses on their routes to evacuate residents and..

  How you could use one or more

Explain how you could use one or more of the Windows log files to investigate a potential malware infection on a system. What types of information are available to you in your chosen log file

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd