User Account

All Pages

Project - cloud computing security policy

Assignment Help Computer Network Security
Reference no: EM13983688

Project: Cloud Computing Security Policy

Background: A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. This grant contains provisions which arise from the federal government's "cloud first" mandate and related IT reform efforts (see https://cio.gov/wp-content/uploads/downloads/2012/09/25-Point-Implementation-Plan-to-Reform-Federal-IT.pdf)
Before the organization can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the federal agency which has issued the grant. This policy must also identify and address relevant requirements (items 3, 4, 5, and 6) as set forth in Part I: Section A "Apply ‘Light Technology' and Shared Solutions" of the federal government's25 point implementation plan.

Organization Profile: The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are loaned staff or other volunteers who work from their home offices using personally owned equipment. The organization wants to shift to using more cloud-based computing resources so that it can avoid having to purchase new and/or replacement equipment.

Figure 6-1. SNPO-MC As-Is Enterprise IT Architecture

1248_IT Architecture.png

Definitions: Employees of the organization are referred to as employees.

Executives and other staff who are "on loan" from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year.

Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week.

Cloud Computing includes but is not restricted to:

• Platform as a Service
• Infrastructure as a Service
• Software as a Service

Issues List:

• Who speaks with authority for the firm?
• Who monitors and manages compliance with laws and regulations?
• Ownership of content
• Privacy and confidentiality
• Enforcement
• Penalties for violations of policy
• Use by sales and marketing
• Use by customer service / outreach
• Use by public relations and corporate communications (e.g. information for shareholders, customers, general public)
• Use for advertising and e-commerce
• Use by teleworkers
• Review requirements (when, by whom)
• Use of content and services monitoring tools
• Content generation and management (documents, email, cloud storage)

Resources (suggested by the organization's IT Staff for your consideration):

1. https://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidance.pdf

2. https://www.sans.org/reading-room/whitepapers/analyst/cloud-security-compliance-primer-34910

3. https://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf

Tasking:

1. Research best practices for cloud computing. Use the readings posted in the LEO classroom, the resources listed above, and at least three additional resources that you find on your own.

2. Write a policy which addresses the following requirements from the federal government's 25 point plan:
• Shift to a "Cloud First" policy
• Stand-up contract vehicles for secure IaaS solutions
• Stand-up contract vehicles for commodity services
• Develop a strategy for shared services

3. Create a transition strategy for moving from the "As-Is" enterprise architecture to cloud-based services. You should consider IaaS, PaaS, and SecaaS strategies. You should also address deployment considerations (private, public, community, hybrid clouds) and the criteria for selecting an appropriate deployment strategy. Document your transition strategy in a "background" section in your policy. (This strategy forms the basis for the "need" for security for cloud based services to be used by SNPO-MC in the future and should include the "to be" state for its Enterprise IT architecture.

4. Develop and document 10 to 15 policy statements which address requirements for securing the cloud-based "to-be" enterprise architecture. These statements should be specific and based upon best practices.

Your deliverable for this project is a 5 to 8 page professionally formatted draft policy which addresses security requirements for Cloud based services used by the non-profit organization. See the following resources for suggested formats.

• https://it.tufts.edu/cloud-pol

• https://www.american.edu/policies/upload/IT-Security-Policy-2013.pdf

Reference no: EM13983688

Questions Cloud

How much distance does car cover during given time period : How much distance does the car cover during this 1.93 s time period? What is the speed of the car 1.93 s after it starts from rest?
What is the current in the wire : A wire carries an unknown current along the x axis. At a distance of 7cm from the wire the magnetic field has a strength of 10.0mT. What is the current in the wire?
What is the drift velocity for the electrons in this wire : A wire has a density of 6.4g/cm3 , a gram molecular weight of 62.7g/mole , and 1e-/atom . What is the number of carriers/volume (n) for this wire?
How exciting molecules or increasing the energy : How exciting molecules or increasing the energy within water gradually increases its temperature and when the molecules become extremely excited water gets to its boiling temperature.
Project - cloud computing security policy : Project: Cloud Computing Security Policy. Create a transition strategy for moving from the "As-Is" enterprise architecture to cloud-based services. You should consider IaaS, PaaS, and SecaaS strategies
Find the magnitude of the induced emf in the loop : A wire loop of area 150cm^2 lies on a horizontal table top. An electromagnet produces a magnetic field of .260T directed straight up through the loop. Over a period of .40s, the field is reduced to 0.060T. find the magnitude of the induced emf in t..
What is the induced emf in the loop : A wire loop has a resistance R = 10W and the area of the loop is 0.5 m^2, intially there is no magnetic field through the loop but at time t = 0 we start to increase the field at a uniform rate that it reaches B = 5T out of the page in 100s. What ..
Calculate the amount of depreciation expense : How do I calculate the amount of depreciation expense in Straight Line Method, Sum of Years Method, and Declining Balance
What happens to a cosmic-ray proton flying : What happens to a cosmic-ray proton flying into the Earth's atmosphere at a speed of about 107 m/s? The magnitude of the Earth's B field is approximately 5 X 10-5 T.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Mini case: cisco systems

Mini Case: Cisco Systems

  Identify a successful three-way handshake?

Identify a successful three-way handshake?

  Classify the following vulnerabilities using the risos model

Classify the following vulnerabilities using the RISOS model. Assume that the classification is for the implementation level. Justify your answer.

  Defects of gsm networks

Security mechanism, threat, GSM networks, DDoS attacks, IPv4, IPv6, IPsec integrity, authentication and privacy, IPsec AH,  ‘single sign-on' in the context of access control, Secure Electronic Transaction (SET) protoco,  Encryption

  A virus is a program that attaches itself to other programs

A virus is a program that attaches itself to other programs. An infected user must take some sort of action to spread a virus to others. A worm functions as an independent program

  Explain the means attackers use to compromise systems

Explain the means attackers use to compromise systems and networks

  Compute value of shared secret key

You have secretly picked value SA = 17. You begin session by sending Bob your computed value of TA. Bob responds by sending you value TB = 291. What is the value of your shared secret key?

  Management issues of computer security

What are the major defensive mechanisms that can be used to stop such attacks-Pick up one mechanism and comment on it - Management issues of computer security

  Questions on security in computing and program security

Frequently asked questions on security in computing, program security , operating system , database security ? what is intrusion detection system , what is firewall , what re the non malicious programming errors , theft to security , how to contro..

  Development of a new information system

Willowbrook School is a small private school that has retained your services as a systems analyst to assist in the development of a new information system for the school's administrative needs.

  Article about network security

Write a 1 Page summary on an article about network security

  Develop a system security plan for an information system

Develop a sample System Security Plan for an information system. Select and incorporate appropriate management, technical, and operational security controls into a system security plan.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd