The Cloud extends the scope of Risk Management when risk is considered an enterprise (organizational) activity which takes into consideration various aspects of the nature of the cloud adoption. The "25-Point Implementation Plan to Reform Federal IT" published by Vivek Kundra, U.S. Chief Information Officer (CIO) on December 9, 2010 gave clear direction that a shift to the cloud will be part of the Federal IT strategy. In the Implementation Plan, Vivek states "Within the next six months, the Federal CIO will publish a strategy to accelerate the safe and secure adoption of cloud computing across the government." Further, Vivek... Read more →
« November 2010 | Main | January 2011 »
Posts from December 2010
17 December 2010
Cloud Adoption Will Force Federal Agencies to Adopt Integrated Risk Management Practices
Posted by Matthew Metheny on 17 December 2010 at 01:26 PM in IT Security, Risk | Permalink
|
Comments (0)
10 December 2010
The true meaning of "security awareness training"
My eye has been caught once again this afternoon by yet another advertisement disguised as a press release breathlessly informing us that the company can deliver "security awareness training". It seems innocuous enough, but what does this three-word phrase really tell us about them? Let me explain. I consider myself an information security awareness professional - that is, I help customers improve their employee's awareness of information security matters. Awareness, in my book at least, is a generalized approach, spreading the good word about information security and so leading to a broad company-wide understanding of information security, along with the... Read more →
Posted by Gary Hinson on 10 December 2010 at 02:31 AM in Cybersecurity Training | Permalink
|
Comments (5)
08 December 2010
Exploring the FedRAMP Cloud Computing Security Requirements Baseline
The FedRAMP Security Requirements "describes the U.S. Government’s proposed Assessment and Authorization (A&A) for U.S. Government Cloud Computing." In chapter 1, the FedRAMP PMO defined the proposed requirements (security controls) for a Low- and Moderate-Impact Cloud Computing environment (although not specifically characterizing any specific applicability to the Cloud Delivery or Service Model). In addition, the FedRAMP (DRAFT) publication draws on the existing NIST standards and guidelines to support the authroization of Cloud Services for the Federal Government. However, the FedRAMP publication limits the scope and tailoring of the control requirements to specifying the control parameters [refer to Section 3.3 within... Read more →
Posted by Matthew Metheny on 08 December 2010 at 07:24 AM in Government , IT Security, Risk | Permalink
|
Comments (1)
04 December 2010
FedRAMP Poised for Summer Release
According to articles posted by nexgov ("White House set to complete security standards for cloud computing services next year") and ExecutiveGov ("Kundra: Expect Formal Federal Cloud Security Standards in 6 Months"), through the FedRAMP program, the federal government could seek to publish the final FedRAMP publication sometime this summer. But is industry ready to take on the responsibility of securing government data? Do the members of the Joint Authorization Board (GSA, DHS, DOD, and the sponsoring agency) have enough information to fully qualify the risk of moving to the cloud as part of the risk-based decision for authorizing Cloud Service... Read more →
Posted by Matthew Metheny on 04 December 2010 at 08:22 AM in Government , IT Security | Permalink
|
Comments (0)
Search
Categories
- Center for Cyber Safety and Education (52)
- Cloud Security (137)
- Cybersecurity Certifications (387)
- Cybersecurity Training (315)
- Cybersecurity Workforce (254)
- Digital Forensics (30)
- Ethics (53)
- Government (127)
- Insider Risk (57)
- ISC2 Chapters (22)
- ISC2 Events (166)
- IT Security (389)
- Legal (46)
- Malware (116)
- Network Security (178)
- Operations Security (144)
- Privacy (117)
- Ransomware (90)
- Risk (204)
- Software Development (46)
- Spotlight (71)