User Account

All Pages

Project - cloud computing security policy

Assignment Help Computer Network Security
Reference no: EM13983688

Project: Cloud Computing Security Policy

Background: A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. This grant contains provisions which arise from the federal government's "cloud first" mandate and related IT reform efforts (see https://cio.gov/wp-content/uploads/downloads/2012/09/25-Point-Implementation-Plan-to-Reform-Federal-IT.pdf)
Before the organization can take advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the federal agency which has issued the grant. This policy must also identify and address relevant requirements (items 3, 4, 5, and 6) as set forth in Part I: Section A "Apply ‘Light Technology' and Shared Solutions" of the federal government's25 point implementation plan.

Organization Profile: The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50 employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are loaned staff or other volunteers who work from their home offices using personally owned equipment. The organization wants to shift to using more cloud-based computing resources so that it can avoid having to purchase new and/or replacement equipment.

Figure 6-1. SNPO-MC As-Is Enterprise IT Architecture

1248_IT Architecture.png

Definitions: Employees of the organization are referred to as employees.

Executives and other staff who are "on loan" from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the organization one to two days per week for a period of one year.

Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days per week.

Cloud Computing includes but is not restricted to:

• Platform as a Service
• Infrastructure as a Service
• Software as a Service

Issues List:

• Who speaks with authority for the firm?
• Who monitors and manages compliance with laws and regulations?
• Ownership of content
• Privacy and confidentiality
• Enforcement
• Penalties for violations of policy
• Use by sales and marketing
• Use by customer service / outreach
• Use by public relations and corporate communications (e.g. information for shareholders, customers, general public)
• Use for advertising and e-commerce
• Use by teleworkers
• Review requirements (when, by whom)
• Use of content and services monitoring tools
• Content generation and management (documents, email, cloud storage)

Resources (suggested by the organization's IT Staff for your consideration):

1. https://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidance.pdf

2. https://www.sans.org/reading-room/whitepapers/analyst/cloud-security-compliance-primer-34910

3. https://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf

Tasking:

1. Research best practices for cloud computing. Use the readings posted in the LEO classroom, the resources listed above, and at least three additional resources that you find on your own.

2. Write a policy which addresses the following requirements from the federal government's 25 point plan:
• Shift to a "Cloud First" policy
• Stand-up contract vehicles for secure IaaS solutions
• Stand-up contract vehicles for commodity services
• Develop a strategy for shared services

3. Create a transition strategy for moving from the "As-Is" enterprise architecture to cloud-based services. You should consider IaaS, PaaS, and SecaaS strategies. You should also address deployment considerations (private, public, community, hybrid clouds) and the criteria for selecting an appropriate deployment strategy. Document your transition strategy in a "background" section in your policy. (This strategy forms the basis for the "need" for security for cloud based services to be used by SNPO-MC in the future and should include the "to be" state for its Enterprise IT architecture.

4. Develop and document 10 to 15 policy statements which address requirements for securing the cloud-based "to-be" enterprise architecture. These statements should be specific and based upon best practices.

Your deliverable for this project is a 5 to 8 page professionally formatted draft policy which addresses security requirements for Cloud based services used by the non-profit organization. See the following resources for suggested formats.

• https://it.tufts.edu/cloud-pol

• https://www.american.edu/policies/upload/IT-Security-Policy-2013.pdf

Reference no: EM13983688

Questions Cloud

How much distance does car cover during given time period : How much distance does the car cover during this 1.93 s time period? What is the speed of the car 1.93 s after it starts from rest?
What is the current in the wire : A wire carries an unknown current along the x axis. At a distance of 7cm from the wire the magnetic field has a strength of 10.0mT. What is the current in the wire?
What is the drift velocity for the electrons in this wire : A wire has a density of 6.4g/cm3 , a gram molecular weight of 62.7g/mole , and 1e-/atom . What is the number of carriers/volume (n) for this wire?
How exciting molecules or increasing the energy : How exciting molecules or increasing the energy within water gradually increases its temperature and when the molecules become extremely excited water gets to its boiling temperature.
Project - cloud computing security policy : Project: Cloud Computing Security Policy. Create a transition strategy for moving from the "As-Is" enterprise architecture to cloud-based services. You should consider IaaS, PaaS, and SecaaS strategies
Find the magnitude of the induced emf in the loop : A wire loop of area 150cm^2 lies on a horizontal table top. An electromagnet produces a magnetic field of .260T directed straight up through the loop. Over a period of .40s, the field is reduced to 0.060T. find the magnitude of the induced emf in t..
What is the induced emf in the loop : A wire loop has a resistance R = 10W and the area of the loop is 0.5 m^2, intially there is no magnetic field through the loop but at time t = 0 we start to increase the field at a uniform rate that it reaches B = 5T out of the page in 100s. What ..
Calculate the amount of depreciation expense : How do I calculate the amount of depreciation expense in Straight Line Method, Sum of Years Method, and Declining Balance
What happens to a cosmic-ray proton flying : What happens to a cosmic-ray proton flying into the Earth's atmosphere at a speed of about 107 m/s? The magnitude of the Earth's B field is approximately 5 X 10-5 T.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Assess any potential malicious attacks and threats

Analyze and assess any potential malicious attacks and threats that may be carried out against the network.

  Develop a system security plan for an information system

Develop a sample System Security Plan for an information system. Select and incorporate appropriate management, technical, and operational security controls into a system security plan.

  The performance of a wimax network appears to be lower than

the performance of a wimax network appears to be lower than expected and you suspect interference to be the cause.

  Where do the spams come from

Do you know what email clients the spammers use to generate their spams?

  Assignment on beat the hacker

A honeypot can be a useful for discovering some of the hacking trends occurring within an organization. Of course, there have to be certain measures placed upon its operation, maintenance, and the reconnaissance information obtained as a result. D..

  What is cryptanalysis

What is cryptanalysis. Give an example of a cryptanalytic problem. Describe the components of a digital stream cipher.

  Explain the purpose of the entity company code

Explain the purpose of the entity ‘Company Code'. How many company codes can an enterprise have and why?

  Design a new public key encryption scheme

Design a new public key encryption scheme - de ne and then show the correctness of the new scheme II.

  Why is facebook protected from liability for content

Why is Facebook protected from liability for content posted by third parties. Do you think that Facebook and other social network providers should be protected from liability for what their members post. Why or why not

  What might be your three most important concerns

Many hackers claim to believe that "access to computers should be unlimited and total" and that "all information should be free." Do you agree with these statements? Why or why not?

  How can this deficiency be addressed

How can this deficiency be addressed? What suggestions would you offer to make more users security competent?

  Determine changes to existing security policies

Determine changes to existing security policies needed to make the NVCC bookstore Web site more secure.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd