دانلود کتاب Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری نسخه زبان اصلی
دانلود کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری بعد از پرداخت مقدور خواهد بود
توضیحات کتاب در بخش جزئیات آمده است و می توانید موارد را مشاهده فرمایید
توضیحاتی در مورد کتاب Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
نام کتاب : Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
ویرایش : 2
عنوان ترجمه شده به فارسی : رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری
سری :
نویسندگان : Matthew Metheny
ناشر : Syngress
سال نشر : 2017
تعداد صفحات : 538
ISBN (شابک) : 0128097108 , 9780128097106
زبان کتاب : English
فرمت کتاب : pdf
حجم کتاب : 7 مگابایت
بعد از تکمیل فرایند پرداخت لینک دانلود کتاب ارائه خواهد شد. درصورت ثبت نام و ورود به حساب کاربری خود قادر خواهید بود لیست کتاب های خریداری شده را مشاهده فرمایید.
فهرست مطالب :
Front Cover
Federal Cloud Computing
Copyright Page
Dedication
Contents
About the Author
About the Technical Editor
Foreword by William Corrington
Foreword by Jim Reavis
1 Introduction to the federal cloud computing strategy
Introduction
A Historical View of Federal IT
The Early Years and the Mainframe Era
Shifting to Minicomputer
Decentralization: The Microcomputer (“Personal Computer”)
Transitioning to Mobility
Evolution of Federal IT Policy
Cloud Computing: Drivers in Federal IT Transformation
Drivers for Adoption
Cloud Benefits
Improving efficiency
Improving agility
Improving innovation
Decision Framework for Cloud Migration
Selecting Services to Move to the Cloud
Provisioning Cloud Services Effectively
Managing Services Rather Than Assets
Summary
References
2 Cloud computing standards
Introduction
Standards Development Primer
Cloud Computing Standardization Drivers
Federal Laws and Policy
Trade Agreements Act (TAA)
National Technology Transfer and Advancement Act (NTTAA)
Office of Management and Budget (OMB) Circular A-119
Adoption Barriers
Identifying Standards for Federal Cloud Computing Adoption
Standards Development Organizations (SDOs) and Other Community-Driven Organizations
Standards Inventory
Summary
References
3 A case for open source
Introduction
Open Source Software and the Federal Government
Open Source Software Adoption Challenges: Acquisition and Security
Acquisition Challenges
Security Challenges
Open Source Software and Federal Cloud Computing
Summary
References
4 Security and privacy in public cloud computing
Introduction
Security and Privacy in the Context of the Public Cloud
Federal Privacy Laws and Policies
Privacy Act of 1974
Federal Information Security Modernization Act (FISMA)
OMB Memorandum Policies
Safeguarding Privacy Information
Privacy Controls
Data Breaches, Impacts, and Consequences
Security and Privacy Issues
Summary
References
5 Applying the NIST risk management framework
Introduction to FISMA
Purpose
Roles and Responsibilities
Director of OMB
Secretary of DHS
NIST
Federal Agencies
Head of Agency or Equivalent
Federal Agency Information Security Program
Federal Agency Independent Evaluations and Reporting
Risk Management Framework Overview
The Role of Risk Management
The NIST RMF and the System Development Life Cycle
NIST RMF Process
Information System Categorization
Relationship between the NIST RMF and the Federal Enterprise Architecture
Shared Responsibility and the Chain of Trust
Overview of the Security Categorization Process
Identify Information Types
Select Provisional Impact Values for Each Information Type
Adjust the Information Type’s Provisioning Impact Value and Security Category
Determine the System Security Impact Level
Security Controls Selection
Tailoring the Initial Baseline
Applying Scoping Considerations
Selecting Compensating Security Controls
Assigning Security Control Parameter Values
Supplementing the Tailored Baseline
Documenting the Tailoring and Supplementation Process
Continuous Monitoring Strategy
Allocating Security Controls
Decomposition
Security Controls Implementation
Implementing and Documenting Security Controls
Security Controls Assessment
Assessment Preparation
Security Assessment Plan
Assessing Security Controls
Reporting Assessment Results
Information System Authorization
Corrective Action Planning
Developing a Risk Mitigation Strategy
Documenting POA&Ms
Security Authorization Approaches
Security Authorization Process
Security Controls Monitoring
Determining Security Impact
Ongoing Security Controls Assessments
Key Updates and Status Reporting
Ongoing Risk Determination and Acceptance
Summary
References
6 Risk management
Introduction to Risk Management
Federal Information Security Risk Management Practices
Overview of Enterprise-Wide Risk Management
Components of the NIST Risk Management Process
Risk Framing
Risk Assessment
Risk Response
Risk Monitoring
Multitiered Risk Management
Tier 1 Risk Management Activities
Tier 2 Risk Management Activities
Tier 3 Risk Management Activities
NIST Risk Management Process
Framing Risk
Assessing Risk
Responding to Risk
Monitoring Risk
Comparing the NIST and ISO/IEC Risk Management Processes
Summary
References
7 Comparison of federal and international security certification standards
Introduction
Overview of Certification and Accreditation
Evolution of the Federal C&A Processes
Civilian agencies
Department of Defense (DoD)
Intelligence Community (IC)
Committee on National Security Systems (CNSS)
Towards a Unified Approach to C&A
NIST and ISO/IEC Information Security Standards
Boundary and Scope Definition
Security Policy
Risk Management Strategy (Context)
Risk Management Process
Security Objectives and Controls
Summary
References
8 FedRAMP primer
Introduction to FedRAMP
FedRAMP Overview
FedRAMP Policy Memo
FedRAMP Governance and Stakeholders
Primary Stakeholders
DHS
JAB
FedRAMP PMO
Federal Agencies
FedRAMP Accelerated Process
FedRAMP Security Assessment Framework
FedRAMP Security Assessment Framework Phases
Document Phase
Major Milestone Outputs
Assess Phase
Major Milestone Outputs
Authorize Phase
Major Milestone Output
Leveraging the ATO
Monitor Phase
Operational Visibility
Change Control
Incident Response
Third Party Assessment Organization Program
Summary
References
9 The FedRAMP cloud computing security requirements
Security Control Selection Process
Selecting the Security Control Baseline
Tailoring and Supplementing Security Control Baseline
FedRAMP Cloud Computing Overlay
FedRAMP Cloud Computing Security Requirements
Policy and Procedures
Harmonizing FedRAMP Requirements
Assurance of External Service Providers Compliance
Approaches to Implementing FedRAMP Security Controls
FedRAMP Security Control Requirements
Federal Laws, Executive Orders, Policies, Directives, Regulations, Standards and Guidelines
Federal Laws and Executive Orders
Federal Policies, Directives, and Regulations
Federal Standards
Federal Guidelines and Interagency Reports
Summary
References
10 Security testing: vulnerability assessments and penetration testing
Introduction to Security Testing
Vulnerability Assessment
Penetration Testing
FedRAMP Vulnerability Scan and Penetration Testing Requirements
General
Web Application
Social Engineering
Summary
References
11 Security assessment and authorization: Governance, preparation, and execution
Introduction to the Security Assessment Process
Governance in the Security Assessment
Preparing for the security assessment
Security Assessment Customer Responsibilities
Selecting a Security Assessment Provider
Security Assessment Planning
Security Assessment Provider Responsibilities
Selection of Security Assessment Team Members
Developing the Security Assessment Plan
Identify In-Scope Security Controls
Select Assessment Procedures
Tailor Assessment Procedures
Selecting Assessment Methods and Objects
Selecting Depth and Coverage Attributes
Supplementing Assessment Procedures
Optimize Assessment Procedures
Finalize and Approve Assessment Plan
Executing the Security Assessment Plan
Summary
References
12 Strategies for continuous monitoring
Introduction to Continuous Monitoring
Organizational Governance
CM Strategy
CM Program
The Continuous Monitoring Process
Defining a CM Strategy
Implementing a CM Program
Review and Update CM Strategy and Program
Continuous Monitoring within FedRAMP
Summary
References
13 Continuous monitoring through security automation
Introduction
CM Reference Architectures
Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture
CAESARS Framework Extension Reference Architecture
Subsystems and components
Specifications: Workflows, subsystems, and interfaces
Specification layers
Workflows
Subsystems
Interfaces
Security Automation Standards and Specifications
Security Content Automation Protocol
Cybersecurity Information Exchange Framework
Operational Visibility and Continuous Monitoring
Summary
References
14 A case study for cloud service providers
Case Study Scenario: “Healthcare Exchange”
Applying the Risk Management Framework within FedRAMP
Categorize Information System
Select Security Controls
Defining the boundary
Tailoring and supplementing
Implement and Document Security Controls
Assessing Security Controls
Summary
References
Index
Back Cover
پست ها تصادفی