Information Security Systems Engineering (ISSE) Cloud Computing Tutorial
Full Day: Friday, November 15th 2013, 8:30am - 5:00pmThe decision to embrace cloud computing technology is a risk-based decision, not a technology-based decision. Stakeholder must determine the appropriate manner for their security assessments and authorizations. Information Security Systems Engineers are required to develop and manage requirements, risk, architecture and every other aspect of deploying and managing the cloud.
Cloud computing can both increase and decrease the security of information systems, depending on the cloud sourcing model used. Cloud Providers impact both Security and Privacy ISSE ensure the right solution is chosen.
Cloud computing cuts across all domains of security to include Authentication and Authorization, Availability, Confidentiality, Identity management, Integrity, Security monitoring and Incident Response, Security policy management. Recent events in the news show us how difficult it is to manage Privacy in the cloud where ISSE's need to assure proper and consistent collection, processing, communication, use and disposition of personal information (PI) and personally identifiable information (PII) on the cloud.
Cloud Auditor conducts independent assessment of cloud services, information system operations, performance and security of the cloud implementation. They evaluate the services provided by a cloud provider in terms of security controls, privacy impact, performance, etc.
What service model is right and what are the possible security implications?
Software as a Service (SaaS) - applications running on a cloud infrastructure.
Platform as a Service (PaaS) - consumer deploy applications to the cloud.
Infrastructure as a Service (IaaS) - processing, storage, networks, and other fundamental computing resources.
Only when you understand the risk and security can you determine which Cloud Deployment Model to use. Whether you use a Private Cloud, Community Cloud, Public Cloud, or Hybrid Cloud you need key documents such as the FedRAMP guidance which covers everything from CONOPS TO POA&Ms.
In addition, you will learn how information assurance and risk management fits into Cloud Computing . We will cover the ISSE process as a component to Full Site Security in the cloud and the top 3 security project risks and mitigation strategies for cloud computing.
About the Instructor
This is a RSVP for the tutorial to determine interest. Payment instructions will be sent to you via email. 0.00 Tutorial RSVP 0.00