دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
دانلود کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری
مشخصات کتاب
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
ویرایش: [2 ed.]
نویسندگان: Matthew Metheny
سری:
ISBN (شابک) : 0128097108, 9780128097106
ناشر: Syngress
سال نشر: 2017
تعداد صفحات: 536
[538]
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 7 Mb
قیمت کتاب (تومان) : 47,000
در صورت تبدیل فایل کتاب Federal Cloud Computing: The Definitive Guide for Cloud Service Providers به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری
رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری، ویرایش دوم، نگاهی عمیق به موضوعات پیرامون رایانش ابری فدرال در دولت فدرال، از جمله استراتژی رایانش ابری فدرال، استانداردهای رایانش ابری، امنیت و حریم خصوصی، و اتوماسیون امنیتی ارائه می دهد. شما اصول چارچوب مدیریت ریسک NIST (RMF) را با تمرکز ویژه بر محیط های محاسبات ابری، تمام جنبه های فرآیند مدیریت ریسک و مجوز فدرال (FedRAMP) و مراحل اجرای مقرون به صرفه ارزیابی و مجوز را خواهید آموخت. فرآیند A&A) و همچنین استراتژیهایی برای پیادهسازی نظارت مستمر، که ارائهدهنده خدمات ابری را قادر میسازد تا به نیاز FedRAMP به طور مداوم پاسخ دهد. این نسخه به روز شده آخرین تغییرات برنامه FedRAMP را شامل می شود، از جمله راهنمایی در مورد مسیرهای ارائه دهندگان خدمات ابری برای دستیابی به انطباق با FedRAMP، بحث گسترده ای از کنترل امنیتی جدید FedRAMP، که بر اساس NIST SP 800-53 Revision 4 است. و حفظ انطباق FedRAMP از طریق نظارت مستمر. علاوه بر این، فصل جدیدی در مورد الزامات FedRAMP برای اسکن آسیب پذیری و تست نفوذ اضافه شده است. درک مشترکی از الزامات فدرال را فراهم می کند که آنها در رایانش ابری اعمال می شوند. فرآیند ارزیابی و مجوز فدرال (A&A) که در سراسر سازمان صحبت می کند
توضیحاتی درمورد کتاب به خارجی
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing. Provides a common understanding of the federal requirements as they apply to cloud computing Offers a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) Features both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization
فهرست مطالب
Front Cover Federal Cloud Computing Copyright Page Dedication Contents About the Author About the Technical Editor Foreword by William Corrington Foreword by Jim Reavis 1 Introduction to the federal cloud computing strategy Introduction A Historical View of Federal IT The Early Years and the Mainframe Era Shifting to Minicomputer Decentralization: The Microcomputer (“Personal Computer”) Transitioning to Mobility Evolution of Federal IT Policy Cloud Computing: Drivers in Federal IT Transformation Drivers for Adoption Cloud Benefits Improving efficiency Improving agility Improving innovation Decision Framework for Cloud Migration Selecting Services to Move to the Cloud Provisioning Cloud Services Effectively Managing Services Rather Than Assets Summary References 2 Cloud computing standards Introduction Standards Development Primer Cloud Computing Standardization Drivers Federal Laws and Policy Trade Agreements Act (TAA) National Technology Transfer and Advancement Act (NTTAA) Office of Management and Budget (OMB) Circular A-119 Adoption Barriers Identifying Standards for Federal Cloud Computing Adoption Standards Development Organizations (SDOs) and Other Community-Driven Organizations Standards Inventory Summary References 3 A case for open source Introduction Open Source Software and the Federal Government Open Source Software Adoption Challenges: Acquisition and Security Acquisition Challenges Security Challenges Open Source Software and Federal Cloud Computing Summary References 4 Security and privacy in public cloud computing Introduction Security and Privacy in the Context of the Public Cloud Federal Privacy Laws and Policies Privacy Act of 1974 Federal Information Security Modernization Act (FISMA) OMB Memorandum Policies Safeguarding Privacy Information Privacy Controls Data Breaches, Impacts, and Consequences Security and Privacy Issues Summary References 5 Applying the NIST risk management framework Introduction to FISMA Purpose Roles and Responsibilities Director of OMB Secretary of DHS NIST Federal Agencies Head of Agency or Equivalent Federal Agency Information Security Program Federal Agency Independent Evaluations and Reporting Risk Management Framework Overview The Role of Risk Management The NIST RMF and the System Development Life Cycle NIST RMF Process Information System Categorization Relationship between the NIST RMF and the Federal Enterprise Architecture Shared Responsibility and the Chain of Trust Overview of the Security Categorization Process Identify Information Types Select Provisional Impact Values for Each Information Type Adjust the Information Type’s Provisioning Impact Value and Security Category Determine the System Security Impact Level Security Controls Selection Tailoring the Initial Baseline Applying Scoping Considerations Selecting Compensating Security Controls Assigning Security Control Parameter Values Supplementing the Tailored Baseline Documenting the Tailoring and Supplementation Process Continuous Monitoring Strategy Allocating Security Controls Decomposition Security Controls Implementation Implementing and Documenting Security Controls Security Controls Assessment Assessment Preparation Security Assessment Plan Assessing Security Controls Reporting Assessment Results Information System Authorization Corrective Action Planning Developing a Risk Mitigation Strategy Documenting POA&Ms Security Authorization Approaches Security Authorization Process Security Controls Monitoring Determining Security Impact Ongoing Security Controls Assessments Key Updates and Status Reporting Ongoing Risk Determination and Acceptance Summary References 6 Risk management Introduction to Risk Management Federal Information Security Risk Management Practices Overview of Enterprise-Wide Risk Management Components of the NIST Risk Management Process Risk Framing Risk Assessment Risk Response Risk Monitoring Multitiered Risk Management Tier 1 Risk Management Activities Tier 2 Risk Management Activities Tier 3 Risk Management Activities NIST Risk Management Process Framing Risk Assessing Risk Responding to Risk Monitoring Risk Comparing the NIST and ISO/IEC Risk Management Processes Summary References 7 Comparison of federal and international security certification standards Introduction Overview of Certification and Accreditation Evolution of the Federal C&A Processes Civilian agencies Department of Defense (DoD) Intelligence Community (IC) Committee on National Security Systems (CNSS) Towards a Unified Approach to C&A NIST and ISO/IEC Information Security Standards Boundary and Scope Definition Security Policy Risk Management Strategy (Context) Risk Management Process Security Objectives and Controls Summary References 8 FedRAMP primer Introduction to FedRAMP FedRAMP Overview FedRAMP Policy Memo FedRAMP Governance and Stakeholders Primary Stakeholders DHS JAB FedRAMP PMO Federal Agencies FedRAMP Accelerated Process FedRAMP Security Assessment Framework FedRAMP Security Assessment Framework Phases Document Phase Major Milestone Outputs Assess Phase Major Milestone Outputs Authorize Phase Major Milestone Output Leveraging the ATO Monitor Phase Operational Visibility Change Control Incident Response Third Party Assessment Organization Program Summary References 9 The FedRAMP cloud computing security requirements Security Control Selection Process Selecting the Security Control Baseline Tailoring and Supplementing Security Control Baseline FedRAMP Cloud Computing Overlay FedRAMP Cloud Computing Security Requirements Policy and Procedures Harmonizing FedRAMP Requirements Assurance of External Service Providers Compliance Approaches to Implementing FedRAMP Security Controls FedRAMP Security Control Requirements Federal Laws, Executive Orders, Policies, Directives, Regulations, Standards and Guidelines Federal Laws and Executive Orders Federal Policies, Directives, and Regulations Federal Standards Federal Guidelines and Interagency Reports Summary References 10 Security testing: vulnerability assessments and penetration testing Introduction to Security Testing Vulnerability Assessment Penetration Testing FedRAMP Vulnerability Scan and Penetration Testing Requirements General Web Application Social Engineering Summary References 11 Security assessment and authorization: Governance, preparation, and execution Introduction to the Security Assessment Process Governance in the Security Assessment Preparing for the security assessment Security Assessment Customer Responsibilities Selecting a Security Assessment Provider Security Assessment Planning Security Assessment Provider Responsibilities Selection of Security Assessment Team Members Developing the Security Assessment Plan Identify In-Scope Security Controls Select Assessment Procedures Tailor Assessment Procedures Selecting Assessment Methods and Objects Selecting Depth and Coverage Attributes Supplementing Assessment Procedures Optimize Assessment Procedures Finalize and Approve Assessment Plan Executing the Security Assessment Plan Summary References 12 Strategies for continuous monitoring Introduction to Continuous Monitoring Organizational Governance CM Strategy CM Program The Continuous Monitoring Process Defining a CM Strategy Implementing a CM Program Review and Update CM Strategy and Program Continuous Monitoring within FedRAMP Summary References 13 Continuous monitoring through security automation Introduction CM Reference Architectures Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture CAESARS Framework Extension Reference Architecture Subsystems and components Specifications: Workflows, subsystems, and interfaces Specification layers Workflows Subsystems Interfaces Security Automation Standards and Specifications Security Content Automation Protocol Cybersecurity Information Exchange Framework Operational Visibility and Continuous Monitoring Summary References 14 A case study for cloud service providers Case Study Scenario: “Healthcare Exchange” Applying the Risk Management Framework within FedRAMP Categorize Information System Select Security Controls Defining the boundary Tailoring and supplementing Implement and Document Security Controls Assessing Security Controls Summary References Index Back Cover
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Kaiser Konstantin V. (741-775): Materialen zu seinem Leben und Nachleben (Berliner byzantinistische Studien)
دانلود کتاب The Old English Lives of St. Margaret
دانلود کتاب Futures Citibank
دانلود کتاب Serebral Palsi Ile Yasamak
