دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
دانلود کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری
مشخصات کتاب
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers
ویرایش: 2
نویسندگان: Matthew Metheny
سری:
ISBN (شابک) : 0128097108, 9780128097106
ناشر: Syngress
سال نشر: 2017
تعداد صفحات: 538
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 7 مگابایت
قیمت کتاب (تومان) : 76,000
در صورت تبدیل فایل کتاب Federal Cloud Computing: The Definitive Guide for Cloud Service Providers به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب رایانش ابری فدرال: راهنمای قطعی برای ارائه دهندگان خدمات ابری نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Front Cover Federal Cloud Computing Copyright Page Dedication Contents About the Author About the Technical Editor Foreword by William Corrington Foreword by Jim Reavis 1 Introduction to the federal cloud computing strategy Introduction A Historical View of Federal IT The Early Years and the Mainframe Era Shifting to Minicomputer Decentralization: The Microcomputer (“Personal Computer”) Transitioning to Mobility Evolution of Federal IT Policy Cloud Computing: Drivers in Federal IT Transformation Drivers for Adoption Cloud Benefits Improving efficiency Improving agility Improving innovation Decision Framework for Cloud Migration Selecting Services to Move to the Cloud Provisioning Cloud Services Effectively Managing Services Rather Than Assets Summary References 2 Cloud computing standards Introduction Standards Development Primer Cloud Computing Standardization Drivers Federal Laws and Policy Trade Agreements Act (TAA) National Technology Transfer and Advancement Act (NTTAA) Office of Management and Budget (OMB) Circular A-119 Adoption Barriers Identifying Standards for Federal Cloud Computing Adoption Standards Development Organizations (SDOs) and Other Community-Driven Organizations Standards Inventory Summary References 3 A case for open source Introduction Open Source Software and the Federal Government Open Source Software Adoption Challenges: Acquisition and Security Acquisition Challenges Security Challenges Open Source Software and Federal Cloud Computing Summary References 4 Security and privacy in public cloud computing Introduction Security and Privacy in the Context of the Public Cloud Federal Privacy Laws and Policies Privacy Act of 1974 Federal Information Security Modernization Act (FISMA) OMB Memorandum Policies Safeguarding Privacy Information Privacy Controls Data Breaches, Impacts, and Consequences Security and Privacy Issues Summary References 5 Applying the NIST risk management framework Introduction to FISMA Purpose Roles and Responsibilities Director of OMB Secretary of DHS NIST Federal Agencies Head of Agency or Equivalent Federal Agency Information Security Program Federal Agency Independent Evaluations and Reporting Risk Management Framework Overview The Role of Risk Management The NIST RMF and the System Development Life Cycle NIST RMF Process Information System Categorization Relationship between the NIST RMF and the Federal Enterprise Architecture Shared Responsibility and the Chain of Trust Overview of the Security Categorization Process Identify Information Types Select Provisional Impact Values for Each Information Type Adjust the Information Type’s Provisioning Impact Value and Security Category Determine the System Security Impact Level Security Controls Selection Tailoring the Initial Baseline Applying Scoping Considerations Selecting Compensating Security Controls Assigning Security Control Parameter Values Supplementing the Tailored Baseline Documenting the Tailoring and Supplementation Process Continuous Monitoring Strategy Allocating Security Controls Decomposition Security Controls Implementation Implementing and Documenting Security Controls Security Controls Assessment Assessment Preparation Security Assessment Plan Assessing Security Controls Reporting Assessment Results Information System Authorization Corrective Action Planning Developing a Risk Mitigation Strategy Documenting POA&Ms Security Authorization Approaches Security Authorization Process Security Controls Monitoring Determining Security Impact Ongoing Security Controls Assessments Key Updates and Status Reporting Ongoing Risk Determination and Acceptance Summary References 6 Risk management Introduction to Risk Management Federal Information Security Risk Management Practices Overview of Enterprise-Wide Risk Management Components of the NIST Risk Management Process Risk Framing Risk Assessment Risk Response Risk Monitoring Multitiered Risk Management Tier 1 Risk Management Activities Tier 2 Risk Management Activities Tier 3 Risk Management Activities NIST Risk Management Process Framing Risk Assessing Risk Responding to Risk Monitoring Risk Comparing the NIST and ISO/IEC Risk Management Processes Summary References 7 Comparison of federal and international security certification standards Introduction Overview of Certification and Accreditation Evolution of the Federal C&A Processes Civilian agencies Department of Defense (DoD) Intelligence Community (IC) Committee on National Security Systems (CNSS) Towards a Unified Approach to C&A NIST and ISO/IEC Information Security Standards Boundary and Scope Definition Security Policy Risk Management Strategy (Context) Risk Management Process Security Objectives and Controls Summary References 8 FedRAMP primer Introduction to FedRAMP FedRAMP Overview FedRAMP Policy Memo FedRAMP Governance and Stakeholders Primary Stakeholders DHS JAB FedRAMP PMO Federal Agencies FedRAMP Accelerated Process FedRAMP Security Assessment Framework FedRAMP Security Assessment Framework Phases Document Phase Major Milestone Outputs Assess Phase Major Milestone Outputs Authorize Phase Major Milestone Output Leveraging the ATO Monitor Phase Operational Visibility Change Control Incident Response Third Party Assessment Organization Program Summary References 9 The FedRAMP cloud computing security requirements Security Control Selection Process Selecting the Security Control Baseline Tailoring and Supplementing Security Control Baseline FedRAMP Cloud Computing Overlay FedRAMP Cloud Computing Security Requirements Policy and Procedures Harmonizing FedRAMP Requirements Assurance of External Service Providers Compliance Approaches to Implementing FedRAMP Security Controls FedRAMP Security Control Requirements Federal Laws, Executive Orders, Policies, Directives, Regulations, Standards and Guidelines Federal Laws and Executive Orders Federal Policies, Directives, and Regulations Federal Standards Federal Guidelines and Interagency Reports Summary References 10 Security testing: vulnerability assessments and penetration testing Introduction to Security Testing Vulnerability Assessment Penetration Testing FedRAMP Vulnerability Scan and Penetration Testing Requirements General Web Application Social Engineering Summary References 11 Security assessment and authorization: Governance, preparation, and execution Introduction to the Security Assessment Process Governance in the Security Assessment Preparing for the security assessment Security Assessment Customer Responsibilities Selecting a Security Assessment Provider Security Assessment Planning Security Assessment Provider Responsibilities Selection of Security Assessment Team Members Developing the Security Assessment Plan Identify In-Scope Security Controls Select Assessment Procedures Tailor Assessment Procedures Selecting Assessment Methods and Objects Selecting Depth and Coverage Attributes Supplementing Assessment Procedures Optimize Assessment Procedures Finalize and Approve Assessment Plan Executing the Security Assessment Plan Summary References 12 Strategies for continuous monitoring Introduction to Continuous Monitoring Organizational Governance CM Strategy CM Program The Continuous Monitoring Process Defining a CM Strategy Implementing a CM Program Review and Update CM Strategy and Program Continuous Monitoring within FedRAMP Summary References 13 Continuous monitoring through security automation Introduction CM Reference Architectures Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture CAESARS Framework Extension Reference Architecture Subsystems and components Specifications: Workflows, subsystems, and interfaces Specification layers Workflows Subsystems Interfaces Security Automation Standards and Specifications Security Content Automation Protocol Cybersecurity Information Exchange Framework Operational Visibility and Continuous Monitoring Summary References 14 A case study for cloud service providers Case Study Scenario: “Healthcare Exchange” Applying the Risk Management Framework within FedRAMP Categorize Information System Select Security Controls Defining the boundary Tailoring and supplementing Implement and Document Security Controls Assessing Security Controls Summary References Index Back Cover
نظرات کاربران
کتاب های تصادفی
