Posted: December 2nd, 2014
Project 6 – Cloud Computing Security Policy;
Project description
READ Everything in the attached instructions and USE the suggested links in the resources listed in the instructions
Background:
A small non-profit organization (SNPO-MC) has received a grant which will pay 90% of its cloud computing costs for a five year period. But, before it can take
advantage of the monies provided by this grant, it must present an acceptable cloud computing security policy to the grant overseers.
Tasking:
You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non-profit organization (SNPO-MC). You have been
tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of
this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT
Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers,
file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also
addresses incident response and disaster recovery.
As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers
in each of the three operating locations for the non-profit organization.
Your deliverable for this project is a 5 to 8 page, single spaced, professionally formatted draft policy. See the following resources for suggested formats.
https://it.tufts.edu/cloud-pol
https://www.american.edu/policies/upload/IT-Security-Policy-2013.pdf
Organization Profile:
The organization is headquartered in Boston, MA and has two additional operating locations (offices) in New Orleans, LA and San Francisco, CA. Approximately 50
employees work in a formal office setting at one of these locations. These employees use organization owned IT equipment. The remaining 1,000 staff members are
volunteers who work from their home offices using personally owned equipment.
The organization provides a variety of management consulting services for its clients (charities and non-governmental organizations) on a fee for service basis. Fees
are set on a sliding scale based upon the client’s ability to pay. The organization receives additional funding to support its administrative costs, including IT and
IT security, through grants and donations from several Fortune 500 companies.
The non-profit organization is in the process of hiring its first Chief Information Officer. The organization has a small (3 persons) professional IT staff that
includes one information security specialist. These staff members are located in the Boston headquarters office.
Definitions:
Employees of the organization are referred to as employees.
Executives and other staff who are “on loan” from Fortune 500 companies are referred to as loaned staff members. Loaned staff members usually telework for the
organization one to two days per week for a period of one year.
Volunteers who perform work for the organization are referred to as volunteer staff members. Volunteer staff members usually telework from their homes one to two days
per week.
Cloud Computing includes but is not restricted to:
• Platform as a Service
• Infrastructure as a Service
• Software as a Service
• Resource as a Service (see Communications of the ACM, July 2014)
Issues List:
• Who speaks with authority for the firm?
• Who monitors and manages compliance with laws and regulations?
• Ownership of content
• Privacy and confidentiality
• Enforcement
• Penalties for violations of policy
• Use by sales and marketing
• Use by customer service / outreach
• Use by public relations and corporate communications (e.g. information for shareholders, customers, general public)
• Use for advertising and e-commerce
• Use by teleworkers
• Review requirements (when, by whom)
• Use of content and services monitoring tools
• Content generation and management (documents, email, cloud storage)
• Additional issues listed in http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf
Resources (suggested by the organization’s IT Staff for your consideration):
1. http://www.nsa.gov/ia/_files/support/Cloud_Computing_Guidance.pdf
2. http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf
3. http://www.ibm.com/developerworks/cloud/library/cl-cloudsecurepolicy/
4. http://www.sans.org/reading-room/whitepapers/analyst/cloud-security-compliance-primer-34910
5. http://aws.amazon.com/security/
6. https://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf
7. http://www.rackspace.com/security/management/
8. http://south.cattelecom.com/rtso/Technologies/CloudComputing/0071626948_chap01.pdf
9. https://www.itu.int/ITU-D/afr/events/FTRA/2011/documents/session6.pdf
10. http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
11. http://net.educause.edu/section_params/conf/CCW10/issues.pdf
12. http://cloudcow.com/
PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET AN AMAZING DISCOUNT 🙂
Place an order in 3 easy steps. Takes less than 5 mins.