Cloud Coumputing Security Policy
Prepare a cloud security policy. The first CIO of the US mandated that cloud services be implemented in organizations whenever possible. Review the scenario below and prepare a cloud security policy for the organization. Complete the following section readings from "Challenging Security Requirements for US Government Cloud Computing Adoption," NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program.
Tasking:
You are a cybersecurity professional who is "on loan" from your employer, a management consulting firm, to a small non-profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery.
As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization..
Write Paper on "Challenging Security Requirements for US Government Cloud Computing Adoption," NIST Cloud Computing Public Security Working Group, NIST Cloud Computing Program.