Information Security Governance Papers
|
Paper Title
|
Measure and report on compliance with legal, the cloud consumer); and clearly define accountability regulatory, and contractual requirements; internal for legal liability related to an information security policies; and technical guidelines and standards. breach in the cloud
|
|
The Abstract of The Paper
|
Measure and report on compliance with legal, the cloud consumer); and clearly define accountability regulatory, and contractual requirements; internal for legal liability related to an information security policies; and technical guidelines and standards. breach in the cloud. The purposes of the compliance and performance Measurement and monitoring reports should be management process remain unchanged in a CCE, but presented in periodic management reviews of the the execution of the process will require significant overall information security program to the information modification to effectively monitor and measure security governance body, along with recommendations compliance and performance in the cloud. Focusing for corrective and preventive actions. again on agency use of private clouds, community clouds, or hybrid combinations will lead to enhanced Managing and Improving the Information information security compliance and performance in a Security Program (ACT) public cloud environment. Participation by management representing all agency stakeholder organizations is essential to the effective Compliance includes legal, regulatory, and contractual management and oversight of any information security security compliance; compliance with internal policies, management system. The process and the governance guidelines, standards, and procedures; and technical bodies that execute it form the governance program compliance checking. All compliance and performance and represent the Act phase of the continuous checking is dependent on a comprehensive improvement model. measurement and management reporting system covering each area of compliance, as well as the Management Oversight Process information security program’s effectiveness in meeting An information security governance body conducts the goals, objectives, and requirements. Compliance and functions of the management oversight process. This performance measurement and reporting will require body consists of senior leadership and representatives detailed specification in the SLAs and contracts with from each functional area of the organization to— the cloud service provider covering each service model allowed in the agreements. • Ensure ongoing management involvement in program direction and priorities In the case of private or community cloud service providers, there will be a greater level of trust, • Establish enterprise information security understanding, and flexibility in the agreement governance negotiations because of the shared mission goals and • Ensure the information security program supports common legal and regulatory compliance requirements mission goals and objectives between the cloud provider and the cloud consumer. Based on the cloud service risk profiles; strategic • Reinforce the importance of information security planning of the cloud service; and CCE-specific throughout the organization policies, guidelines, standards, and procedures defined • Oversee risk management to balance mission in the Plan phase, federal agency cloud consumers goals and information security costs can determine their minimum information security requirements and controls for each level of cloud • Track and optimize information security resource service and drive the SLA and contract negotiations allocation to a satisfactory agreement. SLAs and contracts must • Authorize improvements to the information security minimize security risks; enable effective monitoring program on a continuing basis. and measuring of all legal, regulatory, and contractual security requirements (by either the service provider or 11
|
|
Web Link
|
http://www.slideshare.net/BoozAllen/information-security-governance-government-considerations-for-the-cloud-computing-environment
|
Back To Information Security Governance Papers List