Information Security Governance Papers

Paper Title Representative CCE-Related Artifacts of the Implementing and Operating the Information Plan Phase Security Program (DO)
The Abstract of The Paper The three management processes of the information Because this paper focuses on information security security governance framework’s Plan phase will governance, we will not discuss in detail the functional produce several documents to inform and guide users processes that constitute the Do phase of the in the effective and appropriate use of cloud computing Plan, Do, Check, Act cycle. The implementation and services. Some specific examples are included in operation of information security controls contained each process description, but Exhibit 7 summarizes in each of the functional process areas will vary artifacts that are typical outputs of the governance Architect and Establish (Plan) Implement and Operate (Do) Monitor and Review (Check, Act) model and that will likely have specific references to Management Processes Functional Processes Management Processes operating in a CCE. In some cases, the cloud provider Strategy and Planning Asset Human Communications and Outreach Management Resources may be partially or completely responsible for these Security Physical and Comms and Environmental Operations artifacts, depending on the final agreements between Policy Portfolio Security Management Compliance and Performance Management Identity and Information Management the cloud consumer and the cloud provider. Access Management Systems Acquisition Incident Business Risk Management Continuity Awareness and Management Management Training Management Oversight Exhibit 7 | Plan Phase Artifacts Management Example Artifact Contract/SLA Implications Process • Security Strategic Plan • Goal Performance • Consolidated Security Requirements • Requirements Compliance • Organization Model Modifications • Relationship Management Strategy & • Roles & Responsibilities Charts • Consumer/Provider Planning • CCE Implementation Plans • None • Budget & Resource Requirements • None • CCE Contract & SLA • Terms & Conditions • CCE Security Policy • Terms & Conditions • CCE Acquisition Policy • Terms & Conditions • CCE Authorization Procedure • None Policy Portfolio • CCE Standards/Guidelines • None Management • CCE Monitoring/Compliance Tools • Terms & Conditions • CCE Configuration Guidelines • Technical Compliance • CCE-Specific Processes • Terms & Conditions • Risk Management Procedure • None • Risk Methodology Modifications • None • Service Model Risks • None Risk • Risk Assessment Reports • None Management • CCE Controls & Risk Treatments • Terms/Responsibilities • Systems/Assets Allowed in CCE • None Source: Booz Allen Hamilton 9
Web Link http://www.slideshare.net/BoozAllen/information-security-governance-government-considerations-for-the-cloud-computing-environment

Back To Information Security Governance Papers List

Database Sections