Information Security Management in a Government Cloud Environment

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort of service provider interaction.

Services provider interaction, Variety of deployment, Contractual security requirements, Information security governance, Information security risk, Cloud services Potential, Cloud services provider, Information security management, Public Cloud, Cloud “tenants”, Private Clouds, Owned cloud infrastructure, Community Clouds, Community “tenants”, Hybrid Clouds, Strategy and Planning, Security program direction, Policy Portfolio Management Process, Risk Management Process, Infrastructure as a service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), PLAN Phase, Strategy & Planning, Security Strategic Plan, Consolidated Security Requirements, Organization Model Modifications, Roles & Responsibilities Charts, CCE Implementation Plans, Budget & Resource Requirements, CCE Contract & SLA, Policy Portfolio Management, CCE Security Policy, CCE Acquisition Policy, CCE Authorization Procedure, CCE Standards/Guidelines, CCE Monitoring/Compliance Tools, CCE Configuration Guidelines• CCE Specific Processes, Risk Management Procedure