Continuous Monitoring and Cloud Computing
PETER MELL, Senior Computer Scientist, Computer Security Division, NIST
ED FROLA, Systems Engineer, Centrify
Continuous monitoring is gaining significant attention as one of the most promising solutions to securing cloud computing. However, challenges arise because continuous monitoring solutions are often ad hoc and cloud computing itself is still misunderstood. Peter Mell, who wrote the official U.S. Government definition of cloud computing that is now undergoing international standardization, will address this challenge by describing the definition and its implications for security. He will then describe technical architectures for continuous monitoring and underlying standards and interfaces. Bringing these two topics together, Mr. Mell will then present a vision for standards-based continuous monitoring to enable effective monitoring of cloud computing security.
Learning Objectives:
• Understand the NIST cloud computing definition as it undergoes international standardization and its implications for security
• Learn about the emerging NIST, DHS, and NSA continuous monitoring reference model and related specifications
• Key Topics in this session include: continuous security monitoring and cloud computing
IT Outsourcing, Cloud Computing & Security: Making it all Work- Marian Cody, HUD
MARIAN CODY, Chief Information Security Office, HUD
IT Outsourcing, or Cloud Computing as we call it today, has been used in agencies for many years and has gained in popularly and necessity given new mandates and increased comfort levels with the technology. Despite this, if done incorrectly the negative ramifications of outsourced IT on an agency’s ability to protect its data and systems can be tremendous. During this session, we will hear from executives who have successfully implemented outsourcing strategies who will share their success and lessons learned with regard to cyber security implications.
Learning Objectives:
• Learn what questions should be asked when looking to outsource IT
• Discuss outsourcing pitfalls, lessons learned, and strategies for success when developing an outsourcing strategy
The Intersection of IT & Emerging Threats in Cyber Space and Cloud Computing
Chief Information Officers (CIOs) are rightfully challenged to deliver business value with the latest technology. Meanwhile Chief Information Security Officers (CISOs) are faced with a dynamic threat environment in which they must help leaders manage information security and business risk to say "how", not "no" when it comes to enabling improvements in efficiency and effectiveness through information technology. Gain insight into the new role of the CIO as a business leader and some of the innovative ways CISOs are leveraging technology themselves to manage risk.
|
Preparing for Cloud Computing from a Federal Perspective- Wolf Tombe, DHS, Bud Horton, Accenture
Wolf Tombe, Chief Technology Officer, Customs & Border Protection
Bud Horton, Executive Director, Accenture
As guidance and mandates surrounding the use of Cloud Computing and the creation of a Federal Cloud increase, a clearer picture is being painted with regard to security requirements specific to an agency’s cloud computing initiatives. This session will focus on giving attendees a deeper understanding of the most current and up-to-date security requirements mandates by OMB, NIST and other entities regarding cloud computing, as well as share general security best practices and lessons learned from existing federal cloud implementations.
Learning Objectives:
• Overview of current cloud computing security requirements
• Sharing of cloud security best practices and lessons learned
Bringing It All Together: SOA – Cloud – Semantic Integration
Eric Riutot, BTA, DoD
In 2007 and 2008, the vision for the Department’s Business Operating Environment (BOE) was articulated in the Business Mission Area Federation Strategy and Roadmap. This vision was for business operations to be service enabled through the use of SOA, standards, federated and understandable architectures and common vocabularies. Through policy, governance and partnership with the CIO, DISA and the Military Departments, this vision is taking shape. Next we must bring it all together by joining the vision for the BOE with the future promise of the Federal and DoD Cloud enabled by the strengths of semantic technology to support data integration.
- Peter Mell, Cloud Computing Project Lead, Senior Computer Scientist, NIST
- Dr. James Ransome, CISSP, CISM, Chief Security Officer for Cisco Collaborative Software Group (WebEx), Cisco Systems, Inc.
|
