That’s the question (ISC)2, a nonprofit education and certification organization, posed to more than 1,800 federal security professionals for its 2015 global workforce study. Nearly half of those surveyed — 47 percent — said government information security has not improved. A small but growing number of professionals —17 percent — said federal security is worseRead… Read more »
FedRAMP, the Federal Risk and Authorization Program, is a risk management program aimed at assessing the security of cloud computing products and services, building security consistency across federal cloud computing platforms, reducing duplicative efforts, and reducing cost inefficiencies. In establishing FedRAMP, the federal government intended to help support and increase the adoption of cloud computingRead… Read more »
Users, for a while, had mixed feelings toward cloud services. Cloud could be seen as a burden to adopt in government agencies and an overall security risk. However, the Federal Risk and Authorization Management Program (FedRAMP) helps address these problems. At first, the FedRAMP system received lukewarm reviews. However, in light of a recent revampRead… Read more »
2014 could be a big year in government management, procurement and implementation of the cloud. Why? Dan Chenok is the Executive Director for IBM’s Center for the Business of Government. He told Chris Dorobek on the DorobekINSIDER program that 2014 may the year for comprehensive IT reform? IT Reform “Whether 2014 is big year forRead… Read more »
The Defense Information Research Agency wants to award 10 positions on a potential $450 million cloud computing products and services contract even as only five companies have gone through the new governmentwide cloud certification process, Federal Times reports. Nicole Blake Johnson writes companies that hold the FedRAMP authority to operate are Amazon Web Services, AutonomicRead… Read more »
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focusRead… Read more »
Currently, there is a great deal of buzz surrounding the movement toward Cloud environments within government. From discussions of significant cost savings to hesitations surrounding security concerns, most government agencies have begun to weigh the pros and cons of migrating information and operations to the Cloud. David L. McClure, now Associate Administrator of the OfficeRead… Read more »
In a packed auditorium in 2006, I recall sitting in the “Red Auditorium” at NIST to participate in a workshop hosted by the Computer Security Division. The goal of the workshop was to discuss the implementation of Phase II of the FISMA Implementation Project. At the time, the Phase read like this: “The second phaseRead… Read more »
The CCSK is NOT meant to be a substitute for other certifications in information security, audit and governance. The CCSK augments other credentialing programs like the CISSP, CAP, CSSLP, etc. However, the CCSK does provide a valuable selector for organizations such as federal agencies, cloud service providers (CSPs), and even cloud customers seeking to evaluateRead… Read more »
In July 28, 2010, the Cloud Security Alliance (CSA), with support from many within the industry, launched “the industry’s first user certification program for secure cloud computing.” Since the initial set of early adopters, which include over 80 professionals across the world with different backgrounds and specialties, the CCSK has continued to show broad acceptanceRead… Read more »