Ask Question, Ask an Expert

+1-415-315-9853

info@mywordsolution.com

Ask Computer Engineering Expert

This is a research proposal paper

Paper Title: Cloud computing challenges in the federal government:

Task: prepare a research proposal paper that discusses the Information Assurance issues associated with the use of CLOUD COMPUTING in the federal government. (The paper/proposal is intended to inform policy-makers at the highest level about the challenges of employing cloud computing.)

Paper should be APA Style 12 Times Romans and should include an

Executive Summary and address all the part below in the table of contents.

1) Assets of Value

This section should specify Assets of Value (sensitive information that is stored, processed, and communicated/transmitted via our information systems and networks AND the components of the infrastructure that would be subjected to the IA analysis). This section should:

• Specify Assets of Value.

• Employ terminology from NSIT terms like Controlled Unclassified Information (CUI) / Sensitive But Unclassified (SBU) and the different types that are included.

• Employ definitions of such terms from credible sources to include US law.

• Discuss other components of the infrastructure which are critical to mission / proposal such that, if vulnerabilities exist, and if they are exploited, would have a detrimental impact on success.

2) Facets / Goals / Services of Information Assurance

• Confidentiality

• Integrity

• Availability

• Authentication

• Non-Repudiation

This section should subject Assets of Value to critical analysis from the perspective of each of these concepts.  Alternatively, since the Cloud will contain sensitive, government information, Confidentiality should be considered. Discussion of these facets of IA should be discussed in real terms, with real information types based on policy.

3) Threats

• Address potential credible Threats poised to exploit Vulnerabilities you plan to discuss. For ex, identity thieves can be a Threat poised to exploit Vulnerability of poor training, and thereby cause a failure of Confidentiality. Notice the chain of logic between the Assets of Value, the Vulnerability, and the Threat, linked to (in this ex) Confidentiality. You should address a variety of credible threat actors (e.g., natural/environmental and human)

• Discuss threat motivation (intent) and capability (knowledge, skills, ability, and access).

4) Vulnerabilities

• People

• Process

• Technology

• Address Vulnerabilities (or “Weaknesses”) in the system. These will include People, Process, and Technology (PPT) vulnerabilities. For ex, weak encryption will be an ex of a Technology Vulnerability, whereas poor training of authorized users will be an ex of a People Vulnerability.

• Vulnerabilities discussed MUST have substantive evidence / reference citation and critical analysis to support any claims.

• Vulnerabilities discussed MUST apply specifically to your technology of choice. For ex, while items such as poor training are fine, you would want to seek out those vulnerabilities which are especially important / specific to your technology.

Required

(a) Identify and list at least two (2) specific People, Process, AND Technology vulnerabilities.

A minimum of six (6) vulnerabilities are required.

(b) Within each subsection, include citation per APA to the specific references which support this selection. Make sure that specific page numbers are included.

Identified vulnerabilities must be supported by at least two (2) references.

5) IMPACT

• Address Impact (or “Consequence”) that will result if the stated Threat were to exploit the stated Vulnerability. For ex, there can be serious health consequences, might be death, to a victim if a hacker changed a person’s medical information on the RFID. Similarly, sensitive military information might be disclosed if someone hacked into the Cloud.

• Be certain to discuss impact in terms of mission and resources (human and non-human). See various publications (e.g., NIST FIPS 199) that could assist you in providing criteria (e.g., degradation in mission capability, damage to organizational assets, financial loss, and harm to individuals) for impact / risk ratings.

6) INITIAL RISK

• Discuss the Initial Risk. Impact, when combined with the credibility of Threat and degree of Vulnerability, yields a Risk level (High, Medium, or Low). You must state the Risk for each area (CIAAN) and provide an overall initial risk rating.

• Be certain to discuss the initial risk in terms of expected loss to mission and resources (human and non-human). Please see various publications (e.g., NIST FIPS 199) that can assist you in providing criteria for risk ratings.

RECOMMENDATIONS FOR CONTROLS (COUNTERMEASURES / SAFEGUARDS)

• Protect

• Detect

• Correct

• Analyze your Recommendations for Security Controls (Countermeasures/Safeguards). Understanding Risk enables us to make intelligent, and defensible, Recommendations for Security. Therefore, this Risk Analysis becomes the driver, and support, for your Recommendations of Security Controls (Safeguards and Countermeasures) designed to Protect, Detect, and Correct. Be certain to discuss your controls using the PDC or PPT frameworks.

• Controls discussed MUST apply specifically to your technology of choice. For ex, while items such as training or various NIST SP800-53 controls are fine, you will want to seek out those controls that are especially important / specific to your technology.

• Controls must consider the status of past and current efforts underway within the organization discussed (e.g., U.S. Government, international community, etc.). The intent is to identify what controls need to be implemented in the current and future environments considering what has been or is planned or completed.

Required

(a) Identify and list at least two (2) specific People, Process, AND Technology (or Protective, Detective, and Corrective) controls that relate to the aforementioned vulnerabilities.

A minimum of six (6) controls are required.

(b) Within each subsection, include citation per APA to the specific references in the Reference List that support this selection. Ensure that specific page numbers are included.

Identified controls must be supported by at least two (2) references.

REFERENCES

1. Ryan, D. and Ryan, J. (1995). Risk Management and Information Security. Presented at the 11th Computer Security Applications Conference. New Orleans, Louisiana. (Attached in this post).

2. Zack Phillips. (GovExec.com). (2007, August 1). Security Theater.Retrieved from http://www.govexec.com/story_page.cfm?filepath=/features/0807-01/0807-01s3.htm.

CLOUD COMPUTING

REQUIRED

1) Implementation Plan to Reform Federal Information Technology Management. Retrieved at http://www.dhs.gov/sites/default/files/publications/digital-strategy/25-point-implementation-plan-to-reform-federal-it.pdf (586.035 Kb) (Shifted the USG to a "Cloud First" Policy)

2) Federal Cloud Computing Strategy.Retrieved at https://cio.gov/building-a-21st-century-government/cloud/.

3) NIST Cloud Relevant Special Publications

SP 800-125, Guide to Security for Full Virtualization Technologies

SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing.

SP 800-145, NIST Definition of Cloud Computing.

4) DOD Policy

DOD.(2012). Cloud Computing Strategy. Retrieved at http://www.defense.gov/news/DoDCloudComputingStrategy.pdf

Computer Engineering, Engineering

  • Category:- Computer Engineering
  • Reference No.:- M92908
  • Price:- $70

Priced at Now at $70, Verified Solution

Have any Question? 


Related Questions in Computer Engineering

Two perpendicular forces act on a ring at the end of a

Two perpendicular forces act on a ring at the end of a chain that passes over a pulley and holds a crate. What is the weight of the crate if the horizontal force pulls at 92 pounds and the vertical force pulls at 44 lb? ...

1 both acls and c-list entries use owners users rather than

1: Both ACLs and C-List entries use "owners" (users) rather than individual processes. Why? 2: Alice can read and write to the file x, can read the file y, and can execute the file z. Bob can read x, can read and write t ...

A goal of fragmentation in a distributed database is to

A goal of fragmentation in a distributed database is to improve performance by moving copies of the data closer to the users. (Example: In a banking situation, having my banking information close to me in my home state o ...

1 if the drain and gate supply voltages are dropped to 06v

1. If the drain and gate supply voltages are dropped to 0.6V and the oxide reduced to 40A as indicated by a recent (1989-1990)IBM 0.1-micron Si nMOST at 77K, compute the device parameters required in Table 662.1. Discuss ...

In this assignment you will model the game of bulgarian

In this assignment, you will model the game of Bulgarian Solitaire. The game starts with 45 cards. (They need not be playing cards. Unmarked index cards work just as well.) Randomly divide them into some number of piles ...

1 prove that the des cipher satisfies the complementation

1. Prove that the DES cipher satisfies the complementation property 2. Let k be the encipherment key for a Caesar cipher. The decipherment key differs; it is 26 - k. One of the characteristics of a public key system is t ...

Network design proposal part cmit 265 fundamentals of

Network Design Proposal Part CMIT 265 Fundamentals of Networking In this section, address each of the following. Identify network services needed. List additional servers or network devices needed to implement the networ ...

Louis reasoner has just read an advertisement for a raid

Louis Reasoner has just read an advertisement for a RAID controller that provides a choice of two configurations. According to the advertisement, the first configuration is exactly the RAID 4 system described in Section ...

A program is to perform two products one is a vector

A program is to perform two products: one is a vector product of two 100-element vectors and the other is the product produced by multiplying the corresponding elements of a 1000 by 1000 element matrix by a scalar consta ...

Repeat prob 91-8 using the complex signalprob 91-8consider

Repeat Prob. 9.1-8 using the complex signal Prob. 9.1-8 Consider a complex signal composed of a dc term and two complex exponentials Plot each N-point DFT as a function of frequency fk = k/N. (a) Compute and plot the DFT ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Section onea in an atwood machine suppose two objects of

SECTION ONE (a) In an Atwood Machine, suppose two objects of unequal mass are hung vertically over a frictionless

Part 1you work in hr for a company that operates a factory

Part 1: You work in HR for a company that operates a factory manufacturing fiberglass. There are several hundred empl

Details on advanced accounting paperthis paper is intended

DETAILS ON ADVANCED ACCOUNTING PAPER This paper is intended for students to apply the theoretical knowledge around ac

Create a provider database and related reports and queries

Create a provider database and related reports and queries to capture contact information for potential PC component pro

Describe what you learned about the impact of economic

Describe what you learned about the impact of economic, social, and demographic trends affecting the US labor environmen