programming4us
           
 
 
Programming

Cloud Security and Privacy : Internal Policy Compliance

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/7/2010 11:00:07 AM
CSPs, like other enterprises, need to establish processes, policies, and procedures for managing their IT systems that are appropriate for the nature of the service offering, can be operationalized in the culture of the organization, and satisfy relevant external requirements.

In designing their service offerings and supporting processes, CSPs need to:

  • Address the requirements of their current and planned customer base

  • Establish a strong control foundation that will substantially meet customer requirements, thereby minimizing the need for infrastructure customization that could reduce efficiencies and diminish the value proposition of the CSP’s services

  • Set a standard that is high enough to address those requirements

  • Define standardized processes to drive efficiencies

Figure 1 shows a life cycle approach for determining, implementing, operating, and monitoring controls over a CSP.

Figure 1. CSP life cycle approach


Here is an explanation of each stage of the life cycle:


Define strategy

As a CSP undertakes to build out or take a fresh look at its service offerings, the CSP should clearly define its business strategy and related risk management philosophy. What market segments or industries does the CSP intend to serve?

This strategic decision will drive the decision of how high the CSP needs to “set the bar” for its controls. This is an important decision, as setting it too low will make it difficult to meet the needs of new customers and setting it too high will make it difficult for customers to implement and difficult for the CSP to maintain in a cost-effective manner. A clear strategy will enable the CSP to meet the baseline requirements of its customers in the short term and provide the flexibility to incorporate necessary changes while resisting unnecessary or potentially unprofitable customization.


Define requirements

Having defined its strategy and target client base, the CSP must define the requirements for providing services to that client base. What specific regulatory or industry requirements are applicable? Are there different levels of requirements for different sets of clients?

The CSP will need to determine the minimum set of requirements to serve its client base and the incremental industry-specific requirements. For example, the CSP will need to determine whether it supports all of those requirements as part of a base product offering or whether it offers incremental product offerings with additional capabilities at a premium, now or in a future release.


Define architecture

Driven by its strategy and requirements, the CSP must now determine how to architect and structure its services to address customer requirements and support planned growth. As part of the design, for example, the CSP will need to determine which controls are implemented as part of the service by default and which controls (e.g., configuration settings, selected platforms, or workflows) are defined and managed by the customer.


Define policies

The CSP needs to translate its requirements into policies. In defining such policies, the CSP should draw upon applicable industry standards as discussed in the sections that follow. The CSP will also need to take a critical look at its staffing model and ensure alignment with policy requirements.


Define processes and procedures

The CSP then needs to translate its policy requirements into defined, repeatable processes and procedures—again using applicable industry standards and leading practices guidance. Controls should be automated to the greatest extent possible for scalability and to facilitate monitoring.


Ongoing operations

Having defined its processes and procedures, the CSP needs to implement and execute its defined processes, again ensuring that its staffing model supports the business requirements.


Ongoing monitoring

The CSP should monitor the effectiveness of its key control activities on an ongoing basis with instances of non-compliance reported and acted upon. Compliance with the relevant internal and external requirements should be realized as a result of a robust monitoring program.


Continuous improvement

As issues and improvement opportunities are identified, the CSP should ensure that there is a feedback loop to guarantee that processes and controls are continuously improved as the organization matures and customer requirements evolve.
Other -----------------
- jQuery 1.3 : Improving a basic form (part 8) - Checkbox manipulation
- jQuery 1.3 : Improving a basic form (part 7)
- jQuery 1.3 : Improving a basic form (part 6)
- jQuery 1.3 : Improving a basic form (part 5) - Conditionally displayed fields
- jQuery 1.3 : Improving a basic form (part 4)
- jQuery 1.3 : Improving a basic form (part 3) - Required field messages
- jQuery 1.3 : Improving a basic form (part 1) - The legend
- jQuery 1.3 : Improving a basic form (part 1) - Progressively enhanced form styling
- Changes to Privacy Risk Management and Compliance in Relation to Cloud Computing
- Cloud Security and Privacy : What Are the Key Privacy Concerns in the Cloud?
- Cloud Security and Privacy : What Is the Data Life Cycle?
- Making Your Site Accessible to Search Engines
- Security Management in the Cloud - Security Vulnerability, Patch, and Configuration Management (part 2)
- Security Management in the Cloud - Security Vulnerability, Patch, and Configuration Management (part 1)
- Security Management in the Cloud - Access Control
- Security Management in the Cloud - IaaS Availability Management
- Security Management in the Cloud - PaaS Availability Management
- Security Management in the Cloud - SaaS Availability Management
- Security Management in the Cloud - Availability Management
- Security Management in the Cloud
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us