Way Forward

Making order out of the chaos, i.e., the plethora of partially conflicting and divergent information currently existing within this practice area, appears to be a journey not for the faint-of-heart, but with patient research, industry aggregation sites reward

the hearty researcher by providing a plethora of vitally connected information areas, allowing the practitioner to see the ‘forest in spite of the trees’ or rather the ‘stars in spite of the clouds’.

This researcher suggests converging the cloud computing assurance knowledge areas within a breakout similar to the often-times referenced industry IA Policy Chart, which logically aligns authorities, policies, regulations, standards, and guid-ance and color codes them per their relevant Office of Primary Responsibility (OPR) area [11]. Creating a like map for the broader cloud assurance practice area would go a long way towards achieving convergence, enabling end-to-end traceability, as well taming the heightened complexity surrounding cloud computing technologies, which continues to be daunting to new entrants and senior practitioners alike.

6.6 Review Questions

1. Name and explain the purpose of three ISO standards relating to services.

2. Name and explain the purpose of three Cloud Technology-related standards bodies.

3. Identify three cloud provider services.

4. Explain the FEDRAMP initiative conceptually.

References

1. Ab Rahman NH, Choo KKR (2015) A survey of information security incident handling in the cloud. Comput Secur 49:45–69

2. Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inform Sci 305:357–383

3. Aston B (2015) Expert answers: ISO 9001 internal audit. Qual Prog ASQ (8):8

4. Bertolino A, Blake MB, Mehra P, Mei H, Xie T (2015) Software engineering for inter-net computing: Interinter-netware and beyond [Guest editors’ introduction]. IEEE Software 32(1):35–37

5. Bodeau DJ, Graubart RD, Fabius-Greene J (2010) Cyber security governance, MTR100308, PR 10-3710. The MITRE Corporation, Bedford

6. Borgohain T, Kumar U, Sanyal S (2015) Survey of security and privacy issues of Internet of Things. arXiv preprint arXiv:1501.02211. Retrieved fromhttp://arxiv.org/ftp/arxiv/papers/

1501/1501.02211.pdf

7. Breslin P (2014) Security updates: the upcoming revision of ISO/IEC 27001. DNV Business Assurance. Retrieved 27 Jan 2015

8. Buckholtz B, Ragai I, Wang L (2015) Cloud manufacturing: current trends and future implementations. ASME J Manuf Sci Eng. doi:10(1.4030009)

9. Cloud Standards Org (2015) Cloud standards Wiki. Retrieved fromhttp://cloud-standards.org/

wiki/index.php?title=Main_Page

10. Council IA (2012) Federal risk and authorization management program (FedRAMP) 11. DoD Deputy CIO for Cybersecurity (2015) Cybersecurity-related issuances and policies.

Retrieved from:http://iac.dtic.mil/csiac/download/ia_policychart.pdf

12. Farrell R (2010) Securing the cloud – governance, risk, and compliance issues reign supreme.

Inf Secur J – A Global Perspect 19(6):310–319

13. Garitano I, Fayyad S, Noll J (2015) Multi-metrics approach for security, privacy and depend-ability in embedded systems. Wireless Pers Commun 81(4):1359–1376

14. Glas B, Gebauer C, Hänger J, Heyl A, Klarmann J, Kriso S, Vembar P, Wörz P (2015) Automotive safety and security integration challenges. In: Proceedings of the automotive safety

& security

15. Gope P, Hwang T (2015) Untraceable sensor movement in distributed IoT infrastruc-ture. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=7120086&url=

http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D7120086 16. Granjal J, Monteiro E, Silva JS (2015) Security in the integration of low-power Wireless Sensor

Networks with the Internet: a survey. Ad Hoc Netw 24:264–287

17. Hogan M (2014) Understanding automotive reliability and ISO 26262 for safety-critical systems. Retrieved from Mentor Graphics Website:http://s3.mentor.com/public_documents/

whitepaper/resources/mentorpaper_86209.pdf

18. ISO (2008) ISO/IEC 12207:2008. Systems and software engineering – software life cycle processes. Retrieved from ISO Website:http://www.iso.org/iso/catalogue_detail?csnumber=

43447

19. ISO (2011a) ISO/IEC 20000-1:2011. Information technology – service management – Part 1:

Service management system requirements. Retrieved from ISO Website:http://www.iso.org/

iso/catalogue_detail?csnumber=51986

20. ISO (2011b) ISO 26262-1:2011. Road vehicles – Functional safety – Part 1: Vocabulary.

Retrieved from ISO Website:http://www.iso.org/iso/catalogue_detail?csnumber=43464 21. Gupta U (2015) Survey on security issues in file management in cloud computing environment.

arXiv preprint arXiv:1505.00729

22. ISO (2013) ISO/IEC TR 20000-5:2013. Information technology – Service management – Part 5: Exemplar implementation plan for ISO/IEC 20000-1. Retrieved from ISO Website:http://

www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=60329 23. ISO 27000 Directory (2013) Retrieved fromhttp://www.27000.org/

24. IT Law Wiki. Cybersecurity governance. Retrieved from http://itlaw.wikia.com/wiki/

Cybersecurity_governance

25. Kissel R (2013) Glossary of key information security terms. NIST Interagency Reports NIST IR, 7298, 3. Retrieved from the NIST Website:http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.

IR.7298r2.pdf

26. Li S, Da Xu L, Zhao S (2014) The Internet of Things: a survey. Inf Syst Frontiers 17(2):243–259

27. Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, Leaf D (2012) NIST cloud computing reference architecture: recommendations of the National Institute of Standards and Technology (Special Publication 500–292)

28. Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comp Stand Inter 32(4):153–165

29. NICCS (2015) Cyber glossary. Retrieved fromhttp://niccs.us-cert.gov/glossary 30. NIST, SP. 800-30 (2012) Risk management guide for information technology systems 31. Palmes P (2015) ISO 9001:2015 transition starts with top management. New 2015

require-ments make leadership involvement critical first step in transition. Retrieved from ASQ Website: https://secure.asq.org/perl/msg.pl?prvurl=http://asq.org/2015/05/standards/iso-9001-2015-transition-starts-with-top-management.pdf

32. Reid D (2015) Open to change: how expected revisions to ISO 9001: 2015 may affect sector-specific standards. Qual Prog ASQ 7

33. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in Internet of Things: the road ahead. Comput Netw 76:146–164

34. Singh J, Pasquier T, Bacon J, Ko H, Eyers D (2015) 20 cloud security considerations for supporting the internet of things. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?

tp=&arnumber=7165580&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp

%3Farnumber%3D7165580

35. Software Assurance Marketplace (SWAMP) (2015) Retrieved from https://

continuousassurance.org/

Rhonda L. Farrell is an Associate at Booz Allen Hamilton. She began her career in computer operations with the US Marine Corps in 1982 at Quantico, VA, progressing on to private enterprise beginning in 1984 when she joined Amdahl Corporation. Since that time period, she has worked in Silicon Valley, CA, within the operations, engineering, quality, and security portions of Fortune 500 firms, such as Cisco Systems, Inc. and VISA, among others. She graduated in 2009 from Concord Law School with her JD focusing in Technology, and in 2010 relocated to the East Coast to continue her cybersecurity career in the DC Metro area. She has earned her CISSP, CSSLP, CSQE, CMQ/OE, and CMAP certifications. She recently successfully completed her Doctoral defense as a student at the University of Fairfax. In her “spare time”, she supports three professional non-profit organizations in multiple leadership capacities, including: American Society for Quality (ASQ), IEEE, and ISSA.

7