Getting Started: What Security Officers Need to Know

The implementation of Open Source and Cloud Infrastructure Solutions requires an understanding of how security controls are implemented in a Cloud, and knowledge of controls that Cloud vendors should and should not be providing during the various phases of development and implementation. In this presentation, we will explore the various security domains of the NIST Risk Management Framework, and how Acquia and Ingalls Information Security provide assistance for Information Assurance professionals. Topics discussed include:

• Integrating Security Processes in the development/implementation cycle
• Requesting Control Enhancements
• What controls to expect the Cloud vendor and managed hosting vendors to provide
• Developing and Maintaining Controls as a customer; Testing and Evaluation of Cloud Controls