Full Day: Friday, November 15th 2013, 8:30am - 5:00pm
The decision to embrace cloud computing technology is a risk-based decision, not a technology-based decision. Stakeholder must determine the appropriate manner for their security assessments and authorizations. Information Security Systems Engineers are required to develop and manage requirements, risk, architecture and every other aspect of deploying and managing the cloud.
Cloud computing can both increase and decrease the security of information systems, depending on the cloud sourcing model used. Cloud Providers impact both Security and Privacy ISSE ensure the right solution is chosen.
Cloud computing cuts across all domains of security to include Authentication and Authorization, Availability, Confidentiality, Identity management, Integrity, Security monitoring and Incident Response, Security policy management. Recent events in the news show us how difficult it is to manage Privacy in the cloud where ISSE's need to assure proper and consistent collection, processing, communication, use and disposition of personal information (PI) and personally identifiable information (PII) on the cloud.
Cloud Auditor conducts independent assessment of cloud services, information system operations, performance and security of the cloud implementation. They evaluate the services provided by a cloud provider in terms of security controls, privacy impact, performance, etc.
What service model is right and what are the possible security implications?
Software as a Service (SaaS) - applications running on a cloud infrastructure.
Platform as a Service (PaaS) - consumer deploy applications to the cloud.
Infrastructure as a Service (IaaS) - processing, storage, networks, and other fundamental computing resources.
Only when you understand the risk and security can you determine which Cloud Deployment Model to use. Whether you use a Private Cloud, Community Cloud, Public Cloud, or Hybrid Cloud you need key documents such as the FedRAMP guidance which covers everything from CONOPS TO POA&Ms.
In addition, you will learn how information assurance and risk management fits into Cloud Computing . We will cover the ISSE process as a component to Full Site Security in the cloud and the top 3 security project risks and mitigation strategies for cloud computing.
About the Instructor
|Frederick B. Beltzer is a Lockheed Martin (LM) Qualified Systems Engineer (QSE) working as an Information Security Systems Engineer (ISSE) Manager for LM MST. Fred is currently working on multiple programs supporting the DoD DON, USMC, USAF, SOCOM, and U.S. Army programs. Fred is responsible for developing the ISSE processes, procedures, tools, and technologies to support programs where he is responsible for the architecture, design, development, evaluation and integration of systems, subsystems, and networks to maintain overall security IAW the appropriate MAC level, Classification level, and level of Robustness.
Fred supervises and prepares the Certification and Accreditation documentation, using multiple standards/ tools such as DIACAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve accreditation of supported systems while supporting contractor site security IAW DSS NISPOM Ch8. Recently, he was the ISSE for AT&T on OneTESS and Senior Computer Systems Engineer/Information Assurance Analyst for the Army's ATIA AIS, where he completed the DITSCAP C&A. Also, he served as the Senior Information Assurance SE for DISA's Coalition Secure Management & Operations System (COSMOS).
Fred has written several papers, which include "A Systems Engineering Approach to Information Assurance - Volume 1" and "A Systems Engineering Approach to Information Assurance - Volume 2". Key to Fred's ISSE approach is his educational background which includes graduating with Honors from George Washington University, Masters Degree, Systems Engineering, (GPA 3.63) where he also received a Certificate, Systems Engineering from George Washington University (GWU) and is a LM Qualified Systems Engineer. Fred is CISSP certified and has a Certificate, from the National Security Agency (NSA) - NSTISSI 4011 - National Training Standard for Information Systems Security Professionals (ISSP), June 2006. Fred also received a Bachelors of Science, Computer Networking from Strayer University, and graduated Suma Cum Laude (GPA 3.92), graduating in 2000 with Student Honors from the Alpha Sigma Lambda National Honor Society.
When & Where
The mission of the Orlando chapter of the International Council on Systems Engineering (INCOSE) is to foster the definition, understanding, and practice of World Class Systems Engineering in industry, academia and government.
We host monthly meetings and tutorials that provide a wide range of technical topics important to engineers in the Orlando area from aerospace and defense to bio-medical.