FedRAMP will ensure that cloud-based services have adequate information security, eliminate duplication of effort and reduce risk management costs and enable rapid and cost-effective procurement of IT systems and services for federal agencies.
Cloud computing gives the jitters to those charged with protecting their organization's IT assets. To gauge the concerns of security professionals about cloud computing, we're fielding a global survey covering all industries. We want to know your views.
The controls create a baseline to properly address the unique elements of authorizing cloud products and services, including multi-tenancy, control of an infrastructure and shared resource pooling, Homeland Security CIO Richard Spires says.
Veterans Affairs may have been biased when it awarded last year a high-bid, $133 million IT security services contract to the incumbent provider, the consultancy Booz Allen Hamilton, a VA inspector general audit contends.
Federal CIO Steven VanRoekel issues a memorandum ordering agency and departmental CIOs to use the new Federal Risk and Authorization Management Program to assess, authorize, procure and continuously monitor cloud computing offerings.
Heavily regulated industries like banking and healthcare have been reluctant to make the virtualized leap to the cloud, fearing a loss of control could open them to unforeseen risk. Are their concerns unfounded?
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Organizations eager to take advantage of cloud computing need to take a step back and consider many critical privacy and security issues, says Feisal Nanji, executive director at the security consulting firm Techumen.
Some 200 people have reported fraudulent debit and credit transactions hitting their accounts after dining at Margarita's Mexican Restaurant in Texas. Investigators believe a third-party vendor may have been hacked.
The release of the list coincides with the issuance of the Common Weakness Scoring System that allows software makers to identify vulnerabilities in their programs and buyers to determine software they acquire is secure.