Professional Documents
Culture Documents
Nancy Griffing
NIST Defined
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets; but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III.
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
A hybrid cloud is composed of two or more private, community, or public clouds NIST 800-146
NIST 800-146
NIST 800-146
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
Limitations of Terms
Scheduled Outages. If a provider announces a scheduled service outage, the outage does not count. Force majeure events. Providers generally disclaim all responsibility for events outside their realistic control. SLA Changes. Providers generally reserve the right to change the terms of the SLA at any time, and to change pricing with limited advanced notice. Security. Providers generally assert that they are not responsible for security. Service API Changes. Providers generally reserve the right to change or delete service APIs at any time.
NIST 800-146
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
NIST 800-146
What to Host?
(Google Docs, Gmail, Drop Box, Sugar Sync, Hot Mail) (Fly Wire & Hosting Companies)
Hosted Applications Hosted Network Hosted Data Hosted Backup Hosted Documents
Sample Costs
Average Cost of Hosting All Applications on a per user per month basis
Flywire with (Microsoft Office, Timeslips, Time Matters, MS Exchange, Pro Docs) Per user for 10 users Cost of server, licenses and
Where is my data?
Where does the data reside?
Connecticut sounds good, but is it? US only? How can you confirm this? What if your hosting company is sold? Are you sharing a server with others? Is it a virtual or physical server?
PrimeCare Technologies out of Atlanta was hosting solution recommended by vendor. Downtime during peak business hours per month 3-17 hours.
Seth Rowland
11011 Richmond, Suite 600 | Houston, Texas 77042 | 713.789.3323 | www.3545consulting.com
Directions
Document Storage
Forces at Work
Backup systems in the Cloud Demand for ubiquitous access to firm work product from anywhere and any device Demand for collaboration Demand for faster and more efficient methods of document delivery Demand for secure document delivery
Folder Synchronization
DropBox Box.net Egnyte SugarSync
Can do it all, if your data is in the Cloud! Otherwise, you need to improvise
Translation
Install your software on a server and a desktop Throw away the computer Project the desktop safely, securely onto ANY device
Drawbacks
All your old stuff Everything works the same Managed service agreement