Explore the weaknesses in the Federal Cloud Security Program through this insightful 54-minute conference talk from DerbyCon 4. Delve into the intricacies of FedRAMP, including its categories and purpose, while examining the 2013 IRS audit. Gain a comprehensive understanding of crucial aspects such as accountability, security measures, system boundaries, and the Critical 28 List. Investigate system interconnection, data collection practices, penetration testing methodologies, and internal threat assessment. Conclude with an examination of continuous monitoring strategies to enhance federal cloud security.
Overview
Syllabus
Intro
What is FedRAMP
Categories of FedRAMP
Why FedRAMP
The IRS
IRS 2013 Audit
Accountability
Security
System Boundary
Critical 28 List
System Interconnection
Data Collection
Penetration Test
Internal Threat
Continuous Monitoring
