We look forward to your comments to the original post at http://su.pr/2Be9pA
or directly to this post.
__________________________
Friends, here's a proposed ToC for Version 3. As always, this is an
attempt to organize our discussions of the last couple of months.
Introduction & Motivation
A general discussion of the importance of security
Security Controls
A short discussion of the requirements we've discussed here:
- Asset Management
- Service/User Identity, Access Control and Roles/Attributes
- Security Policy
- Cryptography, Key and Certificate Management
- Network Security
- Data/Storage Security
- Endpoint Security
- Security Event/Auditing/Reporting
- Workload/Service Management
- Security Service Automation
Security Patterns & Federation
Cloud Security Roles
I think patterns and roles are a great way to organize the
discussion as it relates to the security controls mentioned above.
Security Use Cases
- The use cases we've discussed. Some use cases were discussed in
broad terms (supply chain and healthcare), it would be great if we
could flesh those out here.
Cross-references
- These were useful ways of summarizing the information in earlier
versions. Security Controls vs. Service Models (*aaS), Security
Controls vs. Deployment Models and Security Controls vs. Security
Patterns could be useful tables.
Let me know what you think.
As for a schedule, I plan to have a first draft posted by next Friday
(the 15th), a second draft the following Friday (the 22nd), with a
final Version 3 ready by the end of the month.
Cheers,
Doug