Tasking:
You are a cybersecurity professional who is “on loan” from your employer, a management consulting firm, to a small non-profit organization (SNPO-MC). You have been tasked with researching requirements for a Cloud Computing Security Policy and then developing a draft policy for the non-profit organization, SNPO-MC. The purpose of this policy is to provide guidance to managers, executives, and cloud computing service providers. This new policy will supersede (replace) the existing Enterprise IT Security Policy which focuses exclusively upon enterprise security requirements for organization owned equipment (including database servers, Web and email servers, file servers, remote access servers, desktop computers, workstations, and laptop computers) and licensed software applications. The enterprise IT security policy also addresses incident response and disaster recovery.
As part of your policy development task you must take into consideration the issues list which was developed during brainstorming sessions by executives and managers in each of the three operating locations for the non-profit organization.