First Advisor

Bowles, Robert

Second Advisor

Plantz-Masters, Shari

Third Advisor

Likarish, Daniel M.


College for Professional Studies

Degree Name

MS Information Technology Management


School of Computer & Information Science

Document Type

Thesis - Open Access

Number of Pages

43 pages


The National Institute of Standards and Technology introduced a risk management framework that concludes with a process for continuous monitoring. Continuous monitoring is a way to gain near real-time insight into the security health of an information technology environment. The cloud environment is unique from other environments in the way that resources are virtualized and shared among many cloud tenants. This type of computing has been gaining popularity as a solution for organizations to purchase resources as an on-demand service in the same way that an organization purchases utilities today. In order to experience the benefits promised by the emergence of cloud computing the inherent security challenges in utilizing shared resources must be addressed. The proposed continuous monitoring program, based on recommendations from the National Institute of Standards and Technology Draft Special Publication 800-137 (Dempsey et al., 2010), is intended to address these security concerns. The program specifically addresses continuous monitoring activities for cloud providers to implement related to configuration management, patch and vulnerability management, antivirus/malicious software management, firewall management, and access management. This proposal does not address the shared responsibilities between the cloud tenant and cloud provider which is recommended as the next step in this research. The tenant and provider should have complementary controls and continuous monitoring programs to ensure the security of a cloud solution.

Date of Award

Fall 2011

Location (Creation)

Denver, Colorado

Rights Statement

All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes. The materials may not be downloaded in whole or in part without permission of the copyright holder or as otherwise authorized in the “fair use” standards of the U.S. copyright laws and regulations.