05 Flashcards
____________ refers to the cybersecurity policies, best practices, controls, and technologies used to secure applications, data, and infrastructure in cloud environments
Cloud Security
_____________ is the act of complying with regulatory standards of cloud usage in accordance with local, national, and international laws
Cloud Compliance
A ___________ conforms to one or more specific sets of security and privacy standards
Compliant Cloud Environment
__________ Under this model, cloud providers are responsible for managing some aspects of security. While the burden of securing most facets of resources that end users deploy in the cloud lies with end-users
Shared Responsibility Model
The _____________ requires “reasonable security” to protect sensitive data
General Data Protection Regulation (GDPR)
What are the general procedures for GDPR?
Define compliance rules
perform compliance audits
The ______________ is European legislation that was designed to unify and strengthen the data protection laws of member states across the European union
GDPR
What is the definitions for each GDPR regulation?
Data Residency
Data minimization
Storage limitations
right of access
right of erasure
Organizations may only process and store their personal data within the EEA and a limited number of other permitted countries unless they consent otherwise
Organizations should only collect and store personal data that is necessary pertaining to the organization requirements
Organizations must not retain this data for any longer then necessary
organizations must meet requests from individuals to access the personal data held about them
Organizations must meet requests from individuals to have there personal data erased
_______________ is one of the few examples of governmental regulation that specifically covers data processed and stored in the cloud
Federal Risk and Authorization Management program (FEDRAMP)
__________ is a streamlined version of _________ but specifically adapted to cloud environments
FEDRAMP FISMA
______________ is a library of requirements categorized according to the risk to data, created from FEDRAMP
NIST SP 800-53
______________ series is a family of international standards that provide best practice recommendations on how to protect information systems from a range of threats
ISO 27000
_________ The core standard within the series, providing a general set of controls for managing information security
ISO 27001
_________ An additional set of security controls for cloud computing implementations
ISO 27017
_________ A set of privacy controls for managing personal data in cloud-based environments
ISO 27018
_________________________ is a security-oriented standard that applies to any organization that accepts or processes card payments. It specifies 12 requirements that must be met to protect payment card transactions and cardholder details
Payment card industry data security standard (PCI DSS)
What are each of the challenges when it comes to cloud compliance?
Certifications and Attestations
Data Residency
Cloud Complexity
Different Approach to security
Making sure the cloud environment is up to date on certifications and that they are monitor data protection laws and change as they do
Working within multiple regions and keeping track of all their data laws can be hard so ensuring their on top of that is important
The cloud is very complex and has lots of moving parts so it can be hard to come up with a protection strategy
Traditional security methods wont work in the cloud so a new approach is required with more focus on configuration management and individual workload protection
What are some of the best practices to follow to help meet regulatory requirements?
Encryption
Privacy By default
Principle of least privilege
Zero Trust
Well-architected frameworks
encrypting data both at rest and in transit and ensuring good secure key management practices
privacy should form the basis for system design and process activities to make integrating compliance easier
Organizations should only grant users access to only the data and resources that are needed to carry out their specific duties
Organizations should use well-trusted/secure frameworks and follow their guiding principles
What are each of the Challanges when it comes to cloud computing?
Certifications and Attestations
Data Residency
Cloud Complexity
Different Approach to security
What are some of the best practices to follow to help meet regulatory requirements?
Encryption
Privacy By default
Principle of least privilege
Zero Trust
Well-architected frameworks
_________________ encompasses the technologies, policies, services, and security controls that protect any type of data in the cloud from loss, leakage, or misuse through breaches, exfiltration, and unauthorized access
Cloud Data Security
_______________ is a shared responsibility between the csp and its customers
Cloud Data Security
______ helps protect sensitive data by tagging it, it is another best practice and is part of an organization’s overall security strategy that helps sensitive information from being leaked or stolen.
Data Loss prevention tool DLP
________ refers to the state of data when it is stored, rather then moving from one place to another or loaded into memory for use by a software program
Data at rest
What are the best practices for protecting data at rest?
Data classification, data encryption, data federation, hierarchical password protection
___________ is data moving from one place to another, such as when it is transmitted over the internet
What are security measures for it?
Data in motion
authentication, access controls
_______ is a hybrid approach of symmetric and asymmetric encryption
PKI
__________ is meant to protect data as it moves to and from cloud-based applications, as well as when it is stored on the cloud network
Cloud Encryption
What are some of the challenges with cloud encryption?
Time and cost
Data loss
key management
A _____________ encrypts network traffic before it leaves the source computer and then decrypts the traffic on the destination computer
VPN
What are the most popular tunneling protocols?
Layer 2 tunneling protocol L2TP
Secure socket tunneling protocol SSTP
OpenVpn
Internet key exchange version 2 IKEv2
point-to-point tunneling protocol PPTP
Internet protocol security IPSEC
________ is the process of reducing risk to cloud systems by establishing and maintaining secure configurations and identifying and mitigating other vulnerabilities
Cloud Hardening
_________ an application or data that is allowlisted is not checked against DLP rules. It is explicitly permitted
Allow-listing
__________ data that is prevented from leaving the network environment, as identified by keywords or other criteria. It is explicitly denied
deny listing/ block list
____________ is a defense-in-depth cybersecurity approach that wraps layer upon layer of security around IT systems and data, significantly reducing the risk of data breaches
Cloud Network Segmentation
___________ is a cloud security process that applies identity-based protection to workloads without any architectural changes to the networks.
Cloud Workload segmentation
What are the three goals of IAM?
AAA
Authorization
Authentication
Accounting
____________ is a common goal for security administrators. This practice allows users to authenticate one time and then access all resources for which they are authorized, without having to re-authenticate
Single sign-on
When two or more factors are required, that is known as ____________
What are some of the factors of this?
Multifactor authentication
What you know
What you have
Who you are
________________ widely used, strong security
L2TP
________________ primarily used with Windows OS’s
SSTP
________________ open-source, very strong security, slower
OpenVpn
________________ open-source protocol, strong security, fast
IKEv2
_________________ Older, poor security, should be avoided
PPTP
_________________ Easily implemented, powerful, flexible
IPSec
