Cloud Security Flashcards
Shared Responsibility Model
Fill out SLA to define joint responsibility
Risk Treatment
Avoidance
Reduction
Acceptance
Transfer/Share
AWS Artifact
Self service auditing to access AWS Compliance Documentation and agrements
Audit
Ensures company is meeting standard
Types of Security and compliance documents
PCI reports
AWS 180 certs
Manage BAA
SOC reports
Track STANS
Review and accept
Agreements
review, accept, and manage agreements for accounts
Reports
compliance reports from third party auditors
can be used as evidence o AWS security controls
Customer Compliance Center
Resources to help w/ AWS compliance
- records how organizations solved compliance, governance, and audit tasks
- gives access to whitepapers and documentation
Auditor Learning Path
learn how internal operations cal validate compliance using AWS Cloud
Cloud Security Alliance (CSA)
Consensus Assessment initiative Questionnaire
- promote best practices for security assurance w/i Cloud Computing
- educate how to use cloud computing to help secure other forms of computing
STAR Self Assessment
Level 1: Self Assessment
Level 2: CSA STAR Attestation and Certification
Level 3: Continuous Monitoring
AWS Compliance Solutions guide
repository of resources and processes necessary to meet AWS Compliance
- Industry Certifications
- Third Party Attestations
- Certificates and Reports
- control Practices
Cloud Adoption Framework (AWS CAF)
Organizes security guidance into 6 areas of focus (perspectives)
The Perspectives of Cloud Adoption Framework
- Planning
- Business People
- Governance
- Platform
- Security
- Operations
6 Most Common Migration Strategies
Refactor
Remove
Repurchase
Retain
Rehost
Replatform
