Describe security and compliance concepts Flashcards
What is the Shared Responsibility Model in cloud computing?
The Shared Responsibility Model defines which security tasks are managed by the cloud service provider and which are handled by the customer, varying with different types of cloud services like SaaS, PaaS, and IaaS.
In an on-premises datacenter, who is responsible for security?
In an on-premises datacenter, the organization is responsible for 100% of the security, including physical security, software, devices, accounts, and data security.
What does Infrastructure as a Service (IaaS) entail in terms of security responsibilities?
With IaaS, the customer manages the operating systems, network controls, applications, and data protection, while the cloud provider handles the physical infrastructure like hardware, network, and datacenter security.
How does the responsibility change with Platform as a Service (PaaS)?
In PaaS, the cloud provider manages the underlying infrastructure, including hardware and operating systems. The customer is responsible for the applications they deploy and their data.
Describe the customer’s role in Software as a Service (SaaS) under the Shared Responsibility Model.
In SaaS, the customer’s responsibilities are limited to data, devices, accounts, and identities.
List the responsibilities always retained by the customer in any cloud deployment type.
- Information and Data
- Devices (like mobile and PCs)
- Accounts and Identities
What are the benefits of understanding the Shared Responsibility Model?
It clarifies responsibilities, helping organizations to focus on security aspects they are responsible for, ensuring no gaps in security coverage, and optimizing resource allocation.
What is Defense in Depth in cybersecurity?
Defense in Depth is a security strategy that uses multiple layers of security controls to protect valuable data and systems. If one layer fails, subsequent layers provide additional security barriers to stop attackers.
Name the seven layers of security in a Defense in Depth strategy.
7) Physical Security
6) Identity and Access Controls
5) Perimeter Security
4) Network Security
3) Compute Layer Security
2) Application Layer Security
1) Data Layer Security
Explain how Physical Security fits into Defense in Depth.
Physical security involves measures like access controls to datacenters, ensuring only authorized personnel can enter areas where critical systems or data are stored.
What does Identity and Access Security entail?
It includes mechanisms like multifactor authentication and condition-based access to ensure only authorized users can access infrastructure or make changes.
How does Perimeter Security protect against attacks?
Perimeter security, like DDoS protection, filters out large-scale attacks before they can affect the availability of network services.
Describe Network Security in Defense in Depth.
Network security includes segmentation and access controls to limit and control communication between resources, reducing the risk of lateral movement by attackers.
What is the role of Compute Layer Security?
This layer secures virtual machines by implementing security measures like closing unnecessary ports, ensuring only necessary services are exposed.
Why is Application Layer Security important?
It ensures that software applications are free from vulnerabilities, with practices like secure coding, regular updates, and secure configuration.
Explain Data Layer Security.
Data layer security involves managing access to data and encrypting data at rest or in transit to protect it from unauthorized access or tampering.
What does CIA stand for in cybersecurity?
CIA stands for Confidentiality, Integrity, and Availability, which are core goals for protecting information:
- Confidentiality ensures data is only accessible to authorized users.
- Integrity ensures data is accurate and unaltered.
- Availability ensures data is accessible when needed.
What is the Zero Trust model?
Zero Trust is a security concept based on the principle “trust no one, verify everything,” assuming all networks are potentially hostile, even internal ones.
Why is Zero Trust necessary?
Traditional security models based on perimeter defense are insufficient against modern cyber threats that can bypass conventional access controls. Zero Trust strengthens security by not relying on network location for trust.
List the three guiding principles of Zero Trust.
Verify explicitly - Always authenticate and authorize using multiple data points.
Least privilege access - Grant only necessary access for the shortest duration possible.
Assume breach - Operate under the assumption that a breach has already occurred or will occur.
How does Zero Trust implement “Verify Explicitly”?
By authenticating and authorizing based on user identity, location, device health, service/workload, data classification, and behavioral anomalies.
Explain “Least Privilege Access” in Zero Trust.
This involves limiting access to resources through just-in-time and just-enough access, adaptive policies based on risk, and data protection measures.
What does “Assume Breach” mean in the context of Zero Trust?
This principle involves segmenting access, encrypting data, and using analytics for visibility and threat detection, assuming that some level of compromise might already exist.
What are the six foundational pillars of the Zero Trust model?
Identities - Verification and least privilege for users, services, or devices.
Devices - Monitoring for health and compliance.
Applications - Managing permissions and discovering all used applications.
Data - Classification, labeling, and encryption.
Infrastructure - Ensuring secure configurations and real-time monitoring.
Networks - Segmenting networks and employing real-time threat protection.
