Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITS > M10: Cloud, AI and IoT security > Flashcards

M10: Cloud, AI and IoT security Flashcards

1
Q

What is Cloud Computing?

M10: Cloud, AI and IoT security

A

A model for enablish ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.

NIST definition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What motivates Cloud Computing?

M10: Cloud, AI and IoT security

A
  • Efficiency,
  • Scalability,
  • Agility,
  • Resilience
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key techniques in creating a cloud?

M10: Cloud, AI and IoT security

A

Abstraction and orchestration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Essential Charactertistics

M10: Cloud, AI and IoT security

A

Shared resources
* Broad Network Access,
* Rapid Elasticity,
* Measured Service,
* On-Demand Self-Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Service Models

A

Sometimes refered to as SPI tiers
* SaaS - Software as a Service
* PaaS - Platform as a Service
* IaaS - Infrastructure as a Service

Often providers dont fall neatly into any one categoy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Deployment Models

M10: Cloud, AI and IoT security

A
  • Public
  • Private
  • Hybrid
  • Community
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Simple Reference Architecture

M10: Cloud, AI and IoT security

A

SaaS build on PaaS build on IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IaaS

M10: Cloud, AI and IoT security

A

Physical facilities and Hardware. Pooled using abstraction and orchestration. APIs allows remote management of resources and delivery to consumers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PaaS

M10: Cloud, AI and IoT security

A

A difficult to define middle layer between Infrastructure and Software. It provides abstraction from the underlying infrastructure. Additionally, here software can be deployed without worrying about the complexities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SaaS

M10: Cloud, AI and IoT security

A

Software as a service. Full, multitenant applications are exposed here through API or web browsers. The Applications are build and maintained by the provider and consumers consume these.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Locical Model

M10: Cloud, AI and IoT security

A

Consists of 4 diffierent layered structures
* Infrastructure - Harware components
* Metastructure - Middleware
* Infostructure - Data
* Applistructure - Applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Key Difference between Cloud and Traditional Computing

M10: Cloud, AI and IoT security

A

Metastructure. In cloud the Metastructure layer also includes a management plane, which allows remote access and configuration of the infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Virtual and physical layers in cloud

M10: Cloud, AI and IoT security

A

In cloud computing each layer often has two separate layers. The infrastructure layer thus has both an actual infrastructure on which the cloud is running, and a virtual layer exposed to the consumers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Shared Responsibility Model

M10: Cloud, AI and IoT security

A

As Cloud computing is a shared resource, so does Security become a shared responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SaaS security responsibility

M10: Cloud, AI and IoT security

A

Provider (higher) - responsible for almost all security. Perimeter, Logging, Monitoring and Auditing.
Consumer (lower) - Authorzation and Entitlements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PaaS security responsibilities

M10: Cloud, AI and IoT security

A

Provider (equal) - responsible for the platform security.
Consumer (equal) - responsible for all they implement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

IaaS security responsibilites

M10: Cloud, AI and IoT security

A

Provider (lower) - is responsible for foundational security
Consumer (Higher) - is responsible for everything they build.

18
Q

Most important security consideration

M10: Cloud, AI and IoT security

A

Exactly who is responsible for what in any given cloud project.

19
Q

Shared responsibility correlates to two recommendations

M10: Cloud, AI and IoT security

A

Providers must clearly document their security controls and security features.
Consumers must build a responsibility matrix to document who is implementing which controls and how.

20
Q

High-level process for Managing cloud security

M10: Cloud, AI and IoT security

A
  • Identify necessary security and comliance requirements and existing controls
  • Select cloud provider, service and deployment model
  • Define Architecture
  • Asses security controls
  • Identify control gaps
  • Design and implement controls to fill gaps
  • Manage changes over time

Important to do this on a per provider basis

21
Q

What are the CSA recommendations

M10: Cloud, AI and IoT security

A
  • Understand differences between cloud and traditional. Impact of virtualization, abstration and automation on security
  • Become familiar with the NIST and CSA
  • Cloud providers should clearly document security controls and features.
  • Assess and documnet cloud project security, compliance, controls and responsibilities
  • Use a cloud security process model to select providers, design architectures, identify control gaps and implement security and compliance controls
22
Q

Cloud computing impacts 4 areas

M10: Cloud, AI and IoT security

A
  • Governance - how the org is run
  • Enterprise risk management - the overall risk management of the org
  • Information risk management - the overall management of risk to information
  • Information security - the tools and practices used to manage the information risks.
23
Q

Impact on governance and management

M10: Cloud, AI and IoT security

A

Impacts include
* Governance can never be outsourced
* Cloud provider is (yet) another third party
* Cloud provider is often rigid in their contractual offerings, by necessity.

Managed with
* Contracts
* Provider Assessments
* Compliance Reporting
* Audits

24
Q

Enterprise Risk Management

M10: Cloud, AI and IoT security

A

Overall risk management for the org, cannot be outsources.
Risk management is based on shared risk model.
Relies on good contracts and documentation. Can delve into technical details.

25
Q

What is Risk Tolerance?

M10: Cloud, AI and IoT security

A

The amount of risk that leadership and/or stakeholder are willing to accept.

26
Q

Impact of SaaS on security

M10: Cloud, AI and IoT security

A

Relies heavily on the contracts and on the providers ability to deliver.

27
Q

Impact of PaaS on security

M10: Cloud, AI and IoT security

A

Less reliance on provider, more on consumer. Providers usually have little room for negotiation in contracts.

28
Q

Impact of PaaS on security

M10: Cloud, AI and IoT security

A

Much the same security considerations as for a normal data center, with the added complexity of shared resources and the Mangament Plane

29
Q

Impact of Public Deployment

M10: Cloud, AI and IoT security

A

Shared resourced.
Consumer has greatly reduced ability to govern operations.

30
Q

Impact of Private Deployment

M10: Cloud, AI and IoT security

A

A private cloud can still be managed by a third party, and while you no longer have a shared resource, you still have a third party to negotiate with.

31
Q

Impact of Hybrid Deployment

M10: Cloud, AI and IoT security

A

Since hybrid cloud environments span two or more deployment models, both models must be considered.

32
Q

Impact of Community Deployment

M10: Cloud, AI and IoT security

A

It is not public, but does involve negotiating the community to reach concensus.

33
Q

Cloud Risk Management Trade-Offs

M10: Cloud, AI and IoT security

A
  • Less physical control over assets and their control and processes.
  • Greater reliance on contracts, audits and assessments
  • Increased requirement for proactive management of relationships and adherence.
  • Cloud customer has reduced need to manage risks that Provider accepts.
  • Outsources mangement or some risks, but none of the accountability.
34
Q

What are the LLM kategori

Large Language Model

M10: Cloud, AI and IoT security

A
  • Customer/Product LLM
  • Company LLM
  • Consumer LLM
35
Q

What is a primary consumer concern

M10: Cloud, AI and IoT security

A

Sharing of proprietary data with the cloud

36
Q

What are 3 common AI-Security issues

M10: Cloud, AI and IoT security

A
  • Attacks on AI
  • Theft AI
  • Errors
37
Q

What is a simple model of IaaS, PaaS, SaaS

M10: Cloud, AI and IoT security

A
  • IaaS - Ops without hardware
  • PaaS - Devs without ops
  • Saas - Business without devs
37
Q

Cloud security tips and tricks

M10: Cloud, AI and IoT security

A
  • Design for failure
  • Paranoid Architecture
  • Update and roll out new instances
  • Encryption at rest
38
Q

What are the legal implications of Cloud Computing?

M10: Cloud, AI and IoT security

A

It is your responsibility to pick a supplider who delivers the necessary level of safety, security and proceedures. It is your responsibility to kontrol that they honor this agreement.

  • Data must remain in EU or be compliant
  • Use of encryption
  • Limit suppliers access to data
  • Registered rights
39
Q

What defines IOT?

M10: Cloud, AI and IoT security

A
  • Millions of devices
  • Multiple communication protocols
  • Simple Cheap (sensorts, meters)
  • Fast Expensive (cars, homes)
  • Smart Cities, Industry 4.0, Smart Agriculture

ITS (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions