Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
10 Cards in this Set
- Front
- Back
|
What are the five essential characteristics of cloud computing as defined by NIST? |
Broad Network Access |
|
|
The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what? |
The value at risk |
|
|
In the majority of data protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data? |
The Data Controller |
|
|
What is the most important reason for knowing where the cloud service provider will host the data? |
So that it can address the specific restrictions that foreign data protection laws may impose. |
|
|
What are the six phases of the data security lifecycle? |
Create |
|
|
Why is the size of data sets a consideration in portability between cloud service providers? |
The sheer size of data may cause an interruption of service during a transition, or a longer transition period than anticipated. |
|
|
What are the four D's of perimeter security? |
Deter |
|
|
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers? |
In multi-tenant environments the operator or provider cannot normally accommodate visits by every customer to conduct an audit. |
|
|
What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents? |
SaaS providers that generate extensive customer-specific application logs and provide secure storage as well as analysis facilities will ease the IR burden on the customer. |
|
|
How should an SDLC be modified to address application security in a Cloud Computing environment? |
Organizations must adopt best practices for development, either by having a good blend of processes, tools, and technologies of their own or adopting one of the maturity models. |
