Related Essays

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/236

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

236 Cards in this Set

  • Front
  • Back

Storage made available as a service via a network?

Cloud Storage

Software tools are at the core of all cloud services, products, and solutions, what are the three pillars of functionality?

- Compute Servers


- Networking


- Storage

IAAS uses what types of storage?

- Volume


- Object

PAAS uses what types of storage?

- Databases


- "Big Data"

SAAS uses what types of storage?

- Information Storage and Management


- Content/File Storage


- SAAS Application

This type of storage is relevant for IAAS instances and exists only as long as its instance is up. It is typically used for swap files and other temporary storage.

Ephemeral storage

Content stored in object storage, then distributed to multiple geographically distributed nodes to improve Internet connection speed.

Content Delivery Network (CDN)

A control put in place by an organization to ensure certain types of data (structured and unstructured) remain under organizational controls, in line with policies, standards, and procedures.

Data Loss Prevention (DLP)

What are the three components of DLP?

- Discovery and classification


- Monitoring


- Enforcement

DLP architecture is either?

- Network based


- Storage based


- Client based

DLP tool implementation typically conforms to what topologies?

- Data in Motion (DIM)


- Data at Rest (DAR)


- Data in Use (DIU)

Data in Motion (DIM) technologies for encrypting data are?

- IPSec


- VPN


- TLS/SSL


- "Wire Level"

What components are associated with most encryption deployments?

- The data


- Encryption engine


- Encryption keys

What are three types of Database encryption?

- File Level


- Transparent


- Application Level

What are the common challenges associated with key management?

- Access to keys


- Key storage


- Backup and replication

Key management in the cloud is typically implemented using what approaches?

- Internally managed


- Externally managed


- Managed by a third party

What are the primary methods of masking data?

- Static


- Dynamic

The process of hiding, replacing, or omitting sensitive information from a specific data set.

- Data masking


- Data obfuscation

The process of removing indirect identifiers in order to prevent data analysis tools or other intelligent mechanisms from collating or pulling data from multiple sources to identify and individual or sensitive information.

Anonymization

The process of substituting a sensitive data element with a non-sensitive equivalent.

Tokenization

True or False: Tokenization is not encryption?

True, tokenization is not encryption

Creating a new copy of data with masked values is known as?

Static masking

Adding a layer of masking between the application and the database is known as?

Dynamic masking

5 Common approaches to data masking.

- Random Substitution


- Algorithmic Substitution


- Shuffle


- Masking


- Deletion

This type of identifier uniquely identifies the subject (e.g., name, address)?

Direct Identifier

This identifier typically consists of demographic or socioeconomic information, dates, or events?

Indirect Identifier

Tokenization can assist with:

- Complying with regulations and laws


- Reducing the cost of compliance


- Mitigating risks of storing sensitive data and


reducing attack vectors on data

This involves splitting up and storing encrypted information across different cloud storage services.

Bit Splitting

Encryption that enables processing of encrypted data without the need to decrypt the data? It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first.

Homomorphic Encryption

Data that describes data.

Metadata

Grouping data elements with a tag that describes the data is known as:

Labeling (Labels)

Data discovery approaches:

- Big data


- Real-time analytics


- Agile Analytics and Agile Business Intelligence

Investigating data itself by employing pattern matching, hashing, statistical, lexical, or other forms of probability analysis.

Content Analysis

What are the 3 data discovery techniques?

- Metadata


- Labels


- Content Analysis

What are some data discovery issues you need to be aware of?

- Poor data quality


- Dashboards


- Hidden costs

This determines the legal regime applicable to a certain matter.

Applicable Law

This usually determines the ability of a national court to decide or enforce a judgment or order.

Jurisdiction

The main piece of legislation in the EU pertaining to the protection of individuals personal data and the movement of such data.

EU directive 95/46/EC

Any constraints arising from specific arrangements of a Cloud Service operation shall be made clear by the Service Provider in order to avoid any consequences for unlawful personal data processing.

Application of Defined Controls from PII

PDCA

Plan, Do, Check, Act

Technology aimed at controlling the use of digital content.

Digital Rights Management

Two main categories of Digital Rights Management (DRM).

- Consumer DRM


- Enterprise DRM

Data retention policies should define:

- Retention periods


- Data formats


- Data security


- Data retrieval procedures for the enterprise

Data retention policy components include:

- Legislation, regulation, and standards


- Data mapping


- Data classification


- Data retention procedure


- Monitoring and maintenance

Organizing data based on locations, compliance requirements, ownership, or business usage.

Data classification

The process of organizing all relevant data in order to understand data types.

Data mapping

Safe disposal of electronic records include:

- Physical destruction


- Degaussing


- Overwriting


- Encryption

The process of encrypting data in order to dispose of it is known as:

Digital shredding or crypto-shredding

The process of deliberately destroying the encryption keys that were used to encrypt data.

Crypto-shredding

The process of identifying and moving inactive data out of current production systems and into specialized long-term archival storage system.

Data archiving

Data Event Logging and Event Attributes are:

- When


- Where


- Who


- What


- Additional considerations

Process to maintain and safeguard the integrity and/or original condition of potential digital evidence is defined in:

ISO 27037:2012

STRIDE is an acronym for:

- Spoofing identity


- Tampering with data


- Repudiation/Non-Repudiation


- Information Disclosure


- Denial of Service


- Elevation of Privilege

What is the norm for power density "per rack" today?

10 KW or more per rack

A person or organization that maintains a business relationship with, and uses services from, Cloud Service Providers.

Cloud Service Customer

A person, organization or entity responsible for making a service available to service consumers.

Cloud Service Provider

The intermediary that provides connectivity and transport of cloud services between Cloud Providers and Cloud Consumers.

Cloud Carrier

What technology separates local traffic into distinct 'broadcast domains'?

VLAN's

What provides a clearly defined and separate network control plane to manage network traffic that is separated from the forwarding plane?

Software Defined Networking (SDN)

A dedicated service that can safely store and manage encryption keys and the cryptographic key life cycle.

Hardware Security Module (HSM)

The compute parameters of a cloud server are:

- Number of CPU's


- Amount of RAM

Guaranteed minimum resource allocation which must be met by host with physical compute resources in order to allow for ac Guest to power on and operate is known as:

Reservation

This creates a maximum ceiling for a resource allocation that may be fixed, or expandable, allowing for the acquisition of more compute resources through a "borrowing" scheme:

Limit

A piece of software, firmware, or hardware that gives the impression to the guest operating systems that they are operating directly on the physical hardware of the host.

Hypervisor

Controls the entire infrastructure, and parts of it will be exposed to customers independent of network location, it is a prime resource to protect.

Management Plane

Used to arbitrate the issues associated with compute resource contention.

Shares
In routing, the forwarding plane, sometimes called the userplane, defines the part of the router architecture that decides what to do with packets arriving on an inbound interface.

Data Plane

What are the two types of Hypervisor?

- Type 1


- Type 2

This hypervisor is small and is known as a bare metal, embedded or native hypervisor. It works directly on the hardware of a host and can monitor OS's running above it.

Type 1 Hypervisor

This hypervisor is installed on top of the host's operating system and then supports other guest operating systems running about it as virtual machines. It is completely dependent on the host OS for its operations.

Type 2 Hypervisor

This "Planes" key functionality is to create, start, and stop virtual machine instances and provision them with the proper virtual resources such as CPU, memory, permanent storage, and network connectivity.

Management Plane

The Management Planes primary interface is:

API's

A service where data is replicated across the global Internet.

Content Delivery Network (CDN)

A managed Database service.

Database-as-a-Service

This set of processes and structure systematically manage all risk to an enterprise including supply chain and third party risks.

Enterprise Risk Management

The relationship between the shareholders and other stakeholders in the organization vs. the senior management.

Corporate Governance

This refers to the situation where the consumer has made significant vendor-specific investments. These investments can lead to high costs of switching between providers.

Provider lock-in

Break out of a guest OS so that they can access the hypervisor or other guests.

Guest escape

Losing control of the amount of content on our image store.

Sprawl

Non-Cloud Specific Risks may include:

- Natural disasters


- Unauthorized facility access


- Social Engineering


- Network Attacks


- Default Passwords


- Other malicious or non-malicious actions

Legal Risks include:

- Law Enforcement


- Jurisdiction


- Data Protection


- Licensing

Cloud specific technical risks include:

- Management Plane breach


- Resource exhaustion


- Isolation control failure


- Insecure or incomplete data deletion


- Control conflict


- Software-related risks

Virtualization risks include:

- Guest escape


- Snapshot and image security


- Sprawl

NIST guidance around physical security can be found in:

- NIST SP 800-14


- NIST SP 800-123

Key Regulations for cloud provider facilities:

- HIPAA


- PCI DSS


- NERC CIP

Virtualization Components are:

- Compute


- Storage


- Networking

In the public cloud, identity providers are increasingly adopting what two standard protocols?

- OpenID


- Oauth

The process of establishing with adequate certainty the identity of an entity.

Authentication

The process of granting access to resources.

Authorization

The entire process of registering, provisioning, and deprovisioning identities.

Identity Management

The entitlement process starts with:

- business requirements


- security requirements

The purpose of this type of audit is to provide reasonable assurance that adequate risk controls exist and are operationally effective.

Risk Audit

What protects against the risk of data not being available and/or the risk that the business processes it supports are not functional, leading to adverse consequences for the organization.

Business Continuity Disaster Recovery (BCDR)

A software architecture style consisting of guidelines and best practices for creating scalable web services.

Representational State Transfer (ReST)

A protocol specification for exchanging structured information in the implementation of web services in computer networks. It is stateless and XML based.

Simple Object Access Protocol (SOAP)

Subcomponents of an Application are:

- Data


- Functions


- Processes
A cyber attack intended to redirect a website's traffic to another, fake site. It can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software.

Pharming

Transport Mode is the default mode for:

IPSec

Developers must keep in mind two key risks associated with applications run in the cloud.

- Multi-tenancy


- Third-Party administrators
A Linux-based open-source software architecture that implements efficiency-enhancing private and hybrid clouds within an enterprise’s existing IT infrastructure.

Eucalyptus

What kind of risk/liability can be transferred to a cloud provider?

Financial

Data-at-rest is at risk of attack through:

Storage Covert Channels

Stored items that are static in nature and made available through content delivery networks are called:

Objects

Tools used to ensure configuration of software:

- Puppet


- Chef

What type of flaw occurs whenever an application takes untrusted data and send it to a web browser without proper validation or escaping?

Cross-site Scripting (XSS)

This flaw occurs when untrusted data is sent to an interpreter as part of a command or query.

Injection

This attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.

Cross-site Request Forgery (CSRF)

What is used to determine any weaknesses in an application and the potential ingress, egress and actors involved before it is introduced to production?

Threat Modeling

The illegitimate denial of an event is known as:

Repudiation

Programmatic control and access, automation, and Integration with third-party tools are benefits of:

Application Programming Interfaces (API)

ISO/IEC 27034-1 provides guidance for:

Secure software development

People, processes, and systems used to manage access to resources by assuring the identity of an entity is verified, then granting the correct level of access based on the protected resource is known as:

Identity and Access Management (IAM)

What provides the policies, processes, and mechanisms to manage identity and trusted access to systems across organizations?

Federated Identity Management

The most commonly accepted federation standard is:

Security Assertion Markup Language (SAML)

Typically used for facilitating inter-organizational and inter-security domain access to resources leveraging federated identity management.

Federated Single Sign-on (SSO)

A layer-7 firewall that can understand HTTP traffic.

Web Application Firewall (WAF)

A layer-7 monitoring device that understands SQL commands.

Database Activity Monitoring (DAM)

Device that filters API traffic; it can be installed as a proxy or as a specific part of your applications stack before data is processed.

API Gateway

This encompasses the development and implementation of methods and processes for ensuring software functions as intended while migrating the risks of vulnerabilities, malicious code, or defects.

Software Assurance

For project and development teams to have confidence and follow best practices guidelines what is conducted at each stage of the development process?

Verification and Validation of coding

This refers to specific services you may offer that have some form of legal implication.

Functional Data

The Organization Normative Framework (ONF) has seven containers, they are:

- Business Context


- Regulatory Context


- Technical Context


- Specifications


- Roles, responsibilities, and qualifications


- Processes


- Application Security Control Library

A set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities.

Static Application Security Testing (SAST)

A process of testing an application or software product in an operating state.

Dynamic Application Security Testing (DAST)

A testing environment that isolates untested code changes and outright experimentation from the production environment or repository, in the context of software development including Web development and revision control.

Sandbox

OWASP recommends how many types of Active Security Testing?

Nine (9)

Process to identify and report on known vulnerabilities in a system.

Vulnerability Assessment/Vulnerability Scanning

A process used to collect information related to system vulnerabilities and exposures, with the view to actively exploit the vulnerabilities in the system.

Penetration Testing

Static Application Security Testing (SAST) by its nature is what type of test tool?

White-box

Dynamic Application Security Testing (DAST) is generally considered what type of test?

Black-box

Factors that impact Data Center design include:

- Location of data center and users of cloud


- Contingency, failover, and redundancy


- Types of services (IaaS, PaaS, SaaS)


- Operating standards (e.g., ISO 27001:2013)

MTTR and MTBF are acronyms for:

- Mean Time to Repair


- Mean Time Between Failure

Data center networks that are logically divided into smaller, isolated networks. They share physical networking gear but operate on their own network without visibility into other logical networks.

Multi-tenant or Multi-tenancy networks

In multi-tenant networks, failure to design logical partitions that segregate client/customer data can result in:

Unauthorized access, viewing, or modification of tenant data

What are the five (5) logical design levels:

- Compute nodes


- Management plane


- Storage nodes


- Control pane


- Network

A data center with non-redundant capacity components and a single, non-redundant distribution path serving the critical environments. It includes dedicated space for IT systems, UPS, dedicated cooling, and an engine generator with 12-hours of onsite fuel storage.

Tier I

What is the required up-time of a Tier I data center?

99.671% (or 28.8 hrs downtime per year)

What tier is a Concurrently Maintainable data center?

Tier III

What tier is Basic Site Infrastructure?

Tier I

What tier is a Redundant Site Infrastructure with Capacity Components?

Tier II
What is the required up-time of a Tier II data center?

99.749%, (or 22 hours downtime per year)

What is the required up-time of a Tier III data center?

99.982%, (or 1.6 hours downtime per year), n+1

What is the required up-time of a Tier IV data center?

99.995%, (or 26.3 minutes downtime per year), 2n+1

What tier is a Fault Tolerant data center?

Tier IV

What tier of data center has 2 simultaneously active distribution paths?

Tier IV

What tier of data center has 1 active and 1 alternate distribution path?

Tier III

The recommended Operating Range for Temperature and Humidity in a data center is:

- 64.4 and 80.6 degrees F


- 40% to 60% relative humidity

What is the Minimum effective (clear) height for raised floor installations?

24 inches

Storage controllers may be in use for:

- iSCSI


- Fiber Channel (FC)


- Fiber Channel over Ethernet (FCoE)

Which storage protocol uses TCP to transport SCSI commands?

iSCSI

Storage networks consists of two types of equipment:

- Initiators


- Targets

This will occur when more users are connected to a system than can be fully supported at the same time.

Oversubscription

It is considered to be a best practice to only use iSCSI on what type of network?

Trusted

iSCSI storage traffic is transmitted in what format across LAN's?

Unencrypted

iSCSI supports a number of authentication methods, they are:

- Kerberos


- SRP (Secure Remote Password)


- SPKM1/2 (Simple Public-Key Mechanism)


- CHAP (Challenge Handshake Authentication


Protocol)

TLS is a cryptographic protocol designed to provide communication security over the Internet using what to authenticate connections?

X.509 certificates

TLS uses what type of encryption key?

Symmetric

A client/server protocol that automatically provides an IP host with its IP address and other related configuration information.

Dynamic Host Configuration Protocol (DHCP)

A hierarchical, distributed database containing mappings of DNS domain names to various types of data, such as IP addresses.

Domain Name System (DNS)

A suite of extensions that adds security to the DNS protocol by enabling DNS responses to be validated. It provides origin authority, data integrity, and authenticated denial of existence.

Domain Name System Security Extensions (DNSSEC)

End-to-end security for data while transiting a network can be accomplished using:

Internet Protocol Security (IPSec)

The process by which DNS zone data, DNS domain names, computer names, and IP addresses for sensitive network resources, is obtained by attackers.

Footprinting

An agreed upon description of the attributes of a product, at a point in time, which serves as a basis for defining change.

Baseline

A movement from the baseline state to a next state.

Change

Risk Assessment information for Information Technology Systems can be found in:

NIST SP 800-30

The degree to which a system is able to adapt to workload changes by provisioning and deprovisioning resources in an autonomic manner is known as:

Elasticity

This is the use of two or more storage servers working together to increase performance, capacity, or reliability.

Clustered Storage

What are the three (3) service models of cloud computing?

- SaaS


- PaaS


- Iaas

What are the four (4) deployment methods of cloud computing?

- Private Cloud


- Community Cloud


- Public Cloud


- Hybrid Cloud

A protocol that allows for separate channels for carrying presentation data, serial device communication, licensing information, and highly encrypted data (keyboard, mouse activity).

Remote Desktop Protocol (RDP)

Two types of patch management tools.

- ISV-vendor specific


- Third-party

The Risk Management process includes:

- Framing Risk


- Assessing Risk


- Responding to Risk


- Monitoring Risk

Ensuring capacity of IT services and IT infrastructure is able to deliver the agreed service level targets in a cost-effective and timely manner.

Capacity Management

The capability of an organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.

Business Continuity (BC)

A holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience.

Business Continuity Management (BCM)

Producing a risk management strategy that addresses how organizations intend to assess risk, respond to risk, and monitor is known as:

Framing Risk

Money spent on Information Technology that is not spent by the IT department itself in order to acquire IT services, and/or engage in IT projects that are managed outside of, and without the knowledge of the IT department.

Shadow IT

ALE equals

SLE x ARO

SLE equals

Asset Value (in $) x Exposure Factor (as a %)

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.

Annualized Rate of Occurrence (ARO)

The difference between the original value and the remaining value of an asset after a single exploit.

Single Loss Expectancy (SLE)

A product of the yearly estimate for the exploit (ARO) and the loss in the value of an asset after an SLE.

Annualized Loss Expectancy (ALE)

The four traditional ways to address risk are:

- Accept


- Avoid


- Transferred


- Mitigated

Amount of risk left in any system after all countermeasures and strategies have been applied.

Residual Risk

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Digital Forensics

What are the phases of digital forensics?

- Collection


- Examination


- Analysis


- Reporting

What are some cloud forensics challenges?

- Control over data


- Multi-tenancy


- Data Volatility


- Evidence Acquisition

The EU DPD also known as Directive 95/46/EC focuses on the protection of individuals with regards to processing of personal data and on the free movement of such data. Its seven principles are:

- Notice


- Purpose


- Consent


- Security


- Disclosure


- Access


- Accountability

Cloud infrastructure provisioned for the exclusive use of a single organization. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and may exist on or off premises.

Private Cloud

Cloud infrastructure provisioned for the exclusive use by a specific community of consumers from organizations that have shared concerns. May be owned, managed, and operated by one or more organizations in the community, a third party, or some combination of them. May exist on or off premise.

Community Cloud

Cloud infrastructure provisioned for open use by the general public. May be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Public Cloud

Cloud infrastructure that is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.

Hybrid Cloud

The ease of ability to which application components are moved and reused elsewhere regardless of the provider, platform, OS, infrastructure, location, storage, and the format of data or APIs.

Interoperability

A key aspect to consider when selecting cloud providers since it can both help prevent vendor lock-in and deliver business benefits by allowing identical cloud deployments to occur in different cloud provider solutions.

Portability

The ability of a cloud services data center and its associated components, including servers, storage, etc., to continue operating in the event of a disruption which may be equipment failure, power outage, or a natural disaster.

Resiliency

The fundamental concept that results in a globalized service, being widely accessible with no perceived borders.

Borderless Computing

NIST (SP) 800-122 defines:

Personally Identifiable Information

Reports on Controls at Service organizations relevant to user entities' Internal Control over financial reporting.

Service Organization Controls 1 (SOC 1)

Reports on Controls at Service organizations relevant to Security, Availability, Processing, Integrity, Confidentiality and Privacy.

Service Organizations Controls 2 (SOC 2)
The conduct that a reasonable man or woman will exercise in a particular situation, in looking out for the safety of others.

Due Care
Reasonable steps taken by a person in order to satisfy a legal requirement, especially in buying or selling something

Due Diligence
Means a person who (either alone orjointly or in common with other persons) determines thepurposes for which and the manner in which any personal dataare, or are to be processed

Data Controller
In relation to personal data, means anyperson (other than an employee of the data controller) whoprocesses the data on behalf of the data controller

Data Processor

An individual or entity that utilizes or subscribes to cloud-based services or resources.

Cloud Service Customer

A third party entity that manages and holds operational responsibilities for cloud-based data backup services.

Cloud Backup Service Broker

Third party organization that verifies attainment of SLA's.

Cloud Service Auditor

Acts as a liaison between cloud services customers and cloud service providers.

Cloud Services Broker

What are the Cloud Deployment Models.

- Private


- Public


- Community


- Hybrid

What are the Cloud Service Models.

- Iaas


- Paas


- Saas

Which cloud service model offers automatic updates and patch management?

SaaS

Which cloud service model allows globally distributed development teams to work together on software development projects?

PaaS

Which cloud service model helps to reduce energy use and cooling costs?

IaaS

In a Hybrid Cloud deployment model this allows for public cloud resources to be utilized when a private cloud workload has reached maximum capacity.

Cloud Bursting

Represents the ability of a cloud services data center and its associated components to continue operating in the event of a disruption.

Cloud Resiliency

Defines the ease of ability to which application components are moved and reused elsewhere.

Portability

The requirement for the components of a cloud ecosystem to work together to achieve their intended result.

Interoperability

Provisioning and deprovisioning are critical aspects of:

Access Management

VMWare ESXI and Citrix XenServer are examples of what type of Hypervisor.

Type 1 Hypervisor

VMWare Workstation and Microsoft Virtual PC are examples of what type of Hypervisor.

Type 2 Hypervisor

Which type of Hypervisor runs on a host operating system?

Type 2

Which type of Hypervisor runs directly on the hardware?

Type 1

Which hypervisor type is more attractive to attackers?

Type 2

This standard address the privacy aspects of cloud computing for consumers and is the first international set of privacy controls in the cloud.

ISO/IEC 27018

ISMS can be found in what publication?

ISO/IEC 27001

The international guide for Application Security can be found in?

ISO/IEC 27034-1

What are the five Trust Services Principles?

- Security


- Availability


- Processing Integrity


- Confidentiality


- Privacy

What is a security related concern for a Platform as a Service solution?

System/Resource isoloation

What are the phases of the Software Development Life Cycle process model?

- Planning and requirements analysis


- Define


- Design


- Develop


- Testing


- Maintenance

What method for safe disposal of electronic records can always be used within a cloud environment?

Encryption

From a security perspective, IaaS providers are responsible for what?

Physical Security only

From a security perspective, PaaS providers are responsible for what?

Physical and Infrastructure Security

From a security perspective, SaaS providers are responsible for what?

Physical, Infrastructure, and Platform Security

From a security perspective in a SaaS deployment the provider and consumer share responsibility for:

Application Security

From a security perspective in a PaaS deployment the provider and consumer share responsibility for:

Platform Security

From a security perspective in a IaaS deployment the provider and consumer share responsibility for:

Infrastructure Security

What are the responsibilities in the cloud environment responsibility matrix:

- Physical Security


- Infrastructure Security


- Platform Security


- Application Security


- Data Security


- Security Governance, Risk & Compliance (GRC)