c2b_default

CCSP

CCSP Lernkarten

CCSP Lernkarten

68
0.0 (0)

Kartei Details

Karten 68
Sprache Deutsch
Kategorie Informatik
Stufe Andere
Erstellt / Aktualisiert 13.09.2020 / 02.08.2021
Weblink
https://card2brain.ch/box/20200913_ccsp
Einbinden
<iframe src="https://card2brain.ch/box/20200913_ccsp/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
Lernen

The Treacherous 12

Data Breaches

Insufficient ID. Credential & Access Managemen

Insecure Interfaces & APIs

Security Vulnerabilities

Account Hijacking

Malicious Insiders

Advanced Persistance Threats

Data Loss

Unusfficient Due Diligence

Abuse & nefarious use of Cloud Services

Denial of Service

Shared Technology Issues

 

Uptime Institute: Redundancy Tier 1

Basic Site Infrastructure

little to none redundancy

Scheduled maintanance will require system taken offline

Untoward personell activity WILL result in downtime

Uptime Institite Redundancy Tier 2

Redundant Site Infrastructure Capacity Component

Critical operations do not have to be interrupted for maintanance

Untoward personel activity MAY cause downtime

Unplanned failures MAY result in downtime

Uptime Institute: Redundancy Tier 3

Concurrently Maintanable Site Infrastructure

dual power supplies for all systems

critical operations can continue when component fail

loss of component MAY cause downtime

loss of a system WILL cause downtime

planned maintanance will not necessarily cause downtime

Uptime Institute: Redundancy Tier 4

Fault-Tolerant Site Infrastructure

redundancy of IT and electronical components

loss of a system or component WILL NOT cause downtime

a single loss, event or personell activity WILL NOT cause downtime

scheduled maintanance WILL NOT cause downtime

Instance Isolation

each VM should be logically isolated

Host Isolation

all hosts should be physically and logically isolated as much as possible

Clustered Storage

Tightly coupled:

storage devices are directly connected to a shared physical backplane

each component has same policies and rule sets

enhances perfomance bc it scales

 

 Loosely coupled:

greater flexibility

each node is indepentant from each other, only logically connected

 

Volume Storage

disc space is apportioned to the customer and is allocated to each of the guest instances

the virtualized OS of the guest can utilize and manipulate the volume

block storage / raw disk storage

analog mounted drive

Object Storage

all data is stored in a filesystem

customers get access to the parts they're assigned to

file storage

user is limited to upload, storing and manipulating files (not installing and running programms)

Ephermeral Storage

Temporary ressource that is used for processing

instance store volumes

 

Long-Term Storage

durable data storage

low cost and large amounts

typically used for archives and backup

not suitable for production

can't install and run programms, but can run queries

Content-Delivery Network (CDN)

for large amounts of data that require time-sensitive communication and low latency

multimedia content

replicates portions of data at data centers physically located nearer to the end user

Secure KVMs

Human interface devices (Keyboard, Video, Mouse = KVM)

Secure Data Ports

Tamper Labels

Fixed Firmware

Soldered Circuit board

Reduces Buffer

Air-Gapped Pushbuttons

ECPA

The Electronic Communication Privacy Act 

restricts government from wiretapping phone calls etc.

GLBA

Graham-Leach-Bliley Act

Allow banks to merge with and own insurance companies

customer account information must be kept secure

SOX

Sarbanes-Oxley Act

Increase transparency

To help protect shareholders, employees and the public from accounting errors and fraudulent financial practices.

HIPAA

Health Insurance Portability and Accounability Act

U.S. Federal Law

Protect patient records and data

FERPA

Family Educational Rights and Privacy Act

Prevent Academic institutions from sharing student data 

DMCA

Digital Millenium Copyright Act

Update copyright for internet purposes

CLOUD Act

Clarifying Lawful Overseas Use of Data

Allows US law enforcement to compel American companies to disclose data in foreign data centers

specifically for clound computing

FedRAMP

US Federal program that mandates standardizes approach to security assessments of cloud products and services

certification

PIPEDA

Canada's Personal Information Protection and Electronic Documents Act

(Canada GDPR)

ISO/IEC 27017:2015

guidelines for information security controls applicable to could services (based on ISO 27002)

ISO/IEC 27018:2019

Code of practice and security techniques for processing PII in cloud services

ISO/IEC 27037:2012

Forensic

Collect, identify and preserve electronic evidence

ISO/IEC 27041:2015

Forensic

Guide for incident investigation

ISO/IEC 27042:2015

Forensic

Guide for digital evidence analysis

ISO/IEC 27050:2016

Forensics

Overview and principles of eDiscovery

AICPA Reports

American Institute of Certified Public Accounants

SOC 1: useless

SOC 2: reviews controls relevant to security 

SOC 2 Type I: reviews controls as designed

SOC 2 Type II: thorough review of controls

SSAE 18

AICPA audit standard

SOC 1: useless (financial stuff)

SOC 2: reviews controls relevant to security 

SOC 2 Type I: reviews controls as designed

SOC 2 Type II: thorough review of controls

CSA Matrix Areas

  1. Cloud Architecture
  2. Governing in the Cloud
  3. Operating in the Cloud

CSA Matrix Control Domains

  1. Application & Interface Security (AIS)
  2. Audit Assurance & Compliance (AAC)
  3. Business Continuity Management & Operational Resilience (BCR)
  4. Change Control & Configuration Management (CCC)
  5. Data Security & Information Lifecycle Management (DSI)
  6. Datacenter Security (DCS)
  7. Encryption & Key Management (EKM)
  8. Governance & Risk Management (GRM)
  9. Human Resources (HRS)
  10. Identity & Access Management (IAM)
  11. Infrastructure & Virtualization Security (IVS)
  12. Interoperability & Portability (IPY)
  13. Mobile Security (MOS)
  14. Security Incident Management, E-Discovery, & Cloud Forensics (SEF)
  15. Supply Chain Management, Transparency, and Accountability (STA)
  16. Threat & Vulnerability Management

NIST SP 800-37

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST SP 800-53

Security and Privacy Controls for Federal Information Systems and Organizations

Cloud Characteristics

Resource pooling

on-demand self-service

Broad network access

Rapid elasticity

Measured service meter (utility computing)

ISO/IEC 17788:2014

provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards.

OSI

All = Application Layer
People= Presentation Layer
Seem = Session Layer
To = Transport Layer
Need = Network Layer
Data = Data Link Layer
Processing = Physical Layer

Logical Model (Layers)

Infostructure (data and information)

Applistructure (applications deployed in the cloud and application services)

Metastructure (protocols and mechanisms, provides interfaces to Infrastructure Layer)

Infrastructure (core components, moving parts)

NIST SP 500-299

 Cloud Computing Security Reference Architecture 

Study