Deck 22: Cloud Security

there is an increasingly prominent trend in many organizations to
move a substantial portion or even all It operations to an Internet-connected infrastructure known as an enterprise community cloud.
.

A community cloud shares characteristics of private and public
clouds.

A public cloud infrastructure is made available to the general
public or a large industry group and is owned by an organization
selling cloud services.

Non-repudiation threats are associated with users who deny
performing an action without other parties having any way to prove otherwise.

A cloud broker can evaluate the services provided by a CP in
terms of security controls, privacy impact, and performance.

Data must be secured while at rest, in transit, and in use, and
access to the data must be controlled.

A key motivation for opting for a private cloud is cost.

the cloud computing model promotes availability and is composed
of three essential characteristics, four service models, and three
deployment models.

the intention of an advanced persistent threat is to steal data
rather than to cause damage to the network or organization.

NISt defines SecaaS as the provision of security applications and
services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers' on-premise systems.

System vulnerabilities can be exploited by hackers and malicious
software across a shared cloud environment.

IaaS enables customers to combine basic computing services, such
as number crunching and data storage, to build highly adaptable computer systems.

On-demand self-service is an essential characteristic of cloud
computing.

In effect, PaaS is an operating system in the cloud.

NISt defines three service models, which can be viewed as nested service alternatives: software as a service, platform as a service, and __________ .

three areas of support can be offered by a cloud broker: service intermediation, service aggregation, and __________ .

A __________ is a party that can conduct independent assessment of cloud services, information system operations, performance, and security of the cloud implementation.

A __________ is a person, organization, or entity responsible for making a service available to interested parties.

__________ enables the customer to deploy onto the cloud infrastructure customer-created or acquired applications.

__________ offers the customer processing, storage, networks, and other fundamental computing resources so that the customer is able to deploy and run arbitrary software, which can include operating systems and applications.

__________ enables the customer to use the cloud provider's applications running on the provider's cloud infrastructure.

the two most significant developments in computing in recent years are cloud computing and the __________ .

__________ is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

With a __________ cloud solution, sensitive information can be placed in a private area of the cloud, and less sensitive data can take advantage of the benefits of the public cloud.

__________ clouds are a way to leverage existing infrastructure and deliver and chargeback for bundled or complete services from the privacy of the organization's network.

__________ includes people, processes, and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified, and then granting the correct level of access based on this assured identity.

__________ consists of security services that allocate access, distribute, monitor, and protect the underlying resource services.

__________ is a threat classification system developed by Microsoft that is a useful way of categorizing attacks that arise from deliberate actions.

An __________ is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.