WGU D320(C383) LAWS, REGULATIONS & ORGANIZATIONS |MANAGING
CLOUD SECURITY (LATEST UPDATE ) QUESTIONS & ANSWERS |
GRADE A | 100% CORRECT
***1. (ISC)2 - International Information System Security Certification Consortium
A security certification granting organization that has a long history of certifications
that were difficult to get. This difficulty has made their certificates seen as having
higher value in the industry.
***2. (ISC)2 Cloud Secure Data Life Cycle
Based on CSA Guidance. 1. Create; 2. Store; 3. Use; 4. Share; 5. Archive; 6. Destroy.
***3. (SAS) 70
was a recognized standard of the American Institute of Certified Public
Accountants (AICPA) in response to the issues that also lead to Sarbanes-Oxley (SOX).
Deprecated in 2011 by the Statement on Standards for Attestation Engagements
(SSAE) No. 16.
***4. AICPA
established SAS 70 and later SAAE 16.
***5. AICPA
American Institute of Certified Public Accountants
https://www.stuvia.com/user/MBOFFIN
, ***6. Organizational Normative Framework (ONF)
Concepts of ISO 27034. There is only one for an organization but potentially as
many ANF's as applications.
***7. ASHRAE - American Society of Heating, Refrigerating and Air-
Conditioning Engineers a professional association seeking to advance heating,
ventilation, air conditioning and
refrigeration systems design and construction.
***8. Biba
an access control model designed to preserve data integrity. It has 3 goals. Maintain
internal and external consistency; prevent unauthorized data modification even by
authorized parties; prevent data modification by unauthorized individuals.
***9. Capability Maturity Model (CMM)
a development model where the maturity relates to the formality and optimization of
processes. When applied to cloud security it would focus on those aspects as they
relate to cloud security.
***10. Child Online Protection Act (COPA)
https://www.stuvia.com/user/MBOFFIN
, An attempt to restrict access by minors to material defined as harmful to minors. A
permanent injunction against the law in 2009.
***11. Cloud Access Security Brokers (CASBs)
monitors network activity between users and cloud applications and enforces security policy
and blocking malware.
***12. Cloud Security Alliance (CSA)
publishes the Notorious Nine: 1) Data breaches; 2) Data Loss; 3) Account service traffic
hijacking; 4) Insecure Interfaces and APIs; 5) Denial of Service; 6) Malicious Insiders; 7)
Abuse of Cloud Services; 8) Insufficient Due Diligence; 9) Shared technology
Vulnerabilities. There are also implications and controls associated with each.
. CSA STAR - Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR)
uses the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud
Controls Matrix (CCM), and GDPR Self-Assessment as inputs to certify an
organization to Level 1.
Level 2 integrates the CSA Cloud Controls Matrix and the AICPA Trust Service Principles -
AT 101 for STAR attestation.
https://www.stuvia.com/user/MBOFFIN
CLOUD SECURITY (LATEST UPDATE ) QUESTIONS & ANSWERS |
GRADE A | 100% CORRECT
***1. (ISC)2 - International Information System Security Certification Consortium
A security certification granting organization that has a long history of certifications
that were difficult to get. This difficulty has made their certificates seen as having
higher value in the industry.
***2. (ISC)2 Cloud Secure Data Life Cycle
Based on CSA Guidance. 1. Create; 2. Store; 3. Use; 4. Share; 5. Archive; 6. Destroy.
***3. (SAS) 70
was a recognized standard of the American Institute of Certified Public
Accountants (AICPA) in response to the issues that also lead to Sarbanes-Oxley (SOX).
Deprecated in 2011 by the Statement on Standards for Attestation Engagements
(SSAE) No. 16.
***4. AICPA
established SAS 70 and later SAAE 16.
***5. AICPA
American Institute of Certified Public Accountants
https://www.stuvia.com/user/MBOFFIN
, ***6. Organizational Normative Framework (ONF)
Concepts of ISO 27034. There is only one for an organization but potentially as
many ANF's as applications.
***7. ASHRAE - American Society of Heating, Refrigerating and Air-
Conditioning Engineers a professional association seeking to advance heating,
ventilation, air conditioning and
refrigeration systems design and construction.
***8. Biba
an access control model designed to preserve data integrity. It has 3 goals. Maintain
internal and external consistency; prevent unauthorized data modification even by
authorized parties; prevent data modification by unauthorized individuals.
***9. Capability Maturity Model (CMM)
a development model where the maturity relates to the formality and optimization of
processes. When applied to cloud security it would focus on those aspects as they
relate to cloud security.
***10. Child Online Protection Act (COPA)
https://www.stuvia.com/user/MBOFFIN
, An attempt to restrict access by minors to material defined as harmful to minors. A
permanent injunction against the law in 2009.
***11. Cloud Access Security Brokers (CASBs)
monitors network activity between users and cloud applications and enforces security policy
and blocking malware.
***12. Cloud Security Alliance (CSA)
publishes the Notorious Nine: 1) Data breaches; 2) Data Loss; 3) Account service traffic
hijacking; 4) Insecure Interfaces and APIs; 5) Denial of Service; 6) Malicious Insiders; 7)
Abuse of Cloud Services; 8) Insufficient Due Diligence; 9) Shared technology
Vulnerabilities. There are also implications and controls associated with each.
. CSA STAR - Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR)
uses the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud
Controls Matrix (CCM), and GDPR Self-Assessment as inputs to certify an
organization to Level 1.
Level 2 integrates the CSA Cloud Controls Matrix and the AICPA Trust Service Principles -
AT 101 for STAR attestation.
https://www.stuvia.com/user/MBOFFIN