Cloud Security and Compliance
This policy defines the acceptable ways in which a network, website, or service may be used
What is Acceptable Use Policy?
This term refers to the mathematical function used in encryption and decryption
What is an Algorithm?
This paradigm enables network access to a scalable and elastic pool of resources
What is Cloud Computing?
This term refers to the ability to map an activity back to the responsible party
What is Accountability?
This person or organization audits the provision and use of cloud services
What is Cloud Auditor?
This 2017 criteria by AICPA focuses on security, availability, processing integrity, confidentiality, and privacy
What is AICPA TSC 2017?
These controls reduce the risk of control weaknesses resulting in errors
What are Compensating Controls?
This term describes a customer of a cloud service
What is Cloud Customer?
This concept in information security refers to the property of being accessible and usable upon demand
What is Availability?
This refers to a method of packaging and running applications in a virtualization environment
What is Container?
This term refers to the process of erasing or encrypting identifiers to protect sensitive information
What is Anonymization?
This approach to security involves multiple mechanisms in a layered method
What is Defense-in-depth?
This service model provides fundamental computing resources like processing and storage
What is Infrastructure as a Service (IaaS)?
This type of security focuses on protecting networks remotely bridged to client devices
What is Endpoint Security?
This CSA concept includes a set of functional capabilities and processes for assessing IT and cloud providers' security capabilities
What is CSA Enterprise Architecture?
This type of testing involves a set of tools used to test software during operation for compliance and security issues
What is Dynamic Application Security Testing?
This process involves transforming plaintext into ciphertext
What is Encryption?
This cloud model is composed of two or more distinct cloud infrastructures
What is Hybrid Cloud?
The process of identifying and evaluating risk and its potential effects
What is Risk Assessment?
This program includes principles of transparency, rigorous auditing, and harmonization of standards
What is STAR Program?
This EU regulation focuses on data protection and privacy
What is General Data Protection Regulation (GDPR)?
This method isolates untested code changes from the production environment in software development
What is Sandbox?
This computing model provides a flexible cloud computing execution model with dynamic resource allocation
What is Serverless Computing?
This term refers to the management of vulnerabilities in an Information Security Continuous Monitoring (ISCM) capability
What is Vulnerability Management?
This type of testing analyzes application source code for security vulnerabilities
What is Static Application Security Testing?