2017年6月11日 星期日

Durability and Availability

Durability addresses the question, “Will my data still be there in the future?” Availability addresses the question, “Can I access my data right now?”


Referenced from AWS Certified Solutions Architect Official Study Guide: Associate Exam

2017年6月5日 星期一

CCSP 準備

1. what are the new security considerations when moving out to the cloud or using cloud services?

2. What are the new risks from cloud computing?

3. These security considerations can be technical, policy compliance and even jurisdiction. Cloud computing has advantages. At the same time, organisations lose some control when moving to cloud. What control do they lose?

4. What are the options available to address these new cloud-related risks?

5. Who is responsible for what aspects of security? Cloud provider or cloud customer?

6. How does an organisation ensure their data in the cloud is secure?

7. The location of cloud provider DC is important from a legal, privacy and compliance perspective. How does one ensure compliance with different laws?

Reference from:
http://www.techexams.net/forums/isc-sscp-cissp/125863-my-ccsp-experience-comments.html


2017年6月4日 星期日

Access Management

Access Management should (depending on the business / security requirements, and the type if cloud model, Iaas, Paas, or Saas being deployed) govern access to the;


  • Network layer. Without meeting the entitlement rules it may not even be possible to "see" (i.e. Ping or route) to the cloud system. The entitlement rule may also direct access to particular interfaces.
  • System layer. The entitlement rules may define the protocols that are permitted to access and modify systems, such as terminal server vs. web.
  • Application layer. The entitlement rules may map Identity and/or Attributes to functionality provided by a specific application, such as being presented with a reduced set of menus or options.
  • Process layer. The entitlement rules can be used to define the processes. (or functions) that can be run within an application. Entitlement may also define that enhanced functions (such as transferring money out of the ecosystem) need additional verification (which may be obtained directly or derived in the background).
  • Data layer. The entitlement rules may limit access to areas of the data and file structure or even individual files or fields within files (e.g., in a database). At a more advanced level, entitlement could be used to auto-redact documents, such that two users accessing identical documents would view different contents (e.g., constructing a specific dynamic view of a database table).
The entitlement process starts with the customer to turn business requirement and security requirements into a set of entitlement rules. This process will define the identities and Attribute required to be able to evaluate the rules. These rules in turn drive the authorization/access system.

Reference from CSA Security Guidance for Critical Areas of Focus in Cloud Computing V3.0.