WGU D320(C383) Laws, Regulations &
Organizations |Managing Cloud Security
(Latest Update ) Questions &
Answers | Grade A | 100% Correct
(ISC)2 - International Information System Security Certification Consortium
A security certification granting organization that has a long history of certifications that were
difficult to get. This difficulty has made their certificates seen as having higher value in the
industry.
(ISC)2 Cloud Secure Data Life Cycle
Based on CSA Guidance. 1. Create; 2. Store; 3. Use; 4. Share; 5. Archive; 6. Destroy.
(SAS) 70
was a recognized standard of the American Institute of Certified Public Accountants
(AICPA) in response to the issues that also lead to Sarbanes-Oxley (SOX). Deprecated in 2011
by the Statement on Standards for Attestation Engagements (SSAE) No. 16.
AICPA
established SAS 70 and later SAAE 16.
AICPA
American Institute of Certified Public Accountants
, WGU D320(C383) Laws, Regulations &
Organizations |Managing Cloud Security
(Latest Update ) Questions &
Answers | Grade A | 100% Correct
Organizational Normative Framework (ONF)
Concepts of ISO 27034. There is only one for an organization but potentially as many
ANF's as applications.
ASHRAE - American Society of Heating, Refrigerating and Air-Conditioning Engineers
a professional association seeking to advance heating, ventilation, air conditioning and
refrigeration systems design and construction.
Biba
an access control model designed to preserve data integrity. It has 3 goals. Maintain internal and
external consistency; prevent unauthorized data modification even by authorized parties; prevent
data modification by unauthorized individuals.
Capability Maturity Model (CMM)
a development model where the maturity relates to the formality and optimization of processes.
When applied to cloud security it would focus on those aspects as they relate to cloud security.
Child Online Protection Act (COPA)
, WGU D320(C383) Laws, Regulations &
Organizations |Managing Cloud Security
(Latest Update ) Questions &
Answers | Grade A | 100% Correct
An attempt to restrict access by minors to material defined as harmful to minors. A permanent
injunction against the law in 2009.
Cloud Access Security Brokers (CASBs)
monitors network activity between users and cloud applications and enforces security policy and
blocking malware.
Cloud Security Alliance (CSA)
publishes the Notorious Nine: 1) Data breaches; 2) Data Loss; 3) Account service traffic
hijacking; 4) Insecure Interfaces and APIs; 5) Denial of Service; 6) Malicious Insiders; 7) Abuse
of Cloud Services; 8) Insufficient Due Diligence; 9) Shared technology Vulnerabilities. There are
also implications and controls associated with each.
CSA STAR - Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR)
uses the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud Controls
Matrix (CCM), and GDPR Self-Assessment as inputs to certify an organization to Level 1.
Level 2 integrates the CSA Cloud Controls Matrix and the AICPA Trust Service Principles - AT
101 for STAR attestation.
Organizations |Managing Cloud Security
(Latest Update ) Questions &
Answers | Grade A | 100% Correct
(ISC)2 - International Information System Security Certification Consortium
A security certification granting organization that has a long history of certifications that were
difficult to get. This difficulty has made their certificates seen as having higher value in the
industry.
(ISC)2 Cloud Secure Data Life Cycle
Based on CSA Guidance. 1. Create; 2. Store; 3. Use; 4. Share; 5. Archive; 6. Destroy.
(SAS) 70
was a recognized standard of the American Institute of Certified Public Accountants
(AICPA) in response to the issues that also lead to Sarbanes-Oxley (SOX). Deprecated in 2011
by the Statement on Standards for Attestation Engagements (SSAE) No. 16.
AICPA
established SAS 70 and later SAAE 16.
AICPA
American Institute of Certified Public Accountants
, WGU D320(C383) Laws, Regulations &
Organizations |Managing Cloud Security
(Latest Update ) Questions &
Answers | Grade A | 100% Correct
Organizational Normative Framework (ONF)
Concepts of ISO 27034. There is only one for an organization but potentially as many
ANF's as applications.
ASHRAE - American Society of Heating, Refrigerating and Air-Conditioning Engineers
a professional association seeking to advance heating, ventilation, air conditioning and
refrigeration systems design and construction.
Biba
an access control model designed to preserve data integrity. It has 3 goals. Maintain internal and
external consistency; prevent unauthorized data modification even by authorized parties; prevent
data modification by unauthorized individuals.
Capability Maturity Model (CMM)
a development model where the maturity relates to the formality and optimization of processes.
When applied to cloud security it would focus on those aspects as they relate to cloud security.
Child Online Protection Act (COPA)
, WGU D320(C383) Laws, Regulations &
Organizations |Managing Cloud Security
(Latest Update ) Questions &
Answers | Grade A | 100% Correct
An attempt to restrict access by minors to material defined as harmful to minors. A permanent
injunction against the law in 2009.
Cloud Access Security Brokers (CASBs)
monitors network activity between users and cloud applications and enforces security policy and
blocking malware.
Cloud Security Alliance (CSA)
publishes the Notorious Nine: 1) Data breaches; 2) Data Loss; 3) Account service traffic
hijacking; 4) Insecure Interfaces and APIs; 5) Denial of Service; 6) Malicious Insiders; 7) Abuse
of Cloud Services; 8) Insufficient Due Diligence; 9) Shared technology Vulnerabilities. There are
also implications and controls associated with each.
CSA STAR - Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR)
uses the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud Controls
Matrix (CCM), and GDPR Self-Assessment as inputs to certify an organization to Level 1.
Level 2 integrates the CSA Cloud Controls Matrix and the AICPA Trust Service Principles - AT
101 for STAR attestation.
