Chapter 2 Flashcards
1
Q
Cryptographic Shredding
A
The act of destroying encryption keys as a way of disposing data
2
Q
Due Diligence
A
The act of investigation and understanding the risks the company faces
3
Q
Due Care
A
The minimum and customary practice of responsible protection of assets that affects a community or societal norm
4
Q
From a Cloud provider perspective, a layered defense should entail
A
- Strong Personnel controls such as background checks
- Technological controls such as encryption
- Physical controls related to both the overall campus and various remote facilities
- Governance mechanisms and enforcement, such as strong policies and regular, thorough audits
5
Q
From a Cloud Customer perspective, a layered defense should entail
A
- Training programs for staff
- Contractual enforcement of policy requirements
- Use of encryption and logical isolation mechanisms on BYOD assets
- Strong access control methods, perhaps including multifactor authentication
6
Q
To determine the necessary controls to be deployed, you must first understand
A
- Functions of the data
- Locations of the data
- Actors upon the data
7
Q
Methods for dealing with Single Points of Failure
A
- Adding Redundancies
- Creating alternative processes
- Cross- Training personnel
- Consistently and thoroughly backing up data
8
Q
Things that an organization should know to handle risks
A
- An inventory of all assets
- A valuation of each asset
- A determination of critical paths, processes, and assets
- A clear understanding of risk appetite