Pluralsight CCSP Domain 2 Flashcards
(53 cards)
Data Protection Laws
- GDPR - privacy
- SOx - financial
- GLBA - financial
- HIPAA - health information
Data Roles and Responsibilities
* Data Owner / Processor
* Custodian
* Subject
* User
- **Data Owner **- ensure data has appropiate level of protection; known as data controller or processor in the cloud
- Custodian - has custody or posession of data at certain point of time (i.e. personnel who perform backups or user requesting data)
IPS, On Prem Responsibility Zones (CSP or Consumer)
Data Lifecycle: Use
- User Training
- Data hiding
- -Encryption
- -Masking
- -Obfuscation
- -Anonymization
- DLP
- DRM/IRM
Qualities of Symmetric Encryption Algorithms
Who holds the keys in SaaS? How can keys be transmitted? How are keys stored?
Who holds the keys in PaaS? How can keys be transmitted? How are keys stored?
What is transparent encryption?
Homomorphic Encryption
processing encrypted material without first decrypting it
Who holds the keys in IaaS? How can keys be transmitted? How are keys stored?
Key Management
* Escrow
* Split Knowledge / Multi-Party
-Dual Control
* Hardware Security Module (HSM)
* Outsourced Key Management
-PKI
-CASB
Asymmetric Encryption
* What is it used for?
* Is it fast or slow?
What part of CIA triad does hashing protect?
Define Hashing
Hashing Benefits
Masking and Obfuscation
Anonymization
Who is responsible for masking and anonymization in the cloud for IaaS, PaaS, and SaaS?
Tokenization
All control typically resides with CSP in SaaS except for what?
Chain of Custody
Unbroken record of all activities associated with evidence from the time it is recognized as evidence until it is submitted to court; clear documentation must record which people had access to the evidence, where it was stored, what access controls were placed, and what modifications were perforemd;
this is difficult in the cloud; chain of custody provides non repudiation which means no one can deny taking part of a transaction
Important to have defined procedures and NDAs
Capabilities of Virtualization
- Type 1 Hypervisor
- Traditional OS vs Type 1 Hypervisor (image)
- Modern Hardware Hypervisor
- Bare-metal, embedded, or native
- Work directly on hardware/host
- Small form factor, a few hundred megabytes
- Type 1 attacks are restricted to the hypervisor and the machine
Type 2 Hypervisor
- OS or Hosted Application Hypervisor
- Software Hypervisor
- Attackers prefer Type 2 because of the larger surface area for attack; They can attack the hypervisor itself and the OS under it, and the machine directly;
Virtualization Attacks
- Guest Escape - poorly configured or designed VM or hypervisor that allows user to leave their virtualized instance; this allows user to access other VMs on the same host or they can attack the host itself;
- Host Escape - user can leave their own virtualized instance and leave the host machine, accessing other devices on the network
- Information Bleed or side-channel/covert channel attack - processing perfoemd on one VM may be detected by other instances on the same host; this does not have to involve the raw data itself, but may be indicative of the processing occuring (i.e. detecting a certain operation is being performed and lasts a certain duration); attackers can narrow down a list of attacks to use
- Data Seizure - legal activity might result in a host machine being confiscated or inspected by cops, the host machine might include virtualized instances belonging to your organization even though your organization was not the target;
Responsiblity Zones - On prem, IaaS, PaaS, SaaS