Chapter 13: AWS Risk and Compliance

Chapter 13: AWS Risk and Compliance

  1. A, B, C. Answers A through C describe valid mechanisms that AWS uses to communicate with customers regarding its security and control environment. AWS does not allow customers’ auditors direct access to AWS data centers, infrastructure, or staff.
  • AWS是不允許客戶直接審計aws的數(shù)據(jù)中心票堵、架構(gòu)和職員赡盘;
  1. C. The shared responsibility model can include IT controls, and it is not just limited to security considerations. Therefore, answer C is correct.
  • 共享責(zé)任模型包括IT control庸论,不僅僅限于安全考慮虽抄;
  1. A. AWS provides IT control information to customers through either specific control definitions or general control standard compliance.
  • AWS提供IT控制信息給客戶粪躬,通過特定的安全定義或者通過的標(biāo)準(zhǔn)規(guī)范沃但;
  1. A, B, D. There is no such thing as a SOC 4 report, therefore answer C is incorrect.
  • AWS的遵循的三方規(guī)范有:SOC1,PCI DSS Level 1琢歇,ISO27001
  1. A. IT governance is still the customer’s responsibility.
  • IT 控制仍舊是客戶的責(zé)任谆甜,盡管他們已經(jīng)將其設(shè)備部署到AWS
  1. D. Any number of components of a workload can be moved into AWS, but it is the customer’s responsibility to ensure that the entire workload remains compliant with various certifications and third-party attestations.
  • 任意數(shù)量的組件都可以遷移到AWS媒鼓,但是保證整個負(fù)載保持遵循各種認(rèn)證及三方評估是客戶的責(zé)任碍侦;
  1. B. An Availability Zone consists of multiple discrete data centers, each with their own redundant power and networking/connectivity, therefore answer B is correct.
  • A region is a physical location in the world where we have multiple Availability Zones粱坤;
  • 一個Region就是世界上的一個物理位置,里邊有多個AZ瓷产;
  • Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.
  • AZ由一個或者多個分離的數(shù)據(jù)中心組成站玄,每個都是有冗余的動力,網(wǎng)絡(luò)和連接濒旦,在風(fēng)火水電隔離的不同基礎(chǔ)設(shè)施中株旷;
  1. A, C. AWS regularly scans public-facing, non-customer endpoint IP addresses and notifies appropriate parties. AWS does not scan customer instances, and customers must request the ability to perform their own scans in advance, therefore answers A and C are correct.
  • AWS一般檢查公網(wǎng)出口,非客戶訪問的API地址等
  • AWS會在發(fā)現(xiàn)風(fēng)險時適時的通知合作伙伴尔邓;
  1. B. AWS publishes information publicly online and directly to customers under NDA, but customers are not required to share their use and configuration information with AWS, therefore answer B is correct.
  • AWS會在網(wǎng)站面向客戶直接發(fā)布安全信息晾剖。但是客戶可以不需要必須遵循這些指導(dǎo);
  1. C. AWS has developed a strategic business plan, and customers should also develop and maintain their own risk management plans, therefore answer C is correct.
  • AWS有自己的風(fēng)險管理計劃梯嗽,客戶也要有自己的風(fēng)險管理計劃齿尽;
  1. B. The collective control environment includes people, processes, and technology necessary to establish and maintain an environment that supports the operating effectiveness of AWS control framework. Energy is not a discretely identified part of the control environment, therefore B is the correct answer.
  • 環(huán)境控制的收集包括人員、流程和技術(shù)
  1. D. Customers are responsible for ensuring all of their security group configurations are appropriate for their own applications, therefore answer D is correct.
  • 安全組的控制灯节,是AWS提供服務(wù)循头,客戶自己進行配置;
  1. C. Customers should ensure that they implement control objectives that are designed to meet their organization’s own unique compliance requirements, therefore answer C is correct.
  • 客戶應(yīng)該保證所有的控制目標(biāo)是為了滿足所在組織的需求炎疆;

知識點總結(jié)

  • Understand the shared responsibility model. The shared responsibility model is not just limited to security considerations; it also extends to IT controls. For example, the management, operation, and verification of IT controls are shared between AWS and the customer. AWS manages these controls where it relates to physical infrastructure.

  • 共享安全模型不僅僅咸魚安全考慮卡骂。他延伸到IT controls。例如 管理形入、運營全跨、IT控制驗證是AWS與客戶雙方的責(zé)任。AWS基于物理架構(gòu)來管理這些控制亿遂。

  • Remember that IT governance is the customer’s responsibility. It is the customer’s responsibility to maintain adequate governance over the entire IT control environment, regardless of how its IT is deployed (on-premises, cloud, or hybrid).

  • IT 管理是客戶的責(zé)任浓若。客戶有責(zé)任要對IT控制環(huán)境進行足夠的管理蛇数,不管是離線數(shù)據(jù)中心挪钓、云或者混合云。

  • Understand how AWS provides control information. AWS provides IT control information to customers in two ways: via specific control definition and through a more general control standard compliance.

  • AWS提供控制信息給客戶有兩個方法:通過特定的控制定義和通過一個通用的控制準(zhǔn)則苞慢。

  • Remember that AWS is very proactive about risk management. AWS takes risk management very seriously, so it has developed a business plan to identify any risks and to implement controls to mitigate or manage those risks. An AWS management team reevaluates the business risk plan at least twice a year. As a part of this process, management team members are required to identify risks within their specific areas of responsibility and then implement controls designed to address and perhaps even eliminate those risks.

  • AWS在風(fēng)險管理領(lǐng)域非常積極而且非常嚴(yán)肅诵原。所以他開發(fā)一個商業(yè)計劃去識別任何風(fēng)險,同時去轉(zhuǎn)移或者控制這些風(fēng)險挽放。一個AWS的管理團隊每隔兩年去審視這些商業(yè)風(fēng)險計劃绍赛。作為流程的一部分,管理團隊的成員被要求去識別這些風(fēng)險在他們的專業(yè)責(zé)任領(lǐng)域內(nèi)辑畦,同時去實現(xiàn)風(fēng)險控制吗蚌,設(shè)計定位并終結(jié)這些風(fēng)險;

  • Remember that the control environment is not just about technology. The AWS control environment consists of policies, processes, and control activities. This control environment includes people, processes, and technology.

  • 環(huán)境控制不是簡單的技術(shù)策略纯出。AWS的環(huán)境控制由策略蚯妇、流程敷燎、控制活動組成。參與者包括人員箩言、流程和技術(shù)硬贯;

  • Remember the key reports, certifications, and third-party attestations. The key reports, certifications, and third-party attestations include, but are not limited to, the following:
    FedRAMP
    FIPS 140–2
    FISMA and DIACAP
    HIPAA
    ISO 9001
    ISO 27001
    ITAR
    PCI DSS Level 1
    SOC 1/ISAE 3402
    SOC 2
    SOC 3

  • 記錄主要的報告、認(rèn)證和第三方關(guān)注陨收,包括不限于 FedRAMP饭豹、FIPS 140-2、 FISMA and DIACAP务漩、HIPAA 拄衰、ISO 9001、ISO 27001饵骨、ITAR翘悉、PCI DSS Level1 SOC1/ISAE3402、SOC2居触、SOC3

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 序言:七十年代末妖混,一起剝皮案震驚了整個濱河市,隨后出現(xiàn)的幾起案子饼煞,更是在濱河造成了極大的恐慌源葫,老刑警劉巖诗越,帶你破解...
    沈念sama閱讀 211,561評論 6 492
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件砖瞧,死亡現(xiàn)場離奇詭異,居然都是意外死亡嚷狞,警方通過查閱死者的電腦和手機块促,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,218評論 3 385
  • 文/潘曉璐 我一進店門,熙熙樓的掌柜王于貴愁眉苦臉地迎上來床未,“玉大人竭翠,你說我怎么就攤上這事∞备椋” “怎么了斋扰?”我有些...
    開封第一講書人閱讀 157,162評論 0 348
  • 文/不壞的土叔 我叫張陵,是天一觀的道長啃洋。 經(jīng)常有香客問我传货,道長,這世上最難降的妖魔是什么宏娄? 我笑而不...
    開封第一講書人閱讀 56,470評論 1 283
  • 正文 為了忘掉前任问裕,我火速辦了婚禮,結(jié)果婚禮上孵坚,老公的妹妹穿的比我還像新娘粮宛。我一直安慰自己窥淆,他們只是感情好,可當(dāng)我...
    茶點故事閱讀 65,550評論 6 385
  • 文/花漫 我一把揭開白布巍杈。 她就那樣靜靜地躺著忧饭,像睡著了一般。 火紅的嫁衣襯著肌膚如雪筷畦。 梳的紋絲不亂的頭發(fā)上眷昆,一...
    開封第一講書人閱讀 49,806評論 1 290
  • 那天,我揣著相機與錄音汁咏,去河邊找鬼亚斋。 笑死,一個胖子當(dāng)著我的面吹牛攘滩,可吹牛的內(nèi)容都是我干的帅刊。 我是一名探鬼主播,決...
    沈念sama閱讀 38,951評論 3 407
  • 文/蒼蘭香墨 我猛地睜開眼漂问,長吁一口氣:“原來是場噩夢啊……” “哼赖瞒!你這毒婦竟也來了?” 一聲冷哼從身側(cè)響起蚤假,我...
    開封第一講書人閱讀 37,712評論 0 266
  • 序言:老撾萬榮一對情侶失蹤栏饮,失蹤者是張志新(化名)和其女友劉穎,沒想到半個月后磷仰,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體袍嬉,經(jīng)...
    沈念sama閱讀 44,166評論 1 303
  • 正文 獨居荒郊野嶺守林人離奇死亡,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點故事閱讀 36,510評論 2 327
  • 正文 我和宋清朗相戀三年灶平,在試婚紗的時候發(fā)現(xiàn)自己被綠了伺通。 大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
    茶點故事閱讀 38,643評論 1 340
  • 序言:一個原本活蹦亂跳的男人離奇死亡逢享,死狀恐怖罐监,靈堂內(nèi)的尸體忽然破棺而出,到底是詐尸還是另有隱情瞒爬,我是刑警寧澤弓柱,帶...
    沈念sama閱讀 34,306評論 4 330
  • 正文 年R本政府宣布,位于F島的核電站侧但,受9級特大地震影響矢空,放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜俊犯,卻給世界環(huán)境...
    茶點故事閱讀 39,930評論 3 313
  • 文/蒙蒙 一妇多、第九天 我趴在偏房一處隱蔽的房頂上張望。 院中可真熱鬧燕侠,春花似錦者祖、人聲如沸立莉。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,745評論 0 21
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽蜓耻。三九已至,卻和暖如春械巡,著一層夾襖步出監(jiān)牢的瞬間刹淌,已是汗流浹背。 一陣腳步聲響...
    開封第一講書人閱讀 31,983評論 1 266
  • 我被黑心中介騙來泰國打工讥耗, 沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留有勾,地道東北人。 一個月前我還...
    沈念sama閱讀 46,351評論 2 360
  • 正文 我出身青樓古程,卻偏偏與公主長得像蔼卡,于是被迫代替她去往敵國和親。 傳聞我的和親對象是個殘疾皇子挣磨,可洞房花燭夜當(dāng)晚...
    茶點故事閱讀 43,509評論 2 348

推薦閱讀更多精彩內(nèi)容

  • rljs by sennchi Timeline of History Part One The Cognitiv...
    sennchi閱讀 7,309評論 0 10
  • **2014真題Directions:Read the following text. Choose the be...
    又是夜半驚坐起閱讀 9,435評論 0 23
  • 不知道要寫什么雇逞,上一篇還是上次糾結(jié)的時候?qū)懙模孛芪恼吕镉袃善獙懥艘徊糠值摹?等待的心情是很難描述的茁裙,想打開網(wǎng)頁求...
    aya1212閱讀 154評論 0 1
  • 壹 最怕的不是無知塘砸,而是理所當(dāng)然的認(rèn)為自己不無知,想當(dāng)然的覺得自己是正確的晤锥。 當(dāng)我意識到這個的時候掉蔬,是我對“網(wǎng)紅”...
    異質(zhì)刺猬閱讀 541評論 0 0
  • 似乎美美的逛一逛,買一買查近,吃一吃眉踱,才足以讓別人都注視過來挤忙,知道今天是我的節(jié)日霜威。然而現(xiàn)在疲憊地躺在這里,才發(fā)...
    萬里獨行客閱讀 232評論 2 6