This task will ha
ve you download the CSA Consensus Assessment Initiative form and
CSA Cloud Control Matrix. The CAIQ assessment form helps you ask questions that will
determine if a tool, service, or technology meets certain regulations and standards, and
the Cloud Control Matrix shows what controls align to various compliance standards.
1. Download the excel
files through FSO that is attached in the lab assignment.
Deliverable: No deliverable for this task. Task 2: Read the Cloud Security Alliance Consensus Assessment Initiative and Cloud
Control Matrix documents Familiarizing yourself with the questions asked in the document and the standards the
y
address will help you ask intelligent questions about the security needs of a system.
1. Read the document and familiarize yourself with the compliance standards, laws,
and questions.
Deliverable: No deliverable for this task. Task 3: Answer the below questions as part of your lab write up
This is the research portion of the lab. The below are a series of questions you need t
o
answer as part of the lab write-up. These are based on the Consensus Assessment
Initiative Document, the Cloud Control Matrix, and research you will need to do on
Google.
1. How many questions are on the Consensus Assessment Initiative document?
2. Why are the number of questions far fewer that what you may ask if you had t
o
co
ver each compliance standard individually?
3. How many control groups are there and what are they? (Hint: One is Human
Resources)
4. What compliance standards and laws are listed?
5. Which standard deals with systems containing credit card data?
6. Which law deals with protected health information?
7. When would you need to be FedRAMP certi
fied?
8. What is Sarbanes-Oxley (SOX) compliance?
9. Who does SOX apply to?
10. Which compliance standard is most often used to address SOX?
11. What is Gramm Leach Bliley Act (GLBA)?
12. Who does GLBA apply to?
13. Which compliance standard is most often used to address GLBA
?
14. What is NERC-CIP?
15. Who does NERC-CIP apply to?
16. What is the importance of CID AAC-03.1 to cloud computing?
17. Which portion(s) of CIA does CID DSI-03.1 impact?
18. If you ha
ve logical controls (technical controls) why is DCS-08.1 important?
19. Why is IVS-03.1 important for security services? (Hint: Man in the Middle and
Injection)
20. What is a good tool and standard to meet IVS-07.1? (Hint: You used then in Lab
2)
21. What laws and compliance standards should Bank of America be most concerned
with? Why?
22. What laws and compliance standards should Amazon be most concerned with?
Why?
23. What laws and compliance standards should American Airlines be most
concerned with? Why?
24. What laws and compliance standards should Progress Energy be most concerned
with? Why?
25. What laws and compliance standards should Walmart be most concerned with?
Why?
26. What laws and compliance standards should Lockheed Martin be most concerned
with? Why?
27. What laws and compliance standards should Twitter be most concerned with?
Why?
28. What laws and compliance standards should Darden be most concerned with?
Why?
For this short paper activity, you will learn about the three delays model, which explains…
Topic : Hospital adult medical surgical collaboration area a. Current Menu Analysis (5 points/5%) Analyze…
As a sales manager, you will use statistical methods to support actionable business decisions for Pastas R Us,…
Read the business intelligence articles: Getting to Know the World of Business Intelligence Business intelligence…
The behaviors of a population can put it at risk for specific health conditions. Studies…