Nt1330 Unit 3

Words: 519
Pages: 3

Question 3:
“The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” (Stallings, 2015, p. 12).
1. Can the solution support our OS platforms and run our applications, does the solution meet our I/O requirements and how much control do I retain over my data?
Cloud virtualization technology makes it possible to use multiple types of data, applications, and content within the same physical server and to distribute copies of those assets quickly and easily among multiple servers. It is important to retain end to end, lifecycle control over on how the data flows and how it is physically stored. When data is created, there should be a client controlled system for capturing the content of files, documents, or messages, policies for uploading the content, and centralized control over which users and which devices can access or make changes to the content. During the cycle of the content, controls are needed to capture the edits and changes made by various authorized users. And at the end of the lifecycle, controls are needed to ensure that the content is properly archived or destroyed.
2.
…show more content…
What is the data protection strategies offered and how is data encrypted?
Encryption of all data, in transit, at rest, and in mobile devices, backups, RAID, mirroring, CDP, replication, snapshots should be the basis of any security solution.
3. What certifications for data protection have you accomplished or any other regulations that are relevant to the industry?
Preferably, the cloud vendor’s data centers will have successfully completed a SOC 1 audit under SSAE-16 standards as well as testing from independent auditors for certifications such as FISMA, HIPAA, PCI DSS, SOX, GLBA, NERC