ehehe

filters out electrical surges and spikes involves the creation and dissemination of content through social networks using the Internet.

siphoning out or leaking information by dumping computer files or stealing computer reports and tapes

(a)  

refers to devices that are transported or moved during normal usage

(a)  

Cloud Computing- is a distributed architecture where tasks or workloads are shared between peers

P2P -model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction

Request the CSP’s list of infrastructure locations and verify that regulation in those locations is aligned with the enterprise’s requirements, include terms in the contract to restrict the moving of enterprise assets to only those areas known to be compliant with the enterprise’s own regulation and prevent disclosure, encrypt any asset prior to migration to the CSP and ensure proper key management is in place.

Request the CSP’s technical details for approval and require additional controls to ensure data privacy, when necessary, a contractual agreement is necessary to officially clarify who is allowed to access the enterprise’s information, naming specific roles for CSP employees and external partners. All controls protecting the enterprise’s information assets must be clearly documented in the contract agreement or service level agreement (SLA) and use a private cloud deployment model (no multi-tenancy).

Require that the purchase of cloud services follow the established procedures. Ensure executive management support for this.

If possible include a right of audit in the contract and include in the contract language that requires the CSP to be aligned with the enterprise’s security policy and to implement necessary controls to ensure it.

Ask the CSP to include the enterprise in its incident management process that deals with notification of collateral events, include contract clauses and controls to ensure that the enterprise’s contracted capacity is always available and cannot be directed to other tenants without approval and use a private cloud deployment model (no multi-tenancy).

Request CSP’s technical specifications and controls that ensure that data are properly wiped and backup media are destroyed when requested and include terms in the contract that require, upon contract expiration or any event ending the contract, a mandatory data wipe carried out under the enterprise’s supervision.