3.1 - CompTIA Security+

Responsibility matrix

A diagram that defines the security responsibilities of both the cloud service provider and the customer.

Software as a Service (SaaS)

A cloud service model where the provider hosts applications for customers, allowing access via the internet.

Platform as a Service (PaaS)

A cloud service model that provides a platform for customers to develop and manage applications without worrying about infrastructure.

Infrastructure as a Service (IaaS)

A cloud service model offering virtualized computing resources over the internet (hardware, firmware, etc).

Hybrid cloud

A cloud deployment model that combines both public and private cloud infrastructures.

Hybrid cloud considerations

Managing public/private cloud security policies, integrating cloud environments with existing on-premise infrastructure.

Third-party vendors

External entities providing cloud services to businesses using various cloud models. As a third party, careful consideration regarding cloud service provider selection, contract negotiation, service performance, compliance, and communication practices is paramount.

Infrastructure as Code (IaC)

A software engineering practice that manages infrastructure through machine-readable definition files (e.g., XML, JSON).

Serverless architecture

A cloud deployment where the provider manages infrastructure and scales resources dynamically.

Microservices

Independent components running each application process as a service, communicating via lightweight APIs.

Air-gapped

A type of network isolation that physically separates a host from other networks.

Logical segmentation

Network topology management to restrict communication between network segments.

Software-defined networking (SDN)

Centralized control over a network’s structure, allowing dynamic configuration and improved management.

Management plane

Highest layer in SDN - monitors traffic conditions and network status.

Control plane

Makes decisions about how data should be forwarded/secured.

Data plane

Handles traffic switching/routing, and implementation of security controls.

On-premises network

A private network facility that an organization owns for employee use.

Centralized computing architecture

A model where all data processing/storage is performed in a single, central location.

Decentralized computing architecture

A model where data processing and storage are distributed across multiple locations.

Containerization

Virtualization technology for packaging applications into containers for easier deployment.

Application virtualization

A software delivery model streaming code from a server to clients.

Desktop virtualization

Technology enabling a desktop OS to run in a virtual environment on a server.

Internet of Things (IoT)

A network of interconnected devices communicating and exchanging data over the internet.

Industrial control systems (ICS)

Networks managing embedded devices and controlling automation processes.

Supervisory control and data acquisition (SCADA)

A type of ICS managing large-scale devices across wide geographical areas.

Embedded systems

Electronic systems designed for specific, dedicated functions.

High availability

An approach ensuring systems remain operational for maximum uptime.

Resilience (CSPs)

Cloud capabilities ensuring data remains available even during failures.

Scalability

The ability to dynamically expand or contract capacity based on demand.

Ease of deployment

Features allowing easy implementation of cloud infrastructure.

Risk transference

Shifting the financial burden of security risk to another party.

Ease of recovery

Features allowing organizations to regularly backup and restore data.

Patch availability

The accessibility of patches for cloud environments including automated management.

Inability to patch

Challenges organizations face in applying updates due to various factors.