What is the first stage of the cloud data lifecycle where security controls can be implemented?
What is the first stage of the cloud data lifecycle where security controls can be implemented?
The first stage of the cloud data lifecycle where security controls can be implemented is the 'Create' phase. During this phase, data classification and labeling occur, which are foundational security controls. These classifications and labels guide the implementation of further security measures throughout the data lifecycle. Implementing security controls from the beginning ensures that data is appropriately protected based on its classification, making 'Create' the initial phase for applying security measures.
While security controls are implemented in the create phase in the form of SSL/TLS, this only protects data in transit and not data at rest. The store phase is the first phase in which security controls are implemented to protect data at rest.
Create. as per CBK, Data classification is foundational security control. page 44, cbk 3rd edition.
In Create, you can only define the controls like classification, you cannot apply until you store them. store is correct answer.
In Create is the 1st phase where labels can be assign; In Store is the 1st phase where controls can be implemented.
I disagree with this option. It should be option D, the "create" phase.
So, what security do you think can be implemented while creating data?
The Create phase presents the greatest opportunity to classify data according to its sensitivity, ensuring that the right security controls are implemented from the beginning.
Should be "D". Data classification is done during the create phase.
Store The Store phase often happens in tandem with (or immediately after) the Create phase. During this phase, the created or modified data is saved to some sort of digital repository within the application or system. Storage can be in the form of saved files on a filesystem, rows and columns saved to a database, or objects saved in a cloud storage system. During the Store phase, the classification level assigned during creation is used to assign and implement appropriate security controls. Controls like encryption (at rest), Access Control Lists (ACLs), logging, and monitoring are important during this phase. In addition, this phase is when you should consider how to appropriately back up your data to maintain redundancy and availability
Store no hay duda
security controls can be initially implemented at the create phase as well, specifically in the form of technologies such as SSL/TLS with data that is inputted or imported.
While security controls are implemented in the create phase in the form of SSL/TLS, this only protects data in transit and not data at rest. The store phase is the first phase in which security controls are implemented to protect data at rest.
But the question doesnt mention data in transit
This is a tricky question to try and trip you up. It says "the first stage" making it sound like the first phase in the data life cycle world, which would be "Create." However, "Store" is the right answer, because in the "Create" phase the data owner is defined, then data is categorized, classified, labeled, tagged and marked. And if created remotely, data should be encrypted, and connections secured (VPN) and secure key management practices should be practiced. Now, in the "Store" phase which occurs almost concurrently with the "Create" phase is where it's immediately important to employ: The use of backup methods on top of security controls to prevent data loss. Additional encryption for data at rest. DLP and IRM technologies are used to ensure that data security is enforced during the Use and Share phases of the cloud data lifecycle.
B is the correct choice - the CCSP official study indicates this is the first stage where security controls can be implemented to protect data at rest.
Yes I do agree here
Create
Create - as has been said throughout the comments, data classification and labeling is most certainly a "security control" as defined in NIST SP 800-53, ISO 27001, HITRUST, etc. (look up "information handling" in the control sets).