Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?
Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?
The Cloud Controls Matrix (CCM) is a framework designed to provide fundamental security principles to guide cloud service providers and assist customers in assessing the overall security risk of a cloud provider. The domains in the CCM focus on various aspects of cloud security, including data center security, human resource security, and mobile security. However, budgetary and cost controls are more related to financial and managerial aspects rather than the core security domains covered by the CCM. Therefore, budgetary and cost controls are not a domain of the Cloud Controls Matrix.
https://cloudsecurityalliance.org/research/cloud-controls-matrix/ Answer is D
D is the correct answer.
The domain that is NOT a part of the Cloud Controls Matrix (CCM) is B. Human resources. The Cloud Controls Matrix (CCM) is a set of controls designed to provide fundamental security principles to guide cloud vendors and to assist customers in assessing the overall security risk of a cloud provider. The domains of CCM include: A. Data Center Security: Covers the physical and environmental security of the cloud provider's data center. C. Mobile Security: Deals with security considerations for mobile devices, such as smartphones and tablets. D. Budgetary and Cost Controls: Addresses the budgetary and cost controls of the cloud provider, such as pricing, billing, and chargeback. Therefore, option B, Human resources, is not a domain of the Cloud Controls Matrix (CCM
You are 100% wrong. It's D that isn't part of the CCM. A, B, and C are there.
why not Human Resources?
The domains covered in the new Cloud Controls Matrix (CCM) v4 are: Application & Interface Security Audit and Assurance Business Continuity Mgmt & Op Resilience Change Control & Configuration Management Data Security and Privacy - DSP (old DSI) Datacenter Security Cryptography, Encryption and Key Management Governance, Risk Management and Compliance Human Resources Security Identity & Access Management Infrastructure & Access Management Infrastructure & Virtualization Interoperability & Portability • Universal EndPoint Management Security Incident Management, E-Discovery & Cloud Forensics Supply Chain Management, Transparency & Accountability Threat & Vulnerability Management Logging and Monitoring
I'd double check the list provided, I did not see Logging and Monitoring although that seems like it should be part of the Matrix.
I'd double check the list provided, I did not see Logging and Monitoring although that seems like it should be part of the Matrix.
come on
B: Human resources
It's D. Budgetary and cost controls are not included in the Cloud Controls Matrix (CCM), which focuses on security, compliance, and risk management rather than financial aspects.
The Cloud Controls Matrix (CCM) is a cybersecurity control framework developed by the Cloud Security Alliance (CSA). It includes domains that address various security aspects of cloud computing, but budgetary and cost controls are not part of its focus. The CCM is designed to ensure cloud security, not financial management. Why the other options are part of CCM: A. Data center security → This falls under Infrastructure & Virtualization Security (IVS) and Facility Security (FS) domains in CCM. B. Human resources → Covered under Human Resources Security (HRS), which deals with security policies for employees. C. Mobile security → Addressed under Mobile Security (MOS), ensuring security for mobile and endpoint devices.