Security                                                   7


            3.1.6   cloud service derived data  [b-ITU-T Y.3500]: Class of data objects under cloud service provider
            control that are derived as a result of interaction with the cloud service by the cloud service customer.

            3.1.7   cloud service provider [b-ITU-T Y.3500]: Party which makes cloud services available.
            3.1.8   cloud service user [b-ITU-T Y.3500]: Natural person, or entity acting on their behalf, associated with
            a cloud service customer that uses cloud services.
            NOTE – Examples of such entities include devices and applications.
            3.1.9   infrastructure  as  a  service  (IaaS)  [b-ITU-T  Y.3500]:  Cloud  service  category  in  which  the  cloud
            capabilities type provided to the cloud service customer is an infrastructure capabilities type.
            3.1.10  multi-tenancy [b-ITU-T Y.3500]: Allocation of physical or virtual resources such that multiple tenants
            and their computations and data are isolated from and inaccessible to one another.
            3.1.11  platform as a service (PaaS) [b-ITU-T Y.3500]: Cloud service category in which the cloud capabilities
            type provided to the cloud service customer is a platform capabilities type.
            3.1.12  party [b-ITU-T Y.3500]: Natural person or legal person, whether or not incorporated, or a group of
            either.
            3.1.13  personally identifiable information [b-ISO/IEC 29100]: Any information that (a) can be used to
            identify the PII principal to whom such information relates, or (b) is or might be directly or indirectly linked
            to a PII principal.
            3.1.14  PII principal [b-ISO/IEC 29100]: Natural person to whom the personally identifiable information (PII)
            relates.
            NOTE – Depending on the jurisdiction and the particular data protection and privacy legislation, the synonym "data
            subject" can also be used instead of the term "PII principal".
            3.1.15  software as a service (SaaS) [b-ITU-T Y.3500]: Cloud service category in which the cloud capabilities
            type provided to the cloud service customer is an application capabilities type.
            3.1.16  tenant [b-ITU-T Y.3500]: One or more cloud service users sharing access to a set of physical and
            virtual resources.
            3.1.17  threat [b-ISO/IEC 27000]: Potential cause of an unwanted incident, which may result in harm to a
            system or organization.

            3.2     Terms defined in this Recommendation
            None.


            4       Abbreviations and acronyms

            This Recommendation uses the following abbreviations and acronyms:
            CSC     Cloud Service Customer

            CSP     Cloud Service Provider
            CSU     Cloud Service User

            IaaS    Infrastructure as a Service
            PaaS    Platform as a Service
            PII     Personally Identifiable Information

            SaaS    Software as a Service


            5       Conventions
            None.



                                                                                                        1009