3.10 Legal

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
now, Additionally, we have some legal risks. So particularly if you're an organization that has to be compliant with hip hop or Sarbanes Oxley, P C I. D. S s isn't legally enforced, the industry self regulating. But that's still a compliance issue.
So we have to look. And we have to think about what? Our requirements, particularly with personally identifiable information, personal financial information, health care information. Again,
when we're storing that on the cloud, we maintain our liability. You cannot outsource liability, Right? We've talked about that multiple times. So the service level agreements must be well written. They must match our needs or exceed them. And we have to audit
now other issues you know, not just for ma's and standpoint of compliance.
Another concern about anything. The cloud is where What is the location of our data? Who has jurisdiction over data,
you know, Where's it stored? Individual countries have different walls and requirements in relation to privacy, some arm or summer less. There are company countries, certainly that don't have the same laws with due process and seizure evidence.
Jurisdiction is always a concern.
Law enforcement issues. What if there is evidence of a crime on the physical server that stores our information. Where are, you know, virtual resource is reside, right?
Who sees is You know, what happens if that physical server get sees? What happens if we have a crime, Some sort of compromise, some sort of improper access.
Who does the forensics? How do we You know, can that physical Dr be turned over to law enforcement?
There are a 1,000,000 questions to answer, which is why what we continue to stress. You can't just assume I cannot tell you how many managers just off the cuff say they'll take care of that better than we will. There are so many aspects to security
that we don't think about just saying offhandedly they got this. They're bigger company. They can deal with it better than we were.
Alfie, how many incidents there have been where organizations don't meet their service level agreements? I can promise you the world you have to make sure that I deliver on those promises.
Um, other issues. Licensing of software. Well, when I'm using software as a service, that's not my issue, right? We, you know, purchases, subscription, so to speak, to Microsoft office. Whatever.
All that stuff's taking care of us. Well, if we have infrastructure is a service, the software I put on my systems has to be properly licensed, and we need to again ensure that we're not in violation of copyright or any of those other issues. Usually with licensing you can paper CPU or the number of users.
What your choice.
That's driven by your needs. But, um,
it's our responsibility to make sure we have proper licensing,
not said.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By