all right. CCS p students, we are almost there. We are in the final domain, the last frontier, and that is domain six, where we talk about legal and compliance issues. So, out of all the domains, this one is the one that is least
on the exam. I mean, something like I think they said 12 13%. But still, we want to make sure that we know because understanding legal issues of the cloud and you can bet these air gonna evolve over time.
That's an important element of what we're gonna do. So in this chapter, we're gonna just talk about some basic legal concepts, you know, not even necessarily specific to the cloud. But ideas like due diligence and do care. We'll talk about some legal control specifically in relation to the cloud service provider.
Talk about standard privacy requirements, and I will stress now, and I will stress then the U. S has not primarily been a real leader
in protecting the privacy of personal information. So we're gonna look at that. We'll also look at how some other countries deal with privacy concerns. All right, So internal I s M s information, security management systems.
It's a matter of fact. That's the whole purpose of the ice. 0 27,000 won frameworks. Who will look there?
Enterprise risk management, the cloud. Everything starts with risk management as it should.
Business requirements, Hopefully with talked about business requirements enough so that we've got that idea of how crucial it is that everything we do is founded in the needs of the business.
Third party governance in our organization, we need a team devoted to ensure that the needs of the organization or met through any sort of third party outsourcing we've talked about that will just review a couple of ideas. Cloud Security Alliance, Star Security Trust and Assurance Registry
third party to evaluate C. S P s essentially
and then supply chain management. We can't forget the supply chain can introduce vulnerabilities into what we're doing. So that's what we're gonna cover in domain six of legal and compliance