Hello, everybody. And welcome to the introduction to Cloud Security. My name is Nicholas Moy and this issue, and we're gonna be covering the basics to Security and the cloud. So let's go ahead and get started.
Uh, basically, when we're talking about security in the cloud, we're talking about making sure that you don't get breached, making sure that you that your information is kept secure. It's kept private. That's you are constantly staying available so that your business is able to use the service is and the information required
and making sure that nobody can tamper
with any of that information that you are holding onto whether that's, you know, corporate secrets or that is personally identifiable information or whatever. And really,
what we're going to talk about this lecture is the different types of regulated data and frameworks out there to kind of make sure that you are doing exactly that, that you're making sure that none of your information is going to be left out into the open, especially when you're used in the cloud
and making sure that's you aren't gonna get finds by any of those regulated data
governing boards like, you know, hip of PC I. Things like that. So
to start off with, I want to talk about ice. So I said 27,000. No one is one that any of you security engineers have probably have heard of. And basically, it's gonna be specifying the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving
the documented information security management system
within the context of the organization's overall business risk.
That's a lot. And for any of you who have had to deal with ice so at all, basically, what you're doing is making sure that you have the correct security controls and that's you are Ah, there you have the correct security controls within your organization, and that's your
constantly improving and documenting on the information for that information security management system that
handles all those controls
quickly. What I so 27,000 won is going to do is help you maintain and manage that information security management system that basically governs the controls. Thio allow your organization to stay confidential to stay and Tigris, and to stay available
for all those business use cases and
for all those business needs that you have in order to operate on a day to day basis in order to stay profitable in to meet your organization's ah strategic goals in the future.
Fed Ramp stands for the federal risk and Authorization management program.
This is basically a government wide program that provides a standardized approach to security assessments, authorization and continuous monitoring for cloud products. And service is
I think I should include that.
HIPPA stands for the Federal Health Insurance Portability and Accountability Act of 1996. This is the primary goal.
The next type of regulated data that I want to talk about is hip hop, so Hip o stands for the Health Insurance Portability and Accountability Act and is a law that was passed in United States by the federal government. This law provides data privacy and security for
safeguarding medical information insurance things like that for the patients.
And when you're dealing with the cloud, you can use the cloud to to store and to handle sensitive information that is regulated by HIPPA. But there are certain ways to go about that and this sexual we're gonna be covering how you confined Claude vendors that will
provide guidance and provide you the ability with the correct
security controls to
handle HIPPA. Next on our list is P C I. D. S s. Which stands for the payment card industry data security standard.
This is a widely accepted set of policies and procedures that are basically intended to optimize the security for the credit debt cash card transactions and to protect cardholders against misuse of their personal information.
You can use the cloud to do things with P. C. I D assess, you know, building applications
that's accept payments and things like that.
Ah, but there are certain ways to go about that. And just like with hip, we're gonna be assessing certain cloud vendors to find out if they can handle P. C. I. D. S s type data to make sure that whatever you're building, whatever you're going to be transitioning or using the cloud for is going thio still fall within
within regulated means for PC idea cess along with hip, another
regulated types of data. So let's go ahead and jump right into our Web browser and take a look and see
with these cloud providers offer us for a CZ accreditations and compliance