Domain 4 Knowledge Recap

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:02
>> Let's recap what we learned about domain 4.
00:02
We started off reviewing
00:02
the basics of compliance and audits.
00:02
We talked about the GRC discipline and we learned that
00:02
audits are key tool for proving or disproving compliance.
00:02
We proceeded to review the specifics of how
00:02
compliant and audits are
00:02
affected when you're working in the Cloud.
00:02
This included the concept of compliance inheritance,
00:02
and pass through audits
00:02
and we also honed in on the importance of staying
00:02
informed of changes to
00:02
the Cloud providers compliance by
00:02
service and geography or jurisdiction.
00:02
Cloud customers should evaluate
00:02
our providers third party attestations and
00:02
certifications to support their compliance obligations.
00:02
When we completed that, we talked about
00:02
the audit management process.
00:02
A key point being compliance,
00:02
audit and assurances should be
00:02
continuous for both customers and providers.
00:02
Compliance is not a one and done activity,
00:02
it is an ongoing way of operating.
00:02
Then we close it out reviewing some of
00:02
the popular standards and compliance certifications.
00:02
Let's take a few quiz questions to close out this module.
00:02
What is true about an attestation?
00:02
It's illegal statement from a third party.
00:02
It's a testimony in the court of law,
00:02
it can only be performed by
00:02
a legal official or it is another term for audit,
00:02
only one of these is correct.
00:02
An affidavit is a written statement of
00:02
facts sworn to and signed by somebody being
00:02
deposed before a notary public or
00:02
some other authority having
00:02
the power to witness and oath,
00:02
that's a mouthful and
00:02
attestation is not quite an affidavit,
00:02
however, it is
00:02
a legal statement in writing from a third party.
00:02
Attestation is not a testimony in a court of law,
00:02
individuals other than illegal official can perform
00:02
attestations in the event of a successful audit
00:02
an attestation would be provided by
00:02
the auditor saying the Cloud provider is
00:02
compliant pursuant to whichever regulations
00:02
at the audit was performed for.
00:02
Moving on when evaluating
00:02
the Cloud providers audit report,
00:02
what should you pay particular attention to?
00:02
Whether or not the auditor has their CCSK,
00:02
services and jurisdiction of the audit,
00:02
the date of the audit report,
00:02
or the auditor's conclusion.
00:02
All of these are things you want to play attention to,
00:02
but what of these is the most important?
00:02
You're going to get questions like this on
00:02
the exam where you have to make a judgment call.
00:02
Let's walk through the potential answers
00:02
and I'll highlight the correct one,
00:02
whether or not the auditor has their CCSK.
00:02
That's something we've talked
00:02
about and it's something that
00:02
definitely makes sense when the auditor
00:02
is auditing a Cloud provider,
00:02
so that they're familiar with
00:02
the nuances of working in the Cloud.
00:02
However, that's not going to be the most important thing.
00:02
B is services and jurisdiction of the audit.
00:02
Honestly, that is going to be the most important thing,
00:02
if the audit does not pertain to
00:02
some or all of the services that you're using
00:02
or interested in and it's not
00:02
applicable to the jurisdiction that you're using it in,
00:02
then the audit report itself
00:02
doesn't really apply to you and
00:02
it's really not worth
00:02
spending your time continuing to read.
00:02
The date of the audit is important you don't
00:02
want a really old audit and then of course,
00:02
the auditor's conclusion is
00:02
also going to be very important.
00:02
But of these, B describes the area that
00:02
you want to pay the most attention to in an audit report.
00:02
That wraps it up for
00:02
this module and the domain for discussion.
00:02
Go get yourself a glass of water and
00:02
returns so we can continue with Domain 5.
Up Next