Domain 5 Knowledge Recap

00:02

this module, we started out reviewing the information governance domains. It's important you understand your information governance requirements as part of your plan to move data into the cloud

00:13

and extending information governments to the cloud. It requires both contractual and security controls.

00:19

You can then use the data security lifecycle toe, identify controls and functions that you want a limit that different actors can perform

00:27

as locations may require different controls. You will have multiple data security life cycles.

00:33

A bigger point that we didn't touch on but that's worth reiterating is that migrating to the cloud provides an excellent opportunity to identify and address information governance issues. If it's undefined or it's very vague, this is a good opportunity to clearly define it. And if it's outdated and old, this is a great opportunity to revise it.

00:56

Let's take a few quiz questions, much like those you'll encounter on the exam.

01:00

Which of the following locations are considered part of the data security lifecycle location of data, location of the access device, location of the data center

01:11

or A and B. The answers on Lee one of these

01:15

and the answer is D A and B. The location of the data center is kind of a trick to it.

01:23

C location of the data center

01:25

is kind of a trick question, because location of the data itself

01:30

see us

01:32

C location of the data center is kind of a trick question. Oftentimes you'll find as you get to

01:38

as you

01:41

as you improve

01:42

as you gain a more intimate understanding of cloud providers and their capabilities. What you'll come to find is that data itself is rarely located in a single data center. They have this concept of availability zones where data gets replicated across multiple different data centers within a particular region. To prevent outages,

02:02

however, you can still get a good feel for the location of the data. The general reason that that data resigns in

02:09

and of course, the device that your client employees customers using to access the data is also a key factor.

02:23

What determines the functions actors are allowed to perform or not

02:28

entitlements,

02:30

information classification, information, governance, contractual controls or the access device.

02:38

So in the exam, you're gonna have situations where multiple answers appear correct, and that really requires you have a solid understanding of the concepts and the terminologies to determine off those potentially correct answers. Which one really have the strongest impact?

02:55

So we'll walk through each one of these answers because this question very much falls into that category. Entitlements are what give you the permission to perform certain actions. So, in other words, entitlements is the answer. That is what determines the functions that a particular actor can perform.

03:14

However, information classification would be a factor in determining what are those entitlements. So it does help in the determination, but it's a second degree removed from explicitly defining those functions. Information governance. Well, that's the general policy and procedure, which

03:32

this domain certainly falls into.

03:35

But it's not nearly is directly involved in determine those specifics, as entitlements are contractual controls, which are a great method for us to enforce information, governance and making sure that the providers there. But they're not again but again, not involved as direct as the entitlements and access device

03:53

certainly could be a criteria. You may have different entitlements