this module, we started out reviewing the information governance domains. It's important you understand your information governance requirements as part of your plan to move data into the cloud
and extending information governments to the cloud. It requires both contractual and security controls.
You can then use the data security lifecycle toe, identify controls and functions that you want a limit that different actors can perform
as locations may require different controls. You will have multiple data security life cycles.
A bigger point that we didn't touch on but that's worth reiterating is that migrating to the cloud provides an excellent opportunity to identify and address information governance issues. If it's undefined or it's very vague, this is a good opportunity to clearly define it. And if it's outdated and old, this is a great opportunity to revise it.
Let's take a few quiz questions, much like those you'll encounter on the exam.
Which of the following locations are considered part of the data security lifecycle location of data, location of the access device, location of the data center
or A and B. The answers on Lee one of these
and the answer is D A and B. The location of the data center is kind of a trick to it.
C location of the data center
is kind of a trick question, because location of the data itself
C location of the data center is kind of a trick question. Oftentimes you'll find as you get to
as you gain a more intimate understanding of cloud providers and their capabilities. What you'll come to find is that data itself is rarely located in a single data center. They have this concept of availability zones where data gets replicated across multiple different data centers within a particular region. To prevent outages,
however, you can still get a good feel for the location of the data. The general reason that that data resigns in
and of course, the device that your client employees customers using to access the data is also a key factor.
What determines the functions actors are allowed to perform or not
information classification, information, governance, contractual controls or the access device.
So in the exam, you're gonna have situations where multiple answers appear correct, and that really requires you have a solid understanding of the concepts and the terminologies to determine off those potentially correct answers. Which one really have the strongest impact?
So we'll walk through each one of these answers because this question very much falls into that category. Entitlements are what give you the permission to perform certain actions. So, in other words, entitlements is the answer. That is what determines the functions that a particular actor can perform.
However, information classification would be a factor in determining what are those entitlements. So it does help in the determination, but it's a second degree removed from explicitly defining those functions. Information governance. Well, that's the general policy and procedure, which
this domain certainly falls into.
But it's not nearly is directly involved in determine those specifics, as entitlements are contractual controls, which are a great method for us to enforce information, governance and making sure that the providers there. But they're not again but again, not involved as direct as the entitlements and access device
certainly could be a criteria. You may have different entitlements
for the same actor to perform functions depending on the device from which they're accessing, but again it's gonna come back to the entitlements, which is why a is the answer for this question and that does wrap it up for this. Focus on domain five. Next up, we have domain six management plane in business continuity. So see you there shortly.