Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:02
this module, we started out reviewing the information governance domains. It's important you understand your information governance requirements as part of your plan to move data into the cloud
00:13
and extending information governments to the cloud. It requires both contractual and security controls.
00:19
You can then use the data security lifecycle toe, identify controls and functions that you want a limit that different actors can perform
00:27
as locations may require different controls. You will have multiple data security life cycles.
00:33
A bigger point that we didn't touch on but that's worth reiterating is that migrating to the cloud provides an excellent opportunity to identify and address information governance issues. If it's undefined or it's very vague, this is a good opportunity to clearly define it. And if it's outdated and old, this is a great opportunity to revise it.
00:56
Let's take a few quiz questions, much like those you'll encounter on the exam.
01:00
Which of the following locations are considered part of the data security lifecycle location of data, location of the access device, location of the data center
01:11
or A and B. The answers on Lee one of these
01:15
and the answer is D A and B. The location of the data center is kind of a trick to it.
01:23
C location of the data center
01:25
is kind of a trick question, because location of the data itself
01:30
see us
01:32
C location of the data center is kind of a trick question. Oftentimes you'll find as you get to
01:38
as you
01:41
as you improve
01:42
as you gain a more intimate understanding of cloud providers and their capabilities. What you'll come to find is that data itself is rarely located in a single data center. They have this concept of availability zones where data gets replicated across multiple different data centers within a particular region. To prevent outages,
02:02
however, you can still get a good feel for the location of the data. The general reason that that data resigns in
02:09
and of course, the device that your client employees customers using to access the data is also a key factor.
02:23
What determines the functions actors are allowed to perform or not
02:28
entitlements,
02:30
information classification, information, governance, contractual controls or the access device.
02:38
So in the exam, you're gonna have situations where multiple answers appear correct, and that really requires you have a solid understanding of the concepts and the terminologies to determine off those potentially correct answers. Which one really have the strongest impact?
02:55
So we'll walk through each one of these answers because this question very much falls into that category. Entitlements are what give you the permission to perform certain actions. So, in other words, entitlements is the answer. That is what determines the functions that a particular actor can perform.
03:14
However, information classification would be a factor in determining what are those entitlements. So it does help in the determination, but it's a second degree removed from explicitly defining those functions. Information governance. Well, that's the general policy and procedure, which
03:32
this domain certainly falls into.
03:35
But it's not nearly is directly involved in determine those specifics, as entitlements are contractual controls, which are a great method for us to enforce information, governance and making sure that the providers there. But they're not again but again, not involved as direct as the entitlements and access device
03:53
certainly could be a criteria. You may have different entitlements
03:58
for the same actor to perform functions depending on the device from which they're accessing, but again it's gonna come back to the entitlements, which is why a is the answer for this question and that does wrap it up for this. Focus on domain five. Next up, we have domain six management plane in business continuity. So see you there shortly.

Up Next

Certificate of Cloud Security Knowledge (CCSK)

This course prepares you to take the Certificate of Cloud Security Knowledge (CCSK) certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.

Instructed By

Instructor Profile Image
James Leone
Cloud, IoT & DevSecOps at Abbott
Instructor