Domain 6: Legal, Risk and Compliance

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Here we are Domain 6,
00:00
our final domain, legal, risk and compliance.
00:00
In this lesson, we want to provide
00:00
an overview of Domain 6.
00:00
Talk about the importance of the concepts in
00:00
Domain 6 and relate
00:00
the concepts in Domain 6 to
00:00
the other five domains that we've
00:00
covered so far in this course.
00:00
Domain 6, legal, risk and compliance.
00:00
I hope you see that legal,
00:00
risk and compliance has really been
00:00
a continual theme throughout all of
00:00
the domains we've covered so far in this course.
00:00
We've always talked about understanding
00:00
your Cloud infrastructure and
00:00
your business model and making
00:00
appropriate considerations
00:00
regarding the Cloud security risk
00:00
that affected which service or deployment model use,
00:00
what data you are really
00:00
needing to protect in the Cloud,
00:00
ensuring that you really had the proper tools and
00:00
controls in place to provide
00:00
secure security operations and Cloud infrastructure.
00:00
Then ultimately, in this module,
00:00
we're going to focus more on
00:00
the specific laws and regulations that are
00:00
applicable to the Cloud based on your country
00:00
and based on the industry you're operating in.
00:00
Then we want to go into a deeper discussion of
00:00
risk management at the enterprise level,
00:00
we've talked about specific Cloud security risk,
00:00
but now we want to take it
00:00
back to a higher level and see how
00:00
enterprise risk management is
00:00
employed within the Cloud environment.
00:00
Then ultimately we want to finish out by focusing on,
00:00
how do we demonstrate third party validation of many of
00:00
the controls that either
00:00
our organization has in the Cloud
00:00
or the controls of organizations that we are leveraging.
00:00
Then more broadly, how do we manage
00:00
these relationships with third parties in the Cloud?
00:00
That's one of the benefits of
00:00
cloud computing and cloud models
00:00
is that you're able to utilize
00:00
applications and services and
00:00
hosting from all these different vendors that
00:00
provide you economies of scale and cost savings.
00:00
However, that also amplifies the amount,
00:00
number of risks and potential points of
00:00
weakness that are out there.
00:00
How do you ensure that you do appropriate due diligence,
00:00
thinking about the risks associated with your vendors?
00:00
Let's reflect a moment. What laws and
00:00
regulations apply to your industry or business model?
00:00
Sometimes if you're not specifically in a function where
00:00
you're thinking about security or risk,
00:00
some of the laws and regulations can just feel
00:00
cumbersome or just an add on.
00:00
However, I hope you will see
00:00
that the laws and regulations that
00:00
apply to Cloud environments and in general, businesses,
00:00
really help lay the rules of the road that keep
00:00
business operating within lines
00:00
of safety and really honoring
00:00
the commitment they have to their customers to
00:00
protect their data and also help them curb some of
00:00
their worst impulses when it comes to taking
00:00
undue risks in the Cloud and talking about risks,
00:00
our second question is, how does
00:00
your organization manage risk?
00:00
This is one thing that I think
00:00
organizations don't often do well and often
00:00
the notion of risk to
00:00
the average person connotes like fear, but risk,
00:00
it really is more
00:00
a statistical concept that everything happens
00:00
probabilistically and you need to
00:00
really weigh how likely certain outcomes are,
00:00
and protect yourself accordingly from
00:00
the downside of those outcomes.
00:00
Doing so helps your organization avoid
00:00
unnecessary costs and potentially just
00:00
stay in business by avoiding certain risk,
00:00
it helps you capture the upside potential
00:00
that taking risks in business entails.
00:00
Then lastly, our third question is,
00:00
how many third parties does
00:00
your organization rely on
00:00
to provide your product and a service?
00:00
This is interesting where
00:00
the more companies rely on Cloud services,
00:00
there are more and more third parties
00:00
that get introduced and then
00:00
those third parties have
00:00
their own third parties that help provide their services.
00:00
This really creates a cascading effect where
00:00
one vulnerability can really
00:00
affect a larger swath of companies.
00:00
Which is why vendor risk management
00:00
and appropriate communications and
00:00
legal protections in the Cloud is
00:00
so essential to understanding
00:00
how to have an effective business and get the most out
00:00
of the Cloud while minimizing the downside.
00:00
In summary, we talked about the topics
00:00
covered in Domain 6.
00:00
I hope you see the importance of laws,
00:00
regulations, and compliance.
00:00
Then we talked about how these concepts of laws,
00:00
risks, regulations,
00:00
and compliance have really permeated all of
00:00
our past domains that we've talked
00:00
about and how it really applies to your organization.
00:00
I'll see you in the next lesson.
Up Next