12 hours 57 minutes
Here we are. The end of domain six.
In this lesson, we'll review the topics we covered in domain six laws, regulations and compliance.
And then we talked about the importance of these concepts. We covered the domain six, such as um vendor management, risk management, how these things apply to many of the concepts that we've gone over and past domains
Domain Six. There were really three distinct themes. First, we talked about laws and regulations. The difference, what is a law versus regulation versus standard versus a framework. Many of the common laws and regulations that exist out there that govern data
by type as well as by industry. And then we went into detail in the GDP are section about
how this is changing the laws regarding penalties for data breach and disclosure, as well as granting individuals more autonomy and control over their data, at least for citizens of the european union.
Then we went into the risk management section that talked about the process for identifying risks, how you can respond to risks and then how to think about risk in the cloud. In many ways, this whole certification is about understanding risk and cloud environments and figuring out ways to protect
and protect data and respond to those risks
according to best practices.
We finished up with thinking about how to do vendor management and how, you know, you really rely on a lot of vendors in the cloud and how to appropriately vet the risk associated with those vendors, protect yourself using contracts as well as controls when implementing vendors. And we talked about
sock reports specifically,
um in order to identify many of the controls and risk associated with vendors,
to reflect a moment first, how could your companies
plans for expansion or use of the cloud be impacted by laws and regulations? We discussed,
you know, in many ways, companies uh
don't often think proactively about some of the laws that could impact them and it really can slow down your ideas of expansion or compliance if you don't really think about these laws, regulations ahead of time, and especially given the geographically dispersed nature of the cloud and where providers may be based.
The second question is how could your risk management process be improved? And we talked about initially, do you understand how your organization thinks about it manages risks? Well, I hope now you have a more robust understanding of risk management about how it can be, innate, how it can able your organization to potentially take more risk to achieve its goals,
but also covering the downside and understanding how to respond appropriately to risk.
Lastly, how many 3rd parties does your organization rely on to provide your product or service? And how do you define?
Do you have a defined vendors vendor management process?
We talked about how the cloud, you're constantly relying on cloud carriers, different platforms, different cloud based applications. You really need to have a robust process to assess the risk associated with those third parties and onboard them effectively monitor those risks and then ultimately off board them at the end of their life cycle.
All right. So in summary, we cover the topics in doing six. I hope you see how the these topics regarding laws, regulations and risk permeate everything we've talked about. And then we talked about how those concepts connect and affect your organization.
All right, well, I hope you enjoyed module six. Thank you.
Certified Cloud Security Professional (CCSP) Practice Test
This practice test from CyberVista will help you prepare for the Certified Cloud Security Professional ...
Certified Cloud Security Professional (CCSP)
As you develop your skills for a cloud security engineer, architect, or manager role, you’ll ...
13 CEU/CPE Hours Available
Certificate of Completion Offered