Domain 6 Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
Here we are. The end of domain six.
00:05
In this lesson, we'll review the topics we covered in domain six laws, regulations and compliance.
00:11
And then we talked about the importance of these concepts. We covered the domain six, such as um vendor management, risk management, how these things apply to many of the concepts that we've gone over and past domains
00:25
Domain Six. There were really three distinct themes. First, we talked about laws and regulations. The difference, what is a law versus regulation versus standard versus a framework. Many of the common laws and regulations that exist out there that govern data
00:42
by type as well as by industry. And then we went into detail in the GDP are section about
00:48
how this is changing the laws regarding penalties for data breach and disclosure, as well as granting individuals more autonomy and control over their data, at least for citizens of the european union.
01:00
Then we went into the risk management section that talked about the process for identifying risks, how you can respond to risks and then how to think about risk in the cloud. In many ways, this whole certification is about understanding risk and cloud environments and figuring out ways to protect
01:18
and protect data and respond to those risks
01:21
according to best practices.
01:23
We finished up with thinking about how to do vendor management and how, you know, you really rely on a lot of vendors in the cloud and how to appropriately vet the risk associated with those vendors, protect yourself using contracts as well as controls when implementing vendors. And we talked about
01:42
sock reports specifically,
01:44
um in order to identify many of the controls and risk associated with vendors,
01:51
right
01:52
to reflect a moment first, how could your companies
01:56
plans for expansion or use of the cloud be impacted by laws and regulations? We discussed,
02:02
you know, in many ways, companies uh
02:06
don't often think proactively about some of the laws that could impact them and it really can slow down your ideas of expansion or compliance if you don't really think about these laws, regulations ahead of time, and especially given the geographically dispersed nature of the cloud and where providers may be based.
02:24
The second question is how could your risk management process be improved? And we talked about initially, do you understand how your organization thinks about it manages risks? Well, I hope now you have a more robust understanding of risk management about how it can be, innate, how it can able your organization to potentially take more risk to achieve its goals,
02:42
but also covering the downside and understanding how to respond appropriately to risk.
02:49
Lastly, how many 3rd parties does your organization rely on to provide your product or service? And how do you define?
02:57
Do you have a defined vendors vendor management process?
03:01
We talked about how the cloud, you're constantly relying on cloud carriers, different platforms, different cloud based applications. You really need to have a robust process to assess the risk associated with those third parties and onboard them effectively monitor those risks and then ultimately off board them at the end of their life cycle.
03:22
All right. So in summary, we cover the topics in doing six. I hope you see how the these topics regarding laws, regulations and risk permeate everything we've talked about. And then we talked about how those concepts connect and affect your organization.
03:37
All right, well, I hope you enjoyed module six. Thank you.
Up Next