Domain 6 Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Here we are at the end of Domain 6.
00:00
In this lesson, we'll review the topics
00:00
we covered in Domain 6,
00:00
laws, regulations, and compliance,
00:00
and then we talk about the importance of
00:00
these concepts that we covered in the Domain 6,
00:00
such as vendor management, risk management,
00:00
how these things apply to many of the concepts that
00:00
we've gone over and pass domains.
00:00
In Domain 6, there were really three distinct themes.
00:00
First, we talked about laws and regulations.
00:00
The difference, what is a law versus
00:00
a regulation versus standard versus a framework.
00:00
Many of the common laws and
00:00
regulations that exist out there that
00:00
govern data by type as well as by industry.
00:00
Then we went into detail in the GDPR section about how
00:00
this is changing the laws regarding
00:00
penalties for data breach and disclosure,
00:00
as well as granting individuals
00:00
more autonomy and control over their data,
00:00
at least for citizens of the European Union.
00:00
Then we went into the risk management section that talked
00:00
about the process for identifying risks.
00:00
How you can respond to risks,
00:00
and then how to think about risks and the Cloud.
00:00
In many ways,
00:00
this whole certification is about understanding risks and
00:00
Cloud environments and figuring out ways
00:00
to protect data and
00:00
respond to those risks according to best practices.
00:00
We finished up with thinking about how
00:00
to do vendor management and
00:00
how you really rely on a lot of vendors in
00:00
the Cloud and how to appropriately
00:00
vet the risks associated with those vendors.
00:00
Protect yourself using contracts as
00:00
well as controls when implementing vendors.
00:00
We talked about SOC reports specifically in order
00:00
to identify many of the controls
00:00
and risks associated with vendors.
00:00
It's reflect a moment. First,
00:00
how can your company's plans for
00:00
expansion or use of the Cloud be
00:00
impacted by laws and regulations. We've discussed.
00:00
In many ways, companies don't often
00:00
think proactively about some
00:00
of the laws that could impact them.
00:00
It really can slow down
00:00
your ideas of expansion
00:00
or compliance if you don't really think about these laws,
00:00
regulations ahead of time.
00:00
Especially given the geographically dispersed nature
00:00
of the Cloud and where providers may be based.
00:00
Second question is, how could
00:00
your risk management process be improved?
00:00
We talked about initially,
00:00
do you understand how your organization
00:00
thinks about it, manages risks?
00:00
While I hope now that you have
00:00
a more robust understanding of
00:00
risk management about how it can be a neat,
00:00
how it can enable your organization to
00:00
potentially take more risks to achieve its goals,
00:00
but also covering the downside and
00:00
understanding how to respond appropriately to risks.
00:00
Lastly, how many third-parties does
00:00
your organization rely on to
00:00
provide your product or service?
00:00
How do you define that?
00:00
Do you have a defined vendor management process?
00:00
We talked about how the Cloud,
00:00
you're constantly relying on Cloud carriers,
00:00
different platforms, different Cloud-based applications.
00:00
You really need to have a robust process
00:00
to assess the risks associated with
00:00
those third parties and onboard them effectively,
00:00
monitor those risks and then ultimately
00:00
off-board them at the end of their life cycle.
00:00
In summary, we covered the topics in Domain 6.
00:00
I hope you see how these topics
00:00
regarding laws, regulations,
00:00
and risk permeate everything we've talked about,
00:00
and then we talked about how those concepts
00:00
connect and affect your organization.
00:00
Well, I hope you enjoyed Module 6. Thank you.
Up Next