How do SLAs factor into cloud risk management?
While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management. Read Now
While information security and compliance professionals are often portrayed as the people who say no to everything, the reality is that the "no" is actually often more of a "let's hold on a minute and think this through." This tension is only amplified by the cloud, where end users need only a credit card number and a few clicks to bypass "security says no" and immediately begin using a new application, server, storage or other platform. The dangers of this practice go well beyond the potential threat of cyberattacks and include the very real threat of violating new cloud computing regulations and legal requirements, which could result in lawsuits and significant fines.
Domain 6 of the CCSP exam, "Legal and Compliance," assesses candidates' understanding of how to approach the various legal and regulatory challenges unique to cloud environments. To achieve and maintain compliance with cloud computing regulations, it is important to understand the audit processes utilized within a cloud environment, including auditing controls, assurance issues and the specific reporting attributes. This section of the exam also covers ethical behavior and required compliance within regulatory frameworks, which includes investigative techniques for crime analysis and evidence-gathering methods. Additionally, candidates must demonstrate their mastery of enterprise risk considerations and the impact of outsourcing for design and hosting.
This Security School, based on (ISC)² CCSP training material, covers the fundamentals of Domain 6 of the CCSP exam. Once you've reviewed the parts of this Security School on cloud computing regulations, privacy issues and legal requirements, take the quiz to see how prepared you are for this portion of the exam.
CCSP® is a registered mark of (ISC)².