CCSP Domain 6 | Legal, Risk and Compliance

#ccsp #ccsptraining #cloudsecurity In this tutorial, I have covered CCSP domain#6 containing legal, risks, and compliance. Below are the topics which I have covered in this video. Legal Requirements and Unique Risks within the Cloud Environment » Conflicting International Legislation » Evaluation of Legal Risks Specific to Cloud Computing » Legal Framework and Guidelines » eDiscovery (e.g., International Organization for standardization/International Electrotechnical Commission (ISO/IEC) 27050, Cloud Security Alliance (CSA) Guidance) » Forensics Requirements Understand Privacy Issues » Difference Between Contractual and Regulated Private Data (e.g., Protected Health Information (PHI), Personally Identifiable Information (PII)) » Country-Specific Legislation Related to Private Data (e.g., Protected Health Information (PHI), Personally Identifiable Information (PII)) » Jurisdictional Differences in Data Privacy » Standard Privacy Requirements (e.g., International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27018, Generally Accepted Privacy Principles (GAPP), General Data Protection Regulation (GDPR)) Audit Process, Methodologies, and Required Adaptations for a Cloud Environment » Internal and External Audit Controls » Impact of Audit Requirements » Identify Assurance Challenges of Virtualization and Cloud » Types of Audit Reports (e.g., Statement on Standards for Attestation Engagements (SSAE), Service Organization Control (SOC), International Standard on Assurance Engagements (ISAE)) » Restrictions of Audit Scope Statements (e.g., Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE)) » Gap Analysis » Audit Planning » Internal Information Security Management System (ISMS) » Internal Information Security Controls System » Policies (e.g., organizational, functional, cloud computing) » Identification and Involvement of Relevant Stakeholders » Specialized Compliance Requirements for Highly-Regulated Industries (e.g., North American Electric Reliability Corporation/ Critical Infrastructure Protection (NERC/CIP), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI)) » Impact of Distributed Information Technology (IT) Model (e.g., diverse geographical locations and crossing over legal jurisdictions) Implications of Cloud to Enterprise Risk Management » Assess Providers Risk Management Programs (e.g., controls, methodologies, policies) » Difference Between Data Owner/Controller vs.Data Custodian/Processor (e.g., risk profile, risk appetite, responsibility) » Regulatory Transparency Requirements (e.g., breach notification, Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR)) » Risk Treatment (i.e., avoid, modify, share, retain) » Different Risk Frameworks » Metrics for Risk Management » Assessment of Risk Environment (e.g., service, vendor, infrastructure) Outsourcing and Cloud Contract Design » Business Requirements (e.g., Service Level Agreement (SLA), Master Service Agreement (MSA), Statement of Work (SOW)) » Vendor Management » Contract Management (e.g., right to audit, metrics, definitions, termination, litigation, assurance, compliance, access to cloud/data, cyber risk insurance) » Supply-Chain Management (e.g., International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27036) NIST url - https://nvlpubs.nist.gov/nistpubs/CSW... Tags cloud security in cloud computing cloud security course data security in cloud cloud security course free ccsp training videos ccsp training online ccsp training material ccsp 2021 ccsp study ccsp study tips ccsp study plan ccsp touchpoint For daily tips, please connect Twitter -   / kd_cybertalks   Linkedin -   / kd-cybertalks-39031a20a