Overview/Description
Alongside the development and uptake of cloud services, comes a developing regulatory framework that compels cloud service providers to protect data and to secure the privacy, integrity, and confidentiality of client data and data assets. This course covers various topics associated with legal and compliance issues with cloud services which are governed within a regulatory framework. The course addresses investigative measures and techniques associated with crime investigation, including eDiscovery and forensic data management. The course also touches on privacy, auditing, and reporting as it applies to cloud technology and services including SAS, SSAE, and ISAE. In this course, you will also learn about risk management, outsourcing, and vendor\provider assessment with particular attention to certifications, access provider audit data, and data ownership issues. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 6 requirements.
Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.
describe areas of legislative conflict with respect to cloud-hosted services
appraise legal risks associated with the provision of cloud services
describe how to apply control policy with respect to legal requirements
define eDiscovery and its impact on cloud service provision, requirements, and responsibilities
define the legislative requirement related to forensic data management
define PII, outline the difference between contractual and regulated PII, and describe the differences between confidentiality, integrity, availability, and privacy
describe the international variations that apply to PII and data privacy
define audit operations and auditor tasks with reference to cloud computing services, and outline distributed service issues with respect to auditing
describe audit requirements, scope, and reporting as they apply to cloud services
outline challenges associated with auditing the virtualized infrastructure of a cloud-based service
define audit reporting against a background of prevailing standards, and outline audit scope and audit regulation requirements with respect to highly regulated industries
define gap analysis and audit planning with reference to cloud service auditing
describe the deployment of Internal Information Security Management (ISMS) and Security Control Systems (ISCS) - ISO 27000 Series
describe the deployment of ISMS and ISCS with reference to ISO, ITIL, and NIST
describe issues with obtaining details of a CSP's risk management data
describe issues surrounding the importance of data ownership and define interrelationships between owner and custodian regarding responsibility
outline measures to mitigate risk
outline the integration of information security and risk management activities into a formal framework
outline the metrics that quantify and measure the extent of a risk associated with cloud service elements and components
define key areas of focus for risk assessment, including supplier, vendors, services, and so on
describe business requirements with reference to the Service Level Agreement, GAAP guidelines, and standards
describe the vendor and provider vetting process with reference to certifications, audit and event reporting, accreditations, and so on
describe the deployment of supply-chain management in the context of cloud services
detail current legislation relating to PII and define a number of widely adopted auditing compliance frameworks and report types; outline available auditing standards and frameworks, describe ISMS and applicable standards and guidance, and detail a number of cloud service adoption risks; and finally, outline some detail on available cloud service-related risk management frameworks