Cloud computing Legal and Compliance
Cloud computing Legal and Compliance
The goal of the Legal and Compliance domain is to offer you an understanding of how to approach the various legal and regulatory challenges unique to cloud environments.
To achieve and maintain compliance, it is important to understand the audit processes utilized within a cloud environment, including auditing controls, assurance issues, and specific reporting attributes.
You will gain an understanding of ethical behavior and required compliance within regulatory frameworks, which includes investigative techniques for crime analysis and evidence-gathering methods.
Enterprise risk considerations and the impact of outsourcing for design and hosting are also explored.
Domain Objectives
After completing this domain, you will be able to do the following:
Understand how to identify the various legal requirements and unique risks associated with the cloud environment about legislation and conflicting legislation, legal risks, controls, and forensic requirements
Describe the potential personal and data privacy issues specific to personally identifiable information within the cloud environment
Define the process, methods, and required adaptions necessary for an audit within the cloud environment
Describe the different types of cloud-based audit reports
Identify the impact of diverse geographical locations and legal jurisdictions
Understand implications of cloud-to-enterprise risk management
Explain the importance of cloud contract design and management for outsourcing a cloud environment
Identify appropriate supply-chain management processes
Introduction
As the global nature of technology continues to evolve and essentially simplify and enable conveniences once thought impossible, the challenge and complexity of meeting internal legislations, regulations, and laws become greater all the time.
Ensuring adherence, compliance, or conformity with these can be challenging within traditional on-premises environments or even on third-party and hosted environments. Add cloud computing, and the complexity increases significantly.
Cloud computing Legal and Compliance
At all times, when dealing with legal, compliance, and regulatory issues, the first step should always be to consult with relevant professionals or teams specializing in those areas.
As a security professional, your goal should be to establish a baseline understanding of the fluid and ever-changing legal and regulatory landscape with which you may need to interact.