Posts

Showing posts from September, 2018

CCSP Domain 2 : Cloud Data Security - Part 2

Image
D2 : Cloud Data Security

M6 : Ensure Compliance with Regulations and Controls
IT Service Management (ITSM)
Management and oversight to ensure alignment between IT and business.

Configuration Management
Maintain information about configuration items required to deliver an IT service, including their relationship.

Change Management
An approach to transitioning individuals, teams, and organizations to a desired future state.
Respond to acustomer's changing business requirementsRespond to business and IT requestsEnsure changes are recorded and evaluatedEnsure the authorized changes are prioritized, planned, tested, implemented, documented and reviewed in a controlled mannerEnsure all changes to configuration items are recorded in configuration management systemOptimize overall business risk.Incident Management
To identify, analyze, and correct hazards to prevent a future re-occurrence of an incident.
Event : A change of state that has significance for the management of an IT service or othe…

CCSP Domain 2 : Cloud Data Security - Part 1

Image
OMG! I can't believe that it's a year passed by, and I did not write up for the last 2 topics that I'd like to covered in RHCE! Those posts were prepared after I have finished and passed RHCE. Anyway, I am in preparation for another certification, CCSP. Thought of "document" my study notes in order to help me to organize my notes, and also help me to reinforce my understanding on the topics.

I am going to start from Domain 2.

D2 : Cloud Data Security

M1 : Understand Cloud Data Life Cycle


Process overview
This table is to layout the possible access and allowed access by functions/actor/location. The access control requirement and design can be retrieved from this table.



M2 : Understand Implication of Cloud to Enterprise Risk
Risk management


Risk framework


Key roles associate with data management

Data subject: individual who is the subject of personal data
Data controller : person who determines the purpose and how to process personal data
Data processor : person who process…