CCSP Domain 6: Legal and Compliance


The Certified Cloud Security Professional certification, or CCSP, is a certification hosted by the joint effort of (ISC)2 and the Cloud Security Alliance (CSA). This exciting credential is designed for cloud-based information security professionals and ensures that the certification holder has acquired the requisite skills, knowledge and abilities in cloud implementation, security design, controls, operations and compliance with applicable regulations.

The CCSP certification exam comprises six domains: Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Operations, Cloud Application Security and Legal and Compliance. This article will detail the Legal and Compliance domain of the CCSP exam and what candidates preparing for the CCSP certification can expect on the exam.

The Legal and Compliance domain of CCSP currently accounts for 12% of the material covered by the CCSP certification exam.

6.1 Understand Legal Requirements and Unique Risks within the Cloud Environment

International Legislation Conflicts

If anything can be said about the impact of cloud computing on the world, the legal and compliance portion of computing has definitely become more complex. Trans-border disputes have dramatically increased – disputes such as data breaches, violations of patents and intellectual property, copyright law, and so on. These disputes did exist before the implementation of cloud computing, but they have definitely become more widespread with amplified acuity. This increase in complexity comes by way of the flexible way that cloud computing can be configured and implemented to suit different needs. In other words, the simplicity of computing and storage provided by the cloud has led to a complexity of legal issues.

Below is a list of the possible sources of international legislation conflicts:

  • Copyright law
  • Intellectual property
  • Breaches of data protection
  • Violation of patents
  • Privacy-related components
  • Legislative requirements

Appraisal of Legal Risks Specific to Cloud Computing

The following (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: