Course details

Cloud Service – Legal and Compliance

Cloud Service – Legal and Compliance

Target Audience
Expected Duration
Lesson Objectives
Course Number
Expertise Level

Alongside the development and uptake of cloud services, comes a developing regulatory framework that compels cloud service providers to protect data and to secure the privacy, integrity, and confidentiality of client data and data assets. This course covers various topics associated with legal and compliance issues with cloud services which are governed within a regulatory framework. The course addresses investigative measures and techniques associated with crime investigation, including eDiscovery and forensic data management. The course also touches on privacy, auditing, and reporting as it applies to cloud technology and services including SAS, SSAE, and ISAE. In this course, you will also learn about risk management, outsourcing, and vendor\provider assessment with particular attention to certifications, access provider audit data, and data ownership issues. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 6 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.


Expected Duration (hours)

Lesson Objectives

Cloud Service – Legal and Compliance

  • start the course
  • describe areas of legislative conflict with respect to cloud-hosted services
  • appraise legal risks associated with the provision of cloud services
  • describe how to apply control policy with respect to legal requirements
  • define eDiscovery and its impact on cloud service provision, requirements, and responsibilities
  • define the legislative requirement related to forensic data management
  • define PII, outline the difference between contractual and regulated PII, and describe the differences between confidentiality, integrity, availability, and privacy
  • describe the international variations that apply to PII and data privacy
  • define audit operations and auditor tasks with reference to cloud computing services, and outline distributed service issues with respect to auditing
  • describe audit requirements, scope, and reporting as they apply to cloud services
  • outline challenges associated with auditing the virtualized infrastructure of a cloud-based service
  • define audit reporting against a background of prevailing standards, and outline audit scope and audit regulation requirements with respect to highly regulated industries
  • define gap analysis and audit planning with reference to cloud service auditing
  • describe the deployment of Internal Information Security Management (ISMS) and Security Control Systems (ISCS) - ISO 27000 Series
  • describe the deployment of ISMS and ISCS with reference to ISO, ITIL, and NIST
  • describe issues with obtaining details of a CSP's risk management data
  • describe issues surrounding the importance of data ownership and define interrelationships between owner and custodian regarding responsibility
  • outline measures to mitigate risk
  • outline the integration of information security and risk management activities into a formal framework
  • outline the metrics that quantify and measure the extent of a risk associated with cloud service elements and components
  • define key areas of focus for risk assessment, including supplier, vendors, services, and so on
  • describe business requirements with reference to the Service Level Agreement, GAAP guidelines, and standards
  • describe the vendor and provider vetting process with reference to certifications, audit and event reporting, accreditations, and so on
  • describe the deployment of supply-chain management in the context of cloud services
  • detail current legislation relating to PII and define a number of widely adopted auditing compliance frameworks and report types; outline available auditing standards and frameworks, describe ISMS and applicable standards and guidance, and detail a number of cloud service adoption risks; and finally, outline some detail on available cloud service-related risk management frameworks
  • Course Number:

    Expertise Level