SKILL BENCHMARK
Security, Risk, and Compliance in the Cloud Competency (Intermediate Level)
- 28m
- 28 questions
The Security, Risk, and Compliance in the Cloud Competency (Intermediate Level) benchmark measures your knowledge and skills in managing security, risk, and compliance in the cloud era. You will be evaluated on your knowledge of key topics such as security management, risk assessments, and compliance considerations in the context of cloud computing. A learner who scores high on this benchmark demonstrates that they have competency in many areas of operations related to navigating the complex landscape of cloud security, risk, and compliance. They have also had some working exposure to developing and implementing effective security strategies, conducting risk assessments, and ensuring compliance with relevant regulations in the cloud era.
Topics covered
- define compliance in the cloud era and compare and contrast with compliance in earlier IT eras
- identify risks associated to availability and outline how no service can guarantee 100% uptime
- identify risks that occur when relying on cloud service providers for critical services such as payment data
- identify the risks posed by malware infections
- list potential legal risks associated to cloud computing that may apply to healthcare, banking, and government agencies
- list the major compliance areas that a leader or decision-maker needs to know and outline why and how to manage them
- outline account hijacking and how it can threaten cloud security
- outline cloud security data breaches in recent years including how they were discovered and mitigated and the cost associated with each
- outline common risks related to lack of control
- outline how a risk management framework can help manage risk in the cloud
- outline how built-in security controls can attempt to mitigate security attacks compared to older solutions
- outline how cloud computing can help ensure compliance
- outline how distributed denial of service attacks (DDoS) are on the rise and how they are used to interrupt cloud services
- outline how insecure interfaces and application programming interfaces (APIs) can leave a system vulnerable to attacks
- outline the history of IT security and how it evolved to include cloud technologies
- provide an overview of the risks associated with outsourcing services to a third-party cloud service
- recognize cloud computing risks and compare them to risks associated to earlier on-premise environments
- recognize how a lack of cloud usage visibility can impact cloud security
- recognize how a lack of security strategy can result in a security threat
- recognize how an inexperienced staff can pose a security risk
- recognize how cloud misconfigurations can result in cloud data breaches
- recognize how enterprises can plan for various security scenarios and how leaders should make security a key feature of their products and services
- recognize how insufficient identity and access management (IAM) policies can result in various threats
- recognize how rushing to migrate to the cloud can result in the risk of overspending
- recognize how the cloud has expanded the scope of compliance and enforcement
- recognize how the lack of due diligence when moving to the cloud can result in security or privacy risks
- recognize how to detect and prevent insider threats
- recognize how unauthorized access can result in a cloud security breach