Cloud Essentials/Governance
Governance
Objectives and Skills
[edit | edit source]Objectives and skills for the governance portion of CompTIA Cloud Essentials+ certification include:[1]
- Recognize risk management concepts related to cloud services.
- Risk assessment
- Asset inventory
- Classification
- Ownership
- Risk response
- Mitigation
- Acceptance
- Avoidance
- Transfer
- Documentation
- Findings
- Risk register
- Vendor lock-in
- Data portability
- Risk assessment
- Explain policies or procedures.
- Standard operating procedures
- Change management
- Resource management
- Security policies
- Incident response
- Access and control policies
- Department specific policies
- Communication policies
- Identify the importance and impacts of compliance in the cloud.
- Data sovereignty
- Regulatory concerns
- Industry-based requirements
- International standards
- Certifications
- Explain security concerns, measures, or concepts of cloud operations.
- Threat
- Vulnerability
- Security assessments
- Penetration testing
- Vulnerability scanning
- Application scanning
- Data security
- Categories
- Public
- Private
- Sensitive
- Confidentiality
- Encryption
- Sanitization
- Integrity
- Validation
- Availability
- Backup
- Recovery
- Breach
- Application and Infrastructure security
- Audit
- Access
- Authorization
- Hardening
Readings
[edit | edit source]Multimedia
[edit | edit source]Activities
[edit | edit source]Lesson Summary
[edit | edit source]Risk Management
[edit | edit source]Policies
[edit | edit source]- SOP (Standard Operating Procedure)
Compliance
[edit | edit source]- ISO (International Standards Organization)
- ITIL (Information Technology Infrastructure Library)
Security
[edit | edit source]Key Terms
[edit | edit source]- DDoS (Distributed Denial of Service)