Explore compliance and security
1. Explore compliance and security
Keeping things safe means to pay attention to the details, and make sure to operate using sets of rules. As a cloud security professional, security and compliance will be a key aspect of your job. While these two topics are related, it’s important for you to understand their differences. In this video, we’ll explore how you can use security and compliance together to help keep your systems safe. It’s important to call out our discussion in this course should not be considered legal advice. First, let’s discuss security. Security includes systems and controls that protect an organization’s assets from threats. Security ensures confidentiality, integrity, and availability of the organization's services. These threats can happen through a breach, leak, or cyber attack. Methods to ensure security include mitigate identified threats with different types of controls, like firewalls, strong password management tools, and multi-factor authentication; implement controls designed to prevent threat actors from impacting your organization’s business functions; provide guidelines for responding to a breach in a worst case scenario; and require a cloud security team to protect a system by threat modeling and risk assessment. While security protects an organization, compliance is the process of adhering to internal and external standards and government regulations. These can include the International Organization for Standardization, or ISO, the National Institute for Standards and Technology, known as NIST, or a federal law, like the Health Insurance Portability and Accountability Act, or HIPAA. To be compliant, an organization must provide evidence that they are following the stated objective, like one of the standards, rules, regulations, or laws that apply to their business. Let’s find out how a business can address both security and compliance in an example scenario. Imagine that a retail store is required by the head office to install employee fingerprint authentication for things like clocking in, accessing areas of the store, and using the point of sale system. Requiring fingerprint authentication is security. It prevents unauthorized access. Providing evidence that the store is using fingerprint authorization correctly to the head office and regulatory bodies is compliance. Compliance standards are not unique to a single organization. The standards measure security protocols at a given point in time or over a specific period of time for any organization. As in the earlier scenario, an organization needs to provide evidence that they meet the required standards, rules, or regulations. There are many positive outcomes of compliance. Proper compliance builds trust within and between organizations. For compliance, there are a set of prescribed controls and practices that help to ensure the required minimum level of security is in place. Compliance shows stakeholders and users that a system meets the required level of security without requiring them to go through the difficult process of verifying for themselves. Compliance also gives a potential business partner or user confidence that an organization will protect their information. But being compliant doesn’t mean that all assets are secure, or that you have an effective security system. Compliance sets a minimum standard for security and establishes common ground for organizations. Compliance might require a certain type of encryption to meet a security standard. This might influence the controls an organization chooses. For example, the organization might want to use stricter controls than compliance requires because of the specific security threats they have to deal with. Compliance helps an organization be more secure with measures that provide a set of clear frameworks, checklists, and best practices. For example, the NIST Cybersecurity Framework, or CSF, is a set of guidelines and best practices to help organizations build and improve their cybersecurity posture. The NIST CSF is a compliance framework that can easily be adapted across industries to create strong security programs. Security and compliance are complementary processes. A strong security system makes it easier for an organization to meet compliance standards, because most of the necessary controls are already in place. As a cloud security professional, you’ll not only be able to differentiate between security and compliance, but you’ll also use them to strengthen each other. This will better prepare you to manage risk in the cloud.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.