Introduction Organization Hierarchy Models Key Terms: Level AWS Azure GCP Organization Organization Tenant Organization Group Organizational Unit (OU) Management Group Folder Deployment Account Subscription Project Benefits: Segmentation, reduced “blast radius,” logical separation, and compliance alignment. Key Capabilities in Cloud Hierarchy All major CSPs offer: Landing Zone / Account Factory: Building Hierarchies (Three Models) Model DescriptionContinue reading “CCSK Domain 4 Notes: Organization Management”
Tag Archives: iso
CCSK Domain 3 Notes: Risk, Audit and Compliance
This domain covers evaluating cloud service providers (CSPs) and establishing cloud risk registries, discussing compliance requirements, and introducing tools for governance and risk management. 3.1. Cloud Risk Management Key Concepts in Risk Cloud Risk Factors (Pandemic Eleven, 2022 CSA Top Threats) Common risk factors and categories include: Cloud Risk Management Process (Based on ENISA framework)Continue reading “CCSK Domain 3 Notes: Risk, Audit and Compliance”
CCSK Domain 2 Notes
1. Introduction 2. Cloud Governance Key Points Two major ways cloud impacts governance: 3. Complexities in Cloud Governance 4. Governance Framework Components Effective governance requires: 5. Governance Hierarchy Layers: Governance documents produced: 6. Stakeholder Alignment 7. Cloud Security Frameworks 8. CSA CCM & STAR 9. Policies ✅ Exam Tip: Always tie governance hierarchy → frameworksContinue reading “CCSK Domain 2 Notes”
CCSK Domain 1 Notes
Definitions Essential Characteristics (NIST) Service Models – IaaS → CSC manages OS, apps, data; CSP infra. – PaaS → CSC manages apps; CSP manages platform. – SaaS → CSC manages config only; CSP manages everything else. Deployment Models Core Concepts CSA Enterprise Architecture Shared Responsibility Model Key Tools ✅ Exam Tip: Always link responsibility levelContinue reading “CCSK Domain 1 Notes”
Implementing ISO 27001: A Step-by-Step Guide
Steps to implement ISO 27001 Context Setting What activities you should follow: These activities should deliver the following: The below templates can be used for documentation purposes: Risk Assessment Threats, Vulnerabilities & Risks Threat: A potential cause of an unwanted Incident, which may result in harm to a System or Organization Vulnerability: A vulnerability isContinue reading “Implementing ISO 27001: A Step-by-Step Guide”
Understanding ISMS: Scope and Key Clauses Explained
Scope and Applicability It is applicable to all organisations whether commercial, government or Non profit. It covers and specify the requirements for the following: PDCA Cycle Clauses: Clause 4: Context of Organization Clause 5: Leadership Clause 6: Planning Clause 7: Support Clause 8: Operation Clause 9: Performance evaluation Clause 10: Improvement
Audit Conclusions
Objectives of Audit Conclusions Preparing Audit Conclusions ISO 19011, clause 6.4.9 Before the closing meeting, the auditors meeting consult each other to: Discussing Audit Conclusions with the Auditee It is important to discuss audit findings and conclusions with the management before the closing meeting and submitting the final report to: Closing Meeting Agenda Model PreparingContinue reading “Audit Conclusions”
Beyond the Initial Audit
Objective of beyond the Initial Audit Surveillance Activities Surveillance activities can also include: Surveillance Audits Re-certification Audit Certification Special cases Use of ISO Trade marks
Stage 2 audit
Objectives of Stage 2 Audit Step 1 Conducting the opening meeting ISO 19011, Clause 6.4.3 The purpose of the opening is to: Step 2 Collecting Information Information can be collected in the form of: and many more… Audit Procedure – Interview Ask employees and other interested persons (third parties) questions (verbal or written) to gatherContinue reading “Stage 2 audit”
Phases of Audit
Below is the diagram to demonstrate steps involved in an audit: The following documents can be used as reference: Audit Checklist Audit Plan Sample Policy Format Audit Report Template Risk Register Statement of Applicability (SOA)
