IN THIS CHAPTER

Learning about the audit process and audit planning

Appreciating the importance of policies

Exploring risk management when using the cloud

Learning the importance of negotiating and creating cloud contracts

In this chapter, you dive into the risk management and auditing of cloud systems. Domain 6 represents 13 percent of the CCSP certification exam, and this chapter covers the second half of Domain 6.

The area of Governance, Risk, and Compliance (GRC) focuses on the oversight of your security program. I introduce various legal, regulatory, and other compliance requirements in Chapter 13 and throughout this book. In the following sections, I discuss more of the governance and risk side of things. Even if you’re not a cloud auditor, you should have a solid understanding of cloud audit processes and methodologies. You learn about these topics in the rest of this chapter, and I also cover the topic of risk management, as it pertains to the cloud.

Understanding the Audit Process, Methodologies, and Required Adaptations ...