Domain 2: Cloud Data Security
2.1 Describe cloud data concepts
- Cloud data life cycle phases
- Data dispersion
- Data flows
2.2 Design and implement cloud data storage architectures
- Storage types
- Long-term
- Ephemeral
- Raw storage
- Threats to storage types
2.3 Design and apply data security technologies and strategies
- Encryption and key management
- Hashing
- Data obfuscation
- Tokenization
- Data loss prevention (DLP)
- Keys, secrets and certificates management
2.4 Implement data discovery
- Structured data
- Unstructured data
- Semi-structured data
- Data location
2.5 Implement data classification
- Data classification policies
- Data mapping
- Data labeling
2.6 Design and implement Information Rights Management (IRM)
- Objectives
- Data rights
- Provisioning
- Access models
- Appropriate tools
- Issuing and revocation of certificates
2.7 Plan and implement data retention, deletion, and archiving policies
- Data retention policies
- Data deletion procedures and mechanisms
- Data archiving procedures and mechanisms
- Legal hold
2.8 Design and implement auditability, traceability, and accountability of data events
- Definition of event sources and requirement of event attributes
- Identity
- Internet Protocol (IP) address
- Geolocation
- Logging, storage and analysis of data events
- Chain of custody and non-repudiation
