Privacy and Cloud Services

I came across and responded to these two topics discussed in Discord.

What is the entity collecting PII known as?
A) Data breach
B) Subject
C) Processor
D) Data owner
Source: AM@Discord

Those who collect PII have to advise the purpose and usage, receive the consent from the data subject, follow privacy principles suggested by privacy frameworks (e.g., OECD, ISO 29100) and applicable legal and regulatory requirements, and get accountable. The data controller is the best answer, but in this question, the data owner is the best among the four.

“collect” personal data or “create” enterprise data implies accountability that a data controller or owner assumes. It typically starts the data life cycle. A data processor processes data on behalf of a data controller, so a processor may not exist in every context.

which domain covers cloud stuff?
Source: hung

It’s an era of cloud, so cloud covers everything. Selecting a CSP entails supply chain risk assessment, SOC audits, privacy, data remanence, etc. Consuming or implementing cloud services, especially PasS, needs technical capabilities that are challenging. Developing and deploying cloud-native services and applications involves comprehensive technologies. I think all 8 domains are related to the cloud.

FaaS is a new/emerging service model related to serverless computing and microservices. I think it is testable in the new exam next May.

Technologies such as Kubernetes, Docker, etc. are covered in the new exam outline, but it’s technology agnostic. It uses the neutral term, containerization.

Leave a Reply