SY0-701 - CompTIA Security+: Security Compliance & Third-Party Risk





Security compliance management is the collection of policies, procedures, and other internal controls that an enterprise leverages to meet its regulatory requirements for data privacy and protection. In this course, you will explore compliance monitoring topics like due diligence, attestation, and compliance automation, as well as internal and external compliance reporting. Then you investigate the consequences of non-compliance, including fines, sanctions, and reputational damage. Next, you will examine privacy considerations for keeping information involving people confidential. Finally, you will assess vendor assessment and selection techniques like supply chain analysis and rules of engagement, and you will discover various agreement types, such as non-disclosure agreements (NDAs), service-level agreements (SLAs), and statements of work (SOWs). This course is part of a series that prepares you for the CompTIA Security+ (SY0-701) exam.




0.6

SY0-701 - CompTIA Security+: Security Compliance & Third-Party Risk

  • provide an overview of compliance monitoring, including concepts such as due diligence/care, attestation, acknowledgment, and compliance automation
  • describe internal and external compliance reporting
  • identify the consequences of non-compliance
  • outline privacy considerations like legal implications, data subjects, ownership, and the right to be forgotten
  • describe vendor assessment and selection using penetration testing, the right-to-audit clause, supply chain analysis, due diligence, conflict of interest, and rules of engagement
  • compare various agreement types including the non-disclosure agreement (NDA), memorandum of agreement (MOA), memorandum of understanding (MOU), service-level agreement (SLA), master service agreement (MSA), work order (WO), statement of work (SOW), and business partners agreement (BPA)


    • it_cssecp23_19_enus