week 7 discussion 25

The articles above include a discussion on how organizations that must maintain compliance with industry/regulatory requirements (PCI DSS, HIPAA, Sarbanes-Oxley, etc.) can currently include outsourced systems that affect that requirement. For your main (original) posting for the week, answer one of the following:

  1. Summarize the Payment Card Industry Data Security Standards (PCI / DSS). Explain how CSPs can ensure compliance. Include ramifications for non-compliance.
  2. Explain the ISO 2700X series of standards. How can CSPs and customers leverage them to ensure best practices are being followed?
  3. Will CSPs have to prove compliance capability before a company will adopt their cloud services? Why or why not?
  4. There are many laws, rules, standards, and regulations set by different agencies. Should there be one organization that sets industry standards and enforces compliance? Explain how that could work.
  5. CSPs may have locations in multiple countries. How can American laws and regulations be enforced in foreign nations where a CSP may be located?
  6. Explain methods for assessing a CSPs compliance to standards. What should be assessed? How?
  7. How do auditors ensure a CSP stays compliant with regulations, laws, and standards? How often should a CSP be reassessed? Explain the validation procedure for on-going compliance.
  8. How does a cloud vendor prove compliance with relevant regulatory requirements? What steps must they take to validate their services?
  9. How will industry/regulatory requirements change as cloud services mature?

Include the question you are answering in your post. Avoid answering the same question as a previous student. Try to cover a new question or one that hasn’t been discussed fully yet.
Provide specific examples to make your point.