Download Publication
.png)
CCM Video Series: DSP - Data Security & Privacy
Release Date: 11/02/2024
In this presentation we explore the Data Security and Privacy Lifecycle Management (DSP) domain, which includes nineteen control specifications focused on privacy and data security. These controls are globally applicable and not tied to any specific industry, country, or regulation, though they reflect common elements from major privacy regulations. Serving as a valuable baseline, these controls may require organizations in specific regions or sectors to implement additional data protection measures.
The DSP domain covers the entire data lifecycle, from creation to disposal, addressing critical aspects like data privacy, classification, retention, and disposal according to applicable laws, regulations, and risk levels. These controls assist both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) in safeguarding data and ensuring compliance with relevant data protection laws.
In the Shared Security Responsibility Model (SSRM), CSPs are responsible for securing the cloud infrastructure and providing capabilities for secure data storage, access, and disposal. CSCs, in turn, are responsible for securing the data they store or process within the cloud, classifying it, leveraging CSP-provided tools like encryption, and ensuring compliance with data privacy regulations.
The DSP domain covers the entire data lifecycle, from creation to disposal, addressing critical aspects like data privacy, classification, retention, and disposal according to applicable laws, regulations, and risk levels. These controls assist both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) in safeguarding data and ensuring compliance with relevant data protection laws.
In the Shared Security Responsibility Model (SSRM), CSPs are responsible for securing the cloud infrastructure and providing capabilities for secure data storage, access, and disposal. CSCs, in turn, are responsible for securing the data they store or process within the cloud, classifying it, leveraging CSP-provided tools like encryption, and ensuring compliance with data privacy regulations.
Download this Resource
Are you a research volunteer? Request to have your profile displayed on the website here.
Related Certificates & Training

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more