B / Define what can and cannot be legally moved. Therefore, deploying a regional SOC is not the first step, nor is implementing encryption. These are technical implementations. We must first determine what we are and are not allowed to do according to the law; these are Governance options.

Hi everyone! I'm happy to join the group. I recently earned my CISSP certification, and I'm here for two main reasons: first, to give back and support those currently in the trenches of their study process; and second, to stay sharp and keep learning. In this field, we’re never truly done being students. My next goal on the roadmap is the CCSP, so I'm excited to keep that momentum going. The best advice I’ve ever received: "Don't just study to pass the exam; study to understand the risk." It has completely changed how I approach security challenges. Looking forward to collaborating with you all!

@Melissa Baisley Welcome. From my recient experience, the most important thing is to believe in yourself. I wrote a note by hand that said, "I am now a CISSP!" and every day when I sat down at my desk, I saw it. I created a routine and discipline: every day at 5 a.m., two hours of mind mapping, explaining things to myself, and exam practice; and at 10 p.m., an hour of review, understanding the what, how, and when to apply the concepts. That was my main action plan. You can achieve it too. PS: Peace of mind helped me because I got past question 100 and kept going without getting discouraged, since I had the insurance of having learned the lesson. But in the end, I read, "Provisionally approved."

READ: R: credentials, exfiltrate, Most, Preventing. E: liminate D because data at rest, exfiltration which credentials. C: Dlp prevent, block but the root cause is fail the process deprovisioning, A:Nalize A if ex-exployed have the Token and the account is active access. D: ecide The Most effective is a good process of deprovisioning, RRHH + IT + Security.

Congrats. Thanks for sharing.