Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

View Training Register Now

Course Description

Cloud Computing has been described as “the ultimate form of outsourcing”. This refers to the fact that moving into the cloud allows the enterprise to outsource or rent Infrastructure, IT services, or application software or any combination of these. In other words, IT services are purchased using a linear utility model.

Although the Cloud model is attractive, CIOs express near-universal concern about one issue: security. These concerns include unauthorized access to sensitive business data (by outsiders or insiders at the Cloud ISP); availability and performance, location of the data (certain sensitive data may be prohibited by law from being stored outside the enterprise’s country boundaries, ability to retrieve the data in the event of contract termination; auditability; physical security at the ISP; and more.

The Cloud model uses three models each having their own security, control, and operational concerns.  This seminar addresses these issues and explores how to protect the enterprise assets.

In this seminar, we will discuss the critical issues to be considered:

  • Before the Cloud contract is signed
  • For the duration of the contract
  • At contract change or renegotiation
  • At the end of the contractual relationship.

Learning Objectives:

  • Describe the benefits and corresponding risks associated with each Cloud Computing model
  • Identify whom should be involved in negotiating the contract with the Cloud ISP
  • Identify control issues to be included up-front in the contract
  • Address the Cloud CIAA (Confidentiality, Integrity, Availability and Accountability)
  • Identify metrics needed to maintain control of the outsourced Cloud environment
  • Define the ongoing risk assessment process in a Cloud environment

Bonus: You will receive the ISACA Cloud Computing Audit/Assurance Program for COBIT 4.1

Course Outline

Understanding the Cloud Model

  • The PAYG (Pay-as-You-Go) model for IT services
  • The 3 basic models: IaaS, PaaS, SaaS
  • Business value of Cloud Computing
  • Corporate goals for each model
  • Motivation for each model
  • Necessary partnership with ISPs and other vendors

Business Risks with the Cloud Models

  • Contractual issues
  • Strategic risk
  • Standards and lack thereof
  • Maintaining the same level of control
  • Tactical issues
    • Location, location, location
    • Administration: theirs and ours
    • Access control
  • Privacy and confidentiality
  • Data Integrity
  • Availability and recoverability
  • Risks with Virtual Machine environments

Managing the Cloud

  • Encryption, encryption, encryption
  • Scalability
  • Data interchange
  • Key management
  • Meaningful Metrics
  • SLAs
  • Security and Risk Assessment
  • Mutual Responsibilities
  • Billing

Other issues

  • Public vs. private clouds
  • International: privacy, data location, data dispersal
  • Litigation
  • End of life / termination of agreement
  • Compliance with laws and regulations
  • Independent auditing
  • Insurance

Additional Information

Who Should Attend
  • Information security professionals
  • Internal control professionals
  • IT and operational auditors
  • Risk managers
Learning Level

Intermediate

Delivery

Group-Live & Group Internet-Based

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

General understanding of IT processes, business, and accounting applications, IT outsourcing processes.

Session Duration

Online: Four 3-hour sessions

On Site: 2 days

CPE Credits: 16