Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Cloud Computing is here to stay, and has been described as “outsourcing on steroids”. It introduces some compelling advantages, but also exposes the enterprise to new risks.

The outsource model has been around for decades. However, the various “flavors” of cloud computing introduces risks associated with the Internet, web applications, external management of enterprise data, contractual issues, and basic loss of control.

This seminar will provide you with an understanding of the cloud models, the security risks, differences between traditional IT Security and Cloud, and how to control it.

Learning Objectives:

  • Identify Cloud environment and architecture
  • Understand the security advantages and disadvantages
  • Identify the top security risks
  • Describe the common controls to secure the cloud
  • Describe benefits and corresponding risks associated with each Cloud Computing model
  • Identify issues to be included in the contract
  • Address the Cloud CIAA (Confidentiality, Integrity, Availability and Accountability)
  • Define the ongoing risk assessment process in a Cloud environment

Bonus: You will receive the ISACA Cloud Computing Audit/Assurance Program for COBIT 4.1

Course Outline

Cloud Computing Background, Definition and Architecture

  • Evolution to the Cloud Model
  • Definition Cloud Essential Characteristics
  • Cloud Service Models
    • IaaS
    • PaaS
    • SaaS
  • Cloud Deployment Models
    • Public
    • Private
    • Hybrid
    • Community

Security in the Cloud

  • Common Myths and Misconceptions About Security in the Cloud
  • Cloud Security vs. Traditional IT Security
  • Security Benefits of Cloud Computing
    • Concentration of Resources
    • Central Updates
    • Intelligent Scaling of Resources
    • Standardization of Technology
    • Scaling
  • Top Security Risk Areas (and Threats) with Cloud Computing – What to Look Out For
    • Technology Lock-in
    • Governance and Control
    • Compliance
    • Data Protection
    • Insider Threat
    • Data Deletion
    • Isolation Failure

Auditing the Cloud

  • Audit Points for Cloud Computing
    • Data Governance
    • Information Security
    • Security Architecture
    • Resiliency
    • Operations Management
    • Compliance
    • Facility Security
    • Interfaces with internal applications
    • Contingency Planning
  • Contract Requirements
    • SLA’s
    • Termination
    • Audit Rights
    • Dispute Resolution
  • Resources for Auditing the Cloud
    • Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ)
    • CSA – Cloud Controls Matrix (CCM)
    • NIST SP800-53 – Risk Management Guidance
    • COBIT
    • FedRAMP specifications
    • ISO 27001/2
    • HIPAA
    • PCI/PCI DSS

International Regulation

  • Data Protection
  • Difference in regulations

E-Discovery

  • Maintain Legal Right
  • Effective Resolution

Additional Information

Who Should Attend
  • Information security professionals
  • Internal control professionals
  • IT and operational auditors
  • Risk managers
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

General understanding of IT processes, business, and accounting applications, IT outsourcing processes.

Session Duration

Online:

On Site: 2 days

CPE Credits: 16