Course Description
Cloud Computing is here to stay, and has been described as “outsourcing on steroids”. It introduces some compelling advantages, but also exposes the enterprise to new risks.
The outsource model has been around for decades. However, the various “flavors” of cloud computing introduces risks associated with the Internet, web applications, external management of enterprise data, contractual issues, and basic loss of control.
This seminar will provide you with an understanding of the cloud models, the security risks, differences between traditional IT Security and Cloud, and how to control it.
Learning Objectives:
- Identify Cloud environment and architecture
- Understand the security advantages and disadvantages
- Identify the top security risks
- Describe the common controls to secure the cloud
- Describe benefits and corresponding risks associated with each Cloud Computing model
- Identify issues to be included in the contract
- Address the Cloud CIAA (Confidentiality, Integrity, Availability and Accountability)
- Define the ongoing risk assessment process in a Cloud environment
Course Outline
Cloud Computing Background, Definition and Architecture
- Evolution to the Cloud Model
- Definition Cloud Essential Characteristics
- Cloud Service Models
- IaaS
- PaaS
- SaaS
- Cloud Deployment Models
- Public
- Private
- Hybrid
- Community
Security in the Cloud
- Common Myths and Misconceptions About Security in the Cloud
- Cloud Security vs. Traditional IT Security
- Security Benefits of Cloud Computing
- Concentration of Resources
- Central Updates
- Intelligent Scaling of Resources
- Standardization of Technology
- Scaling
- Top Security Risk Areas (and Threats) with Cloud Computing – What to Look Out For
- Technology Lock-in
- Governance and Control
- Compliance
- Data Protection
- Insider Threat
- Data Deletion
- Isolation Failure
Auditing the Cloud
- Audit Points for Cloud Computing
- Data Governance
- Information Security
- Security Architecture
- Resiliency
- Operations Management
- Compliance
- Facility Security
- Interfaces with internal applications
- Contingency Planning
- Contract Requirements
- SLA’s
- Termination
- Audit Rights
- Dispute Resolution
- Resources for Auditing the Cloud
- Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ)
- CSA – Cloud Controls Matrix (CCM)
- NIST SP800-53 – Risk Management Guidance
- COBIT
- FedRAMP specifications
- ISO 27001/2
- HIPAA
- PCI/PCI DSS
International Regulation
- Data Protection
- Difference in regulations
E-Discovery
- Maintain Legal Right
- Effective Resolution
Additional Information
Who Should Attend
- Information security professionals
- Internal control professionals
- IT and operational auditors
- Risk managers
Learning Level
Intermediate
Delivery
Group Live or Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
General understanding of IT processes, business, and accounting applications, IT outsourcing processes.
Session Duration
On Site: 2 days
CPE Credits: 16