Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic cloud environments – internal and external. They are intended to meet the deliver the application management objectives of continuous integration (CI) and continuous delivery (CD) – which by its nature involves rapid development can result in expediency at the potential expense of reduced security and quality. In this information-packed workshop, we will cover key building blocks and significant risks, and systematically sort through the available CyberSecurity control points, safeguards and audit procedures for today’s cloud-native applications.

Learning Objectives

  • Identify and assess CyberSecurity control points and software building blocks in a cloud-native application architecture
  • Understand the risks and causes associated with different types of CyberAttacks on cloud-native and other web-oriented applications/li>
  • Evaluate different methods of CyberSecruity testing of web applications throughout the cloud-native related Development Life Cycles (SDLCs)/li>
  • Gain familiarity with industry best practices for secure cloud-native application design, testing, and operation/li>

Course Outline

Cloud-Native Application Audit Planning

  • CyberSecurity risks to business applications
  • Distributed computing models—legacy and beyond compared
  • Defining the cloud-native landscape
  • Developing a cloud-native application audit game plan

Identifying and Auditing the Modern Cloud-Native Application Environment

  • Cloud computing
  • Containers and orchestration
  • Microservices
  • Application programming interfaces (APIs)
  • Service meshes
  • Message queuing (MQ)
  • Serverless computing
  • Documenting and analyzing distributed web applications

Auditing Secure Design and Testing of Cloud Native Applications

  • Cloud-native application software development lifecycles (Agile, DevOps, DevSecOps)
  • Common application software risks, attacks, and countermeasures
  • Open Source Software (OSS) risks and controls
  • Content Management Systems (CMS) and Shadow IT risks and controls
  • CyberSecurity in software design and testing throughout the SDLC , including operations and on-going support

Summary Wrap-up

  • Cloud-native application audit checklist
  • Sources of information, checklists, and tools

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Management, IT Architects
  • Web Site Administrators, System Administrators
  • Application Architects, Developers and Analysts
  • Consultants
Learning Level

Intermediate

Delivery

Group-Live and Group-Internet

Field

Auditing

Recommended Prerequisites

Auditing IT Application Systems or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 2 days

CPE Credits: 16

Questions? Contact us

Phone: +1 (781) 784-4390
Fax: +1 (781) 705-2327
Email: fill out form below

    [recaptcha size:compact class:captcha]