Over 10 years we help companies reach their financial and branding goals. Maxbizz is a values-driven consulting agency dedicated.

Gallery

Contact

+1-800-456-478-23

411 University St, Seattle

maxbizz@mail.com

Twitter Facebook-f Pinterest-p Instagram

Auditing Cloud Security

As more organizations move data and infrastructure to the cloud, auditing the security of the cloud is becoming a major priority. Operations and development teams are using the cloud in new ways, and organizations are eager to save money, gain new capabilities and add operational efficiency by using these services. Unfortunately, security is often overlooked and/or misunderstood when it comes to cloud services. Many cloud providers do not provide detailed control information about their internal environments, and quite a few common security controls used internally may not translate directly to the public cloud.

During this course, auditors learn the risk associated with cloud services, and how to audit these critical environments. Fundamental concepts of cloud policy and governance for auditors, will be addressed, as well as the technical security principles and controls for all major cloud types (SaaS, PaaS, and IaaS). Specific examples and configurations are reviewed including those from AWS, Azure and GCP.

Students will explore the Cloud Security Alliance framework for cloud control areas and how it can be utilized to make audits more effective. We will delve into assessing risk for cloud services, looking specifically at technical areas that need to be addressed. Comprehensive discussions will encompass network security (firewalls and network access controls, intrusion detection, and more), as well as all the other layers of the cloud security stack. When looking at development risks, we will also investigate methods of ensuring that security is embedded into cloud life cycle. We will also delve into incident handling, forensics, event management, and application security. 

 
CPE:

14

Program Level:

Intermediate

Delivery Method:

Live

Cost :

$675 for this 2 day course

REQUEST COURSE
Course Contents/Objectives

I. Cloud Background
   • Delivery Models: SaaS, PaaS, Iaas
   • Public, private and hybrid cloud
II. Policy and Governance
   • Contract requirements for security
   • SLAs
   • Governance models for the cloud
III. Compliance and Legal Concerns
   • Compliance challenges for the cloud
   • Legal and geographic jurisdiction
   • Privacy considerations
IV. Security considerations
   • Virtualization and multi-tenancy
   • Risk assessment for cloud migration
   • Unique SaaS challenges and Cloud Access Security Brokers (CASBs)
V. Risk, Audit and Assessment for the Cloud
   • Risk management
   • Auditing the cloud
VI. Infrastructure security in the cloud
   • Patch and configuration management
   • Change management
   • Network and virtualization security
   • Application security for SaaS, PaaS, IaaS
   • Container Security
       • Checklists
       • Host security
       • Runtime security
       • Best practices
       • Tools
VII. Disaster Recovery and Business Continuity Planning in the Cloud
VIII. Identity and Access Management (IAM)
   • IAM architecture and relevance to the cloud
   • Authentication and authorization standards
   • Account management and provisioning
   • Federation
IX. Data Security in the Cloud
   • Encryption types and availability
   • Key management and encryption architectures
   • Data/information lifecycle
   • Retention
   • Disposal
   • Classification
X. Intrusion Detection and Incident Response
   • Incident detection for different cloud models
   • Managing Intrusion Detection System/Intrusion Prevention System (IDS/IPS) and alerting
   • The event management feedback loop

Laptop Required

Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
     • 16 GB RAM or higher
     • 25 GB available hard drive space
     • Windows 10 professional or later (Home or similar editions will not have some of the features needed.)
     • Administrator privileges including the capability to install and run tools, as well as disable anti-virus
     • VMWare Player should be installed

Target Audience

• Internal Auditors
• IT Specialist Auditors
• IT Auditors
• IT Audit Managers
• Information System Auditors
• Information Technology Auditors
• Information Security Officers
• DBAs who need to write standards, or understand what auditors look for

Prerequisites

Participants should be familiar with Internet technologies and commonly used Internet security controls. No other advance preparation is required.

Register On Demand
Request Live
Request Virtual
Register On Demand
Register Live
Register Virtual
testimonials

What People Say About Us

"Enjoyed the real-life examples used to explain the importance of the control check."


Kendall
Kendall
"Great, engaging speaker with lots of great information and tools. Thanks for the CD; I anticipate it will be helpful once I begin our audit."
Ashley
Ashley
"Good data useful in the real world."



Joel
Joel
"The training was valuable to our already scheduled projects. Your experience makes it much easier to relate and remember the material. Thank you."
Iddah
Iddah