Cloud Audit and Compliance
Gain the knowledge and skill to properly assess cloud service providers and analyze internal usage and readiness to adopt cloud services.
Schedule + Register
About this Course
Cloud Audit and Compliance is the ideal course for those who are responsible for auditing, controlling, monitoring and/or assessing cloud services and providers. Over a period of 2-days, this course provides students with a combination of lecture and hands-on activities, making it a great resource for learning best practices of cloud adoption and how the cloud impacts audit and compliance activities.Register now
Additionally, this course provides students with a workshop environment in which they create and execute an audit plan based on their security policy. Students will work together to identify and assess risks within their own environments based on internal documentation as well as Cloud Security Alliance, NIST and vendor guidance papers.
While Cloud Audit and Compliance is an excellent stand alone course, it is not uncommon for it to be taken in conjunction with CCSK PLUS – the demand for this combination of courses resulted in the creation of the Cloud Security Boot Camp.
- 2 Days of Cloud Audit and Compliance Training
- Official Student Handbook for Cloud Audit and Compliance
- Cloud Audit and Compliance OnDemand Videos
- 1-on-1 Instructor Access; personal mentoring and content review assistance
- Loyalty Savings: Discounted Training Rates for CCSK Plus or CCSK Foundation
In Cloud Audit and Compliance you will spend a total of 2-days reviewing all eight domains featured in your course material. Additional information on what you can expect to learn while reviewing each domain is found below.
- Domain 1: Cloud Baseline
- Domain 2: Governance, Risk Management and Compliance
- Domain 3: Compliance Certifications, Standards and Frameworks
- Domain 4: FedRAMP
- Domain 5: Assessing Cloud Service Providers with CSA Tools
- Domain 6: Assessing Internal Consumption of Cloud Services
- Domain 7: Governance and Security for SaaS Adoption
- Domain 8: Security Controls and Tools for IaaS
Domain 1: Cloud Baseline
Your Cloud Audit and Compliance training kicks off with Domain 1, Cloud Baseline, which covers the basics of cloud computing – identifying what cloud is and what it is not. You will also review the NIST cloud reference architecture, the essential characteristics of cloud, service models and deployment models. Security responsibilities are also discussed, in addition to the changes to governance, risk management and compliance that cloud adoption brings to organizations.
Domain 2: Governance, Risk Management and Compliance
Building from the previous section, Domain 2 covers how to implement governance and risk management in a cloud environment. Items covered include creation of initial risk assessment plans to streamline adoption of cloud services, investigating the critical aspects of creating cloud policies in your organization and the legal ramifications of cloud adoption. Domain 2 wraps up with an introduction to assessment of Cloud Service Providers and the standards used to demonstrate appropriate security measures are in place.
Domain 3: Compliance Certifications, Standards and Frameworks
The “Compliance Certifications, Standards and Frameworks” domain reviews popular standards such as ISO 27001, ISO 27017, PCI and SOC reports. Students perform exercises with PCI and SOC to explore the standards and responsibilities shifts introduced by cloud. As part of this domain, students perform a thorough review of the SOC principles and criteria.
Domain 4: FedRAMP
Domain 4 covers the FedRAMP program, its components and purpose. As a student you will look at the various elements of FIPS 199, the NIST Risk Management Framework and how it supports the FedRAMP approval process. Throughout this unit, FedRAMP is presented as a model to form a cloud governance board in your organization. Additionally, by the end of this domain you will understand how FedRAMP can be used by Government agencies to ensure Cloud Service Providers have adequately addressed an acceptable baseline of security in their offering.
Domain 5: Assessing Cloud Service Providers with CSA Tools
This domain reviews a variety of the tools provided by Cloud Security Alliance (CSA) to assist with a vendor assessment program. Students work through the Cloud Controls Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and the Security Trust & Assurance Registry (STAR) to create a complete risk assessment program for cloud services. Lastly, students will look at multiple vendor security entries to fully understand how these tools can be leveraged by your organization.
Domain 6: Assessing Internal Consumption of Cloud Services
After learning to assess the security of a cloud service in the last domain, this section of your course shifts the viewpoint to ensuring the secure consumption of cloud services by your organization. Key items ranging from assessing appropriate roles and responsibilities through to assessment of disaster recovery preparedness are reviewed. Students can use the content of this unit to ensure that all aspects of security are addressed during their next assessment of internal operations involving cloud services.
Domain 7: Governance and Security for SaaS Adoption
In order to address a gap in most companies today, Domain 7 analyzes SaaS adoption and the associated risks that most companies are unaware of. Students learn how to determine the controls that providers push onto customers and the real risks associated with cloud computing, such as ShadowIT and the critical importance of establishing a Cloud Governance Board. Additionally, students will also review the process of creating a Cloud Governance Board to establish a Cloud Broker function in your enterprise.
Domain 8: Security Controls and Tools for IaaS
In the final domain, Security Controls and Tools for IaaS, students review Amazon Web Services (AWS) security controls and identify how they map to the ISO 27017 standard. The domain finishes up with students reviewing a checklist of all security offerings in AWS, what should be assessed and how to assess each control. Moving forward students can use this as the basis of a technical control assessment for all AWS implementations in your organization.
Intrinsec’s Concierge Service focuses on you, providing a personalized human experience with one of our concierge representatives to ensure that you have a perfect experience from day one and beyond.
Not only will your representative reach out to you when you sign up, providing you with all the information you need, but they will also be on stand-by for any and all questions you may have.
After you have completed your class your concierge representative can provide you with relevant recommendations for upcoming events, discounts on training, and suggestions to help further your career.
Cloud Audit and Compliance is intended for an audience that’s interested in reviewing how to audit, control, monitor and assess cloud services and providers. Some example job functions may include, but are not limited to:
- IS/IT Managers, Directors and Executives
- Systems Architects
- Security Professionals
- Risk Management Professionals
- Regulatory Compliance Professionals
- IS/IT Consultants
- Business Analysts
- Business Unit Stakeholders
- Professionals interested in obtaining the CCSK or CCSP credential
- Professionals interested in cloud computing and security