Cloud Audit and Compliance


Duration: 2 days
CPE Credits: 14
Course Number: SEC-305
Intrinsec Security - Logo (Graphic)

Cloud Audit and Compliance is a two day, 14 CPE training seminar offered to you by Intrinsec Security.

Cloud Audit and Compliance Training Information
Course Overview

Cloud computing and the adoption of cloud-based systems has quickly gained the popularity of countless organizations and companies around the world. Yet with such rapid growth in new cloud usage, there’s an equal amount of growth in new risk. Many enterprises are failing to prepare for the negative implications of the cloud and the impact it can have on an entire organization.

For the individual who is responsible for auditing, controlling, monitoring and assessing cloud services and providers, this Cloud Audit and Compliance program will instruct you on these challenges and more.

Over a period of 2-days this class will teach you how to effectively and appropriately assess cloud services and providers. You will review how to assess vulnerabilities, report on compliance issues and establish internal controls. Additionally you will also receive instruction on assessing your organizations readiness to adopt cloud computing, along monitoring the activity of cloud services once implemented.

Your Registration Includes
  • 2 Days of Cloud Audit and Compliance Training
  • On-Demand Resources for Cloud Audit and Compliance *LIFE*
    • Cloud Audit and Compliance Student Training Pack *LIFE*
    • +5 hours of video content reviewing the key topics and best practices from Cloud Audit and Compliance *LIFE*
    • Access to resources and non-expiring, valid for life
    • Available Online, 24/7 access for convenient studying
    • 1-on-1 Instructor Access; personal mentoring and content review assistance

*LIFE* = You gain instant online access to this resource for LIFE after registering for any of our publicly scheduled Cloud Security Boot Camps (click here to view upcoming dates).

What You Will Learn

In Cloud Audit and Compliance you will spend a total of 2-days reviewing all six domains featured in the course material. Additional information on what you can expect to learn while reviewing each domain is found below.

  • Domain 1: Audit Principles
  • Domain 2: Certifications and Compliance
  • Domain 3: Assessing Cloud Service Providers
  • Domain 4: Auditing Cloud Computing Activity
  • Domain 5: SaaS Adoption Risks and Assessment
  • Domain 6: ISO 27017 IaaS Technical Controls

Domain 1: Audit Principles

Cloud Audit and Compliance kicks off with Domain 1, Audit Principles, which reviews the appropriate auditing process you can implement to assess your cloud-based environment.

Cloud Audit & Compliance Key Topics:

  • Audit Introduction
  • Audit Control Types
  • Audit Phases
  • Audit Procedures
  • Compliance Issues
  • Assessing Providers

Domain 2: Certifications and Compliance

In this domain, Certifications and Compliance, the overall goal is for students to understand why it is so important for them to seek and obtain compliance in public and private clouds.

Cloud Audit & Compliance Key Topics:

  • Service Model Impact on Compliance
  • Compliance Standards and Frameworks Used by Cloud Service Providers
    • ISO: International Organization for Standardization
    • NIST: National Institute of Standards and Technology
    • PCI: Payment Card Industry
    • SOC: Service Organization Controls

Domain 3: Assessing Cloud Service Providers

The Assessing Cloud Service Providers domain looks at cloud service providers and the security they bring to the table. More specifically, it covers the available tools from Cloud Security Alliance and how you can use them to assess cloud service providers.

Cloud Audit & Compliance Key Topics:

  • Cloud Controls Matrix
  • CAIQ
  • STAR Registry
  • Training Exercises Focused on Cloud Controls Matrix and Star Registry.

Domain 4: Auditing Cloud Computing Activity

In Domain 4 students will learn how to assess cloud usage within their own firm, and to analyze what needs to be investigated in a corporation that is leveraging cloud computing services of any type.

Cloud Audit & Compliance Key Topics:

  • Pre-Discovery
  • Logical Access Control
  • Security Logging
  • Governance
  • Encryption
  • Incident Response
  • Asset Configuration
  • Network Configuration
  • Disaster Recovery

Domain 5: SaaS Adoption Risks and Assessment

SaaS Adoption Risks and Assessment discusses governance and security of Software as a Service (SaaS) consumption within your organization.

Cloud Audit & Compliance Key Topics:

  • Assessing SaaS Solutions
  • SaaS Security Risks and What Management Should Know
  • Establishing Governance with a Cloud Governance Board
  • Discovery of SaaS Applications (both technical and non-technical measures)

Domain 6: ISO 27017 IaaS Technical Controls

The ISO 27017 IaaS Technical Controls domain reviews the ISO 27017 security controls and the internal and/or Cloud Service Provider (CSP) tools that can be leveraged to secure an IaaS environment.

Cloud Audit & Compliance Key Topics:

  • Cloud Governance Board
  • SaaS / IaaS Encryption
  • Database Activity Monitoring
  • DLP Solutions
  • Cloud-Based Web Threat Management

Cloud Audit and Compliance is intended for an audience that’s interested in reviewing how to audit, control, monitor and assess cloud services and providers. Some example job functions may include, but are not limited to:

  • IS/IT Managers, Directors and Executives
  • Systems Architects
  • Security Professionals
  • Risk Management Professionals
  • Regulatory Compliance Professionals
  • IS/IT Consultants
  • Business Analysts
  • Business Unit Stakeholders
  • Professionals interested in obtaining the CCSK or CCSP credential
  • Professionals interested in cloud computing and security

The instructor that will be working with you in this course is Graham Thompson, Intrinsec’s principal cloud security trainer. Graham has over 20 years of IT experience and has successfully competed a variety of cloud security projects for the following organizations:

  • A Global Financial Institution with over $4T in assets under management
  • A Global Retailer listed on Nasdaq with over 7000 stores
  • Telecommunication company traded on NYSE
  • Global Consultancy Firm
  • Leading K-12 education company
  • Global Conglomerate traded on NYSE
  • AgTech (note from Graham: way cooler than you’d think!)
  • Financial Institution traded on NYSE
  • Telecommunication company traded on Nasdaq

In addition to the above, Graham has delivered cloud security training to employees representing over 100 leading firms with fantastic feedback and many internal recommendations from clients.

Prior to migrating his career to the cloud, Graham served as a senior security architect for several Federal Government departments and other enterprise-sized clients.

Graham holds his CISSP, CCSK, CCSP (co-authored) and an embarrassingly long list of designation letters that may or not be retired by now.

TL;DR: When it comes to cloud security Graham knows his stuff.


Any questions?

Read our Frequently Asked Questions page or simply send your questions to us directly via our Contact Us page or our Live Chat.


Sign up and get exclusive VIP offers, discounts, and early bird registration opportunities for our Cloud Security classes!


Jan 11 - 12, 2018 9:00am - 5:00pm ET Live Online USD $1,595.00
Mar 8 - 9, 2018 9:00am - 5:00pm ET Live Online USD $1,595.00
May 24 - 25, 2018 9:00am - 5:00pm ET Live Online USD $1,595.00

Request Group Training