Cloud Audit and Compliance
Cloud Audit and Compliance Training Information
Cloud Audit and Compliance is the ideal course for the those who are responsible for auditing, controlling, monitoring and/or assessing cloud services and providers. Over a period of 2-days this course provides students with a combination of lecture and hands-on activities, making it a great resource for learning best practices of cloud adoption and how the cloud impacts audit and compliance activities.
Additionally, this course provides students with a workshop environment in which they create and execute an audit plan based on their security policy. Students will work together to identify and assess risks within their own environments based on internal documentation as well as Cloud Security Alliance, NIST and vendor guidance papers.
While Cloud Audit and Compliance is an excellent stand alone course, it is not uncommon for it to be taken in conjunction with CCSK PLUS – the demand for this combination of courses resulted in the creation of the Cloud Security Boot Camp.
Your Registration Includes
- 2 Days of Cloud Audit and Compliance Training
- Official Student Handbook for Cloud Audit and Compliance
- Cloud Audit and Compliance OnDemand Videos
- 1-on-1 Instructor Access; personal mentoring and content review assistance
- Loyalty Savings: Discounted Training Rates for CCSK Plus or CCSK Foundation
What You Will Learn
In Cloud Audit and Compliance you will spend a total of 2-days reviewing all eight domains featured in your course material. Additional information on what you can expect to learn while reviewing each domain is found below.
- Domain 1: Cloud Baseline
- Domain 2: Governance, Risk Management and Compliance
- Domain 3: Compliance Certifications, Standards and Frameworks
- Domain 4: FedRAMP
- Domain 5: Assessing Cloud Service Providers with CSA Tools
- Domain 6: Assessing Internal Consumption of Cloud Services
- Domain 7: Governance and Security for SaaS Adoption
- Domain 8: Security Controls and Tools for IaaS
Domain 1: Cloud Baseline
Your Cloud Audit and Compliance training kicks off with Domain 1, Cloud Baseline, which covers the basics of cloud computing – identifying what cloud is and what it is not. You will also review the NIST cloud reference architecture, the essential characteristics of cloud, service models and deployment models. Security responsibilities are also discussed, in addition to the changes to governance, risk management and compliance that cloud adoption brings to organizations.
Domain 2: Governance, Risk Management and Compliance
Building from the previous section, Domain 2 covers how to implement governance and risk management in a cloud environment. Items covered include creation of initial risk assessment plans to streamline adoption of cloud services, investigating the critical aspects of creating cloud policies in your organization and the legal ramifications of cloud adoption. Domain 2 wraps up with an introduction to assessment of Cloud Service Providers and the standards used to demonstrate appropriate security measures are in place.
Domain 3: Compliance Certifications, Standards and Frameworks
The “Compliance Certifications, Standards and Frameworks” domain reviews popular standards such as ISO 27001, ISO 27017, PCI and SOC reports. Students perform exercises with PCI and SOC to explore the standards and responsibilities shifts introduced by cloud. As part of this domain, students perform a thorough review of the SOC principles and criteria.
Domain 4: FedRAMP
Domain 4 covers the FedRAMP program, its components and purpose. As a student you will look at the various elements of FIPS 199, the NIST Risk Management Framework and how it supports the FedRAMP approval process. Throughout this unit, FedRAMP is presented as a model to form a cloud governance board in your organization. Additionally, by the end of this domain you will understand how FedRAMP can be used by Government agencies to ensure Cloud Service Providers have adequately addressed an acceptable baseline of security in their offering.
Domain 5: Assessing Cloud Service Providers with CSA Tools
This domain reviews a variety of the tools provided by Cloud Security Alliance (CSA) to assist with a vendor assessment program. Students work through the Cloud Controls Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ) and the Security Trust & Assurance Registry (STAR) to create a complete risk assessment program for cloud services. Lastly, students will look at multiple vendor security entries to fully understand how these tools can be leveraged by your organization.
Domain 6: Assessing Internal Consumption of Cloud Services
After learning to assess the security of a cloud service in the last domain, this section of your course shifts the viewpoint to ensuring the secure consumption of cloud services by your organization. Key items ranging from assessing appropriate roles and responsibilities through to assessment of disaster recovery preparedness are reviewed. Students can use the content of this unit to ensure that all aspects of security are addressed during their next assessment of internal operations involving cloud services.
Domain 7: Governance and Security for SaaS Adoption
In order to address a gap in most companies today, Domain 7 analyzes SaaS adoption and the associated risks that most companies are unaware of. Students learn how to determine the controls that providers push onto customers and the real risks associated with cloud computing, such as ShadowIT and the critical importance of establishing a Cloud Governance Board. Additionally, students will also review the process of creating a Cloud Governance Board to establish a Cloud Broker function in your enterprise.
Domain 8: Security Controls and Tools for IaaS
In the final domain, Security Controls and Tools for IaaS, students review Amazon Web Services (AWS) security controls and identify how they map to the ISO 27017 standard. The domain finishes up with students reviewing a checklist of all security offerings in AWS, what should be assessed and how to assess each control. Moving forward students can use this as the basis of a technical control assessment for all AWS implementations in your organization.
Cloud Audit and Compliance is intended for an audience that’s interested in reviewing how to audit, control, monitor and assess cloud services and providers. Some example job functions may include, but are not limited to:
- IS/IT Managers, Directors and Executives
- Systems Architects
- Security Professionals
- Risk Management Professionals
- Regulatory Compliance Professionals
- IS/IT Consultants
- Business Analysts
- Business Unit Stakeholders
- Professionals interested in obtaining the CCSK or CCSP credential
- Professionals interested in cloud computing and security
The instructor that will be working with you in this course is Graham Thompson, Intrinsec’s principal cloud security trainer. Graham has over 20 years of IT experience and has successfully competed a variety of cloud security projects for the following organizations:
- A Global Financial Institution with over $4T in assets under management
- A Global Retailer listed on Nasdaq with over 7000 stores
- Telecommunication company traded on NYSE
- Global Consultancy Firm
- Leading K-12 education company
- Global Conglomerate traded on NYSE
- AgTech (note from Graham: way cooler than you’d think!)
- Financial Institution traded on NYSE
- Telecommunication company traded on Nasdaq
In addition to the above, Graham has delivered cloud security training to employees representing over 100 leading firms with fantastic feedback and many internal recommendations from clients.
Prior to migrating his career to the cloud, Graham served as a senior security architect for several Federal Government departments and other enterprise-sized clients.
Graham holds his CISSP, CCSK, CCSP (co-authored) and an embarrassingly long list of designation letters that may or not be retired by now.
TL;DR: When it comes to cloud security Graham knows his stuff.
|Dec 10 - 11, 2020||9:00am - 5:00pm EST||Live Online||Yes||USD $1,595.00|