Cloud Security Fundamentals for Canadian Government
Cloud Security Fundamentals for Canadian Government Information
The Canadian Government has adopted a Cloud First policy for all departments, releasing a digital policy that requires that all departments consider cloud first as a delivery platform. It is expected that departments will embrace this new direction and will therefore increase market demand for cloud services, and related knowledge and expertise. This means your department will be faced with a substantial increase in requests for new cloud services and will need to understand how to procure, authorize, and manage cloud services of all types. Intrinsec’s Cloud Security Fundamentals for Canadian Governments training program addresses the unique challenges faced by Canadian Government departments to help you and your team understand the new challenges to data security considerations for your department.
Intrinsec’s Cloud Security Fundamentals for Canadian Government training is a vendor-neutral two-day cloud security and risk management course that addresses Canadian Government cloud security and risk management documentation and cloud adoption requirements. The main benefit of having this session delivered to your employees is to raise awareness of cloud security and risk management issues surrounding cloud services and why these services need to be properly secured and how to use the available tools and standards to meet Canadian Government requirements.
This course fully addresses special aspects that Canadian Government employees and contractors must be aware of before procuring and consuming public cloud services. It is simply unrealistic to expect these individuals to understand the cyber supply chain they are building without proper training addressing the new challenges brought to your department as a result of cloud adoption.
Your Registration Includes
Your Cloud Security Fundamentals for Canadian Government training includes the following:
- 2 Days of Cloud Security Fundamentals for Canadian Government Training
- Cloud Security Fundamentals for Canadian Government Student Handbook
- 14 CPE Credits
What You Will Learn
In the Cloud Security Fundamentals for Canadian Government course, students will spend a total of 2-days reviewing all six domains featured in your course material. Additional information on what you can expect to learn while reviewing each domain is found below.
Module 1: Cloud Level-Set
This module serves as a refresher of some of the basics that will be built upon for the course. The presentation of material is different than the CCSK course and introduces documentation from NIST that is leveraged by the Canadian Government, such as FIPS 199, NIST Risk Management Framework (RMF), Special Publications 500-292 and 500-299.
Module 2: Assessing Cloud Service Providers
The second module covers the various compliance offerings and attestations used by Cloud Service Providers and how to use them for Canadian Government purposes. Key topics include FedRAMP, ISO 27017, AICPA System and Organization Controls (SOC) suite and the Cloud Security Alliance Cloud Controls Matrix, Consensus Assessment Initiative Questionnaire, STAR registry and more.
Module 3: Canadian Government Cloud Security and Risk Management
The third module builds on the information covered in the previous modules and covers how Canadian Government leverages those industry standards as part of their approach to Cloud Security and Risk Management. Through in-depth coverage of TBS and CCCS ITSM documentation, students will learn the process used by the Canadian Government to procure and manage cloud services.
Module 4: Continuous Monitoring and Maintaining Authorizations
With the rapid change involved with cloud services, departments must be able to continuously manage all aspects of partnerships with cloud services. This fourth module covers both continuous management and monitoring of Cloud Service Providers and internal controls associated with cloud services.
Module 5: Assessing Usage of Cloud Services
Securing something that you don’t know exists is impossible. The fifth module covers identification of the tools and procedures that can be used to identify and remediate unauthorized and improper usage of cloud services (Shadow IT) within a department. Students also learn the processes and structure that can be implemented to eliminate future incidents of Shadow IT within your department.
Module 6: New Technologies
The final course module covers a variety of tools and technologies that your department will likely consume as it leverages IaaS and PaaS services. This module covers both the new technologies, their impacts and approaches that can be used to secure them. Some technologies covered include Containers, DevOps, CI/CD tools and Serverless computing.
This course caters to a wide audience of employees from all Government departments that use or are considering any cloud system, ranging from SaaS business applications through to IaaS. Some roles include the following:
- IT Auditors (internal and external)
- IT Risk Management
- Security Directors
- Security Managers
- IT Staff looking to advance their careers
- Staff involved with procurement of cloud services
Upon completion of this course, students will:
- Understand Canadian Government publications on Cloud Security and Risk Management.
- Work with the various compliance standards used by Cloud Service Providers such as ISO 27017, SOC2, FedRAMP, etc.
- Use various Cloud Security Alliance tools to assess Cloud Service Providers and secure usage of cloud services.
- Establish a Cloud Governance function to secure and manage risk of the Cyber Supply Chain within a department.
- Applying ITSG-33 to assess and secure cloud services.
- Learn about new technologies and how they impact security in a cloud environment.
The instructor that will be working with you in this course is Graham Thompson, Intrinsec’s principal cloud security trainer. Graham has over 20 years of IT experience and has successfully competed a variety of cloud security projects for the following organizations:
- A Global Financial Institution with over $4T in assets under management
- A Global Retailer listed on Nasdaq with over 7000 stores
- Telecommunication company traded on NYSE
- Global Consultancy Firm
- Leading K-12 education company
- Global Conglomerate traded on NYSE
- AgTech (note from Graham: way cooler than you’d think!)
- Financial Institution traded on NYSE
- Telecommunication company traded on Nasdaq
In addition to the above, Graham has delivered cloud security training to employees representing over 100 leading firms with fantastic feedback and many internal recommendations from clients.
Prior to migrating his career to the cloud, Graham served as a senior security architect for several Federal Government departments and other enterprise-sized clients.
Graham holds his CISSP, CCSK, CCSP (co-authored) and an embarrassingly long list of designation letters that may or not be retired by now.
TL;DR: When it comes to cloud security Graham knows his stuff.
No public dates are currently scheduled. Request Group Training!