Course description
Audit and Security for Cloud-Based Services
This course covers the common architecture of cloud computing and examines the security and controls of SaaS, PaaS, and IaaS. It also covers the deficiencies that exist in cloud-based services and how Security-as-a-Service can be helpful.
Upcoming start dates
Who should attend?
Operational, Business Application, Information Technology, and External Auditors; Audit Managers and Directors; Information Security professionals
Prerequisites: A working knowledge of operating system security, networking concepts and associated logical access controls; Network Security Essentials (ASG203), Intermediate Audit School (ITG241) or equivalent experience
Training content
Understanding Corporate Culture:
- the SPI Cloud Computing Model
- cloud network models
- key drivers for moving towards cloud-based services
Software as a Service (SaaS):
- key enterprise applications
- the SaaS transaction model(s)
- SaaS security and audit concerns
Platform as a Service (PaaS):
- major development providers/platforms
- PaaS security and audit concerns
Infrastructure as a Service (IaaS):
- host security in the cloud
- network security in the cloud
- data storage/SAN in a cloud IaaS environment
- cloud bursting
- cloud bursting
- IaaS security and audit concerns
Brokered Cloud Services:
- cloud aggregators
- cloud brokers
- cloud management service portals
Security as a Service:
- identity management as a service
- security event monitoring/IDS as a service
- vulnerability management as a service
- data leakage prevention as a service/Web filtering, e-mail filtering
Cloud-Based Security Standards and Dependencies:
- directories and identity management
- federated identities
- emerging security Standards: SPML, XACML, OAuth, OpenID, others
Governance in a Cloud Services Environment:
- key performance indicators
- audit trails for cloud-based services
- service level agreements, licensing
- legal complexities: data privacy, globalization, trans-border constraints
- third-party assessments and certifications: SAS70, ISO 27001
Disaster Recovery in a Cloud-Based Environment:
- SPI HA architectures
- virtualized environments and their impact on disaster recovery
- updating and testing disaster recovery plans
Cloud Security and Audit:
- key risks and audit concerns
- identifying key controls and mitigations
- cloud-based risk analysis models: ENISA, NIST, CSA
- security best-practices models for cloud-based services
- audit techniques and tests in a cloud-based environment
Certification / Credits
NASBA Certified CPE: 16 Credits Auditing
IT Audit Certificate, Information Security Certificate
What You'll learn
You will learn about the current state of cloud computing, its common architecture, and the major services provided in the market. Also, how to use SaaS as a way to protect against security and control deficiencies.
ACI Learning
At ACI Learning, we train leaders in Cybersecurity, Audit, and Information Technology. Whether you're starting your IT career, mastering your profession, or developing your team, we're with you every step of the way. We believe that training is not a...
Reviews
Average rating 5
Very informative with both a very knowledgeable instructor and participative class which made the discussions more engaging.
Insightful
I was looking forward to this course after taking Intermediate IT Audit from Jason Claycomb last year. This program was prepared and presented in the same excellent, easy to fol...