Audit and Security for Cloud-Based Services

IT Audit

Overview

This course covers the current state of cloud computing, its common architecture, and the major SaaS, PaaS, and IaaS providers in the market today. It covers the security and control deficiencies in cloud-based services and looks at Security as a Service as a way to protect against them. Participants review a risk-based approach to audit and controls for cloud-based services and investigate areas such as cloud-based network models, cloud access security brokers, disaster recovery, and governance in a cloud environment. It reinforces the concepts covered with examples to help participants identify the risks, controls, and gaps in cloud services.

Why you should take this course

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Here are the topics we'll cover.

  1. Architecture

    • What is in the Cloud?
    • Cloud Architecture and Services
    • Current Market, Pros and Cons
    • Cloud Growth Drivers

  2. Service Models

    • Software as a Service (SaaS)
    • Platform as a Service (PaaS)
    • Infrastructure as a Service (IaaS)
    • Cloud Service Brokers (CSBs)
    • Security as a Service
    • Risks

  3. Security Standards

    • Security Standards and Technologies
    • NIST
    • Cloud Security Alliance (CSA)
    • The Open Worldwide Application Security Project (OWASP)
    • Identity Management
    • FedRAMP
    • European Network Information Security (enisa)

  4. Risk Assessment and Vendor Management

    • Outsourcing Risks
    • Contracts and Right to Audit
    • Certifications: SOC, Subservice Organizations
    • Security Statements by Provider
    • Relationship Monitoring

  5. Provider Security Tools

    • Provider Tool Overview
    • Amazon Web Services (AWS)
    • Google Cloud Provider (GCP)
    • Microsoft Cloud

Learning Style

Instructor Led

Level

Advanced

Who this course is for

Operational, Business Application, IT, and External Auditors; Audit Managers and Directors; Information Security professionals.

NASBA Certified CPE

16 credits

Field of Study

Auditing

Length of course

16h

Prerequisites

Network Security Essentials Intermediate IT Audit School
or equivalent experience

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Introduce the cloud service model and evaluate how the cloud is being used today.
  • Identify risks and controls for each cloud service model.
  • Discuss cloud standards and certifications as a part of cloud governance – both the cloud provider’s and our governance approach.
  • Provide a risk-based approach to auditing in the cloud.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/