Audit and Security for Cloud-Based Services
Overview
This course covers the current state of cloud computing, its common architecture, and the major SaaS, PaaS, and IaaS providers in the market today. It covers the security and control deficiencies in cloud-based services and looks at Security as a Service as a way to protect against them. Participants review a risk-based approach to audit and controls for cloud-based services and investigate areas such as cloud-based network models, cloud access security brokers, disaster recovery, and governance in a cloud environment. It reinforces the concepts covered with examples to help participants identify the risks, controls, and gaps in cloud services.
Why you should take this course
For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.
Here are the topics we'll cover.
-
Architecture
- What is in the Cloud?
- Cloud Architecture and Services
- Current Market, Pros and Cons
- Cloud Growth Drivers
-
Service Models
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
- Cloud Service Brokers (CSBs)
- Security as a Service
- Risks
-
Security Standards
- Security Standards and Technologies
- NIST
- Cloud Security Alliance (CSA)
- The Open Worldwide Application Security Project (OWASP)
- Identity Management
- FedRAMP
- European Network Information Security (enisa)
-
Risk Assessment and Vendor Management
- Outsourcing Risks
- Contracts and Right to Audit
- Certifications: SOC, Subservice Organizations
- Security Statements by Provider
- Relationship Monitoring
-
Provider Security Tools
- Provider Tool Overview
- Amazon Web Services (AWS)
- Google Cloud Provider (GCP)
- Microsoft Cloud
Learning Style
Level
Who this course is for
NASBA Certified CPE
Field of Study
Length of course
Advanced Preparation
Here are the learning objectives we'll cover
- Introduce the cloud service model and evaluate how the cloud is being used today.
- Identify risks and controls for each cloud service model.
- Discuss cloud standards and certifications as a part of cloud governance – both the cloud provider’s and our governance approach.
- Provide a risk-based approach to auditing in the cloud.