Audit and Security for Cloud-Based Services - ASN305

Audit and Security for Cloud-Based Services

Audit and Security for Cloud-Based Services - ASN305
ENROLL IN THIS COURSE

Upcoming Dates & Locations

Onsite - New York
Oct 21st, 2021 - Oct 22nd, 2021

Audit and Security for Cloud-Based Services - ASN305

CPE:16


Price: $1527.00


Overview

This course covers the common architecture of cloud computing and examines the security and controls of SaaS, PaaS, and IaaS. It also covers the deficiencies that exist in cloud-based services and how Security-as-a-Service can be helpful.


Who Should Attend

Operational, Business Application, Information Technology, and External Auditors; Audit Managers and Directors; Information Security professionals


Prerequisites

  • A working knowledge of operating system security, networking concepts, and associated logical access controls, Network Security Essentials (ASG203)
  • Intermediate Audit School (ITG241), or equivalent experience.

What You’ll Learn

You will learn about the current state of cloud computing, its common architecture, and the major services provided in the market. Also, how to use SaaS as a way to protect against security and control deficiencies


Objectives

Understanding Corporate Culture:

  • the SPI Cloud Computing Model
  • cloud network models
  • key drivers for moving towards cloud-based services

Software as a Service (SaaS):

  • key enterprise applications
  • the SaaS transaction model(s)
  • SaaS security and audit concerns

Platform as a Service (PaaS):

  • major development providers/platforms
  • PaaS security and audit concerns

Infrastructure as a Service (IaaS):

  • host security in the cloud
  • network security in the cloud
  • data storage/SAN in a cloud IaaS environment
  • cloud bursting
  • cloud bursting
  • IaaS security and audit concerns

Brokered Cloud Services:

  • cloud aggregators
  • cloud brokers
  • cloud management service portals

Security as a Service:

  • identity management as a service
  • security event monitoring/IDS as a service
  • vulnerability management as a service
  • data leakage prevention as a service/Web filtering, e-mail filtering

Cloud-Based Security Standards and Dependencies:

  • directories and identity management
  • federated identities
  • emerging security Standards: SPML, XACML, OAuth, OpenID, others

Governance in a Cloud Services Environment:

  • key performance indicators
  • audit trails for cloud-based services
  • service level agreements, licensing
  • legal complexities: data privacy, globalization, trans-border constraints
  • third-party assessments and certifications: SAS70, ISO 27001

Disaster Recovery in a Cloud-Based Environment:

  • SPI HA architectures
  • virtualized environments and their impact on disaster recovery
  • updating and testing disaster recovery plans

Cloud Security and Audit:

  • key risks and audit concerns
  • identifying key controls and mitigations
  • cloud-based risk analysis models: ENISA, NIST, CSA
  • security best-practices models for cloud-based services
  • audit techniques and tests in a cloud-based environment

Why You Should Attend

You should attend because as organizations continue to leverage cloud computing they are exposed to many risks, and auditors must know about these challenges, how to verify the security of their clients, and the best practices to recommend.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.

ENROLL IN THIS COURSE