Cloud Security, Audit and Compliance - Online

Schedule for this Course

Course Description:

Are you ready for the cloud? The cloud has everyone up in arms when discussing security! The benefits of the Cloud are great; however, many companies have concerns about adopting cloud architecture due to the inherent security risks. This course will provide for you what you do not find in other classes! The combination of knowledge tailored around implementing cloud security along with the hands on labs needed to truly understand what is happening to your data and the auditing and compliance skills needed to successfully manage a secure cloud implementation. The class is best taken in its entirety but can be taken and completed in separate independent modules (Cloud Security and/or Cloud Audit and Compliance).

Course Objectives

• To fully understand Cloud Security from a real world view point.
• To receive the hands on experience needed to implement Cloud Security with VMware vCloud Director, VMware vSphere and other products generally used in cloud implementations.
• To have a general working knowledge on what to audit in a cloud architecture.
• To know hands-on methods of auditing a cloud environment from a best practices Security view point.
• To understand how compliance is viewed and dealt with in the cloud.
• To prepare for the RAZR Cloud Security & Audit Professional. (R|CSAP)

Prerequisites

Recommended minimum one year experience with virtualization technology or equivalent knowledge or training. General understanding of cloud architectures. Minimum one year experience with general security.

Course Outline:

Cloud Security

Days 1-3

Cloud & Security Fundamentals

• Cloud Terminology
• Cloud Architecture
• Cloud Service Delivery Models
• What Cloud Computing is
• What cloud Computing is Not
• Cloud vx. Virtualization
• Core Security Concepts
• Traditional Security vs. Cloud Security

Cloud Security Domains

• Domain 1: Cloud Computing Architectural Framework
• Domain 2: Governance & Enterprise Risk Management
• Domain 3: Legal issues: Contracts & Electroinc Discovery
• Domain 4: Compliance & Audit Magagement
• Domain 5: Information Management & Data Security
• Domain 6: Interoperability & Portability
• Domain 7: Traditional Security, Business Security, & Disaster Recovery
• Domain 8: Data Center Operations
• Domain 9: Incident Response
• Domain 10: Application Security
• Domain 11:Encryption & Key Management
• Domain 12: Identity, Entitlement, & Access Management
• Domain 13: Virtualization
• Domain 14: Security as a Service

Cloud Labs

• Cloud Migration Evaluation Lab
• Virtualization Lab
• IaaS Lab
• PaaS Lab
• SaaS Lab
• S-P-I Model Exercise
• Deploying a Private Cloud

Cloud Audit and Compliance

Days 4-5

Cloud Audit & Compliance

• Review of basic cloud terminology, cloud architecture and delivery models
• Auditing the Cloud – What’s the Same
• Auditing the Cloud – What’s Different
• Compliance in the Cloud – What’s the Same
• Compliance in the Cloud – What’s Different
• Governance in the Cloud
• Security and Cloud Computing
• Assurance in Cloud Computing
• Cloud Computing COBIT Control Objectives

Cloud Audit & Compliance Labs

• Cloud Delivery Model Assessment Exercise
• S-P-I Risk Assessment Exercise
• Contract Compliance Exercise
• Identity and Access Control Management Lab
• VM Security Lab
• Encryption/Key Management Lab