EnterprisesPartnerships

Individuals

CertificationsCPEs

Products

ITProAuditProPractice Labs & TestsCyberSkillsInsightsPrivate bootcamps
Learning HUBS
  1. <HOME>
  2. Course Catalog>
  3. Audit and Security for Cloud-Based Services - ASN305

Audit and Security for Cloud-Based Services - ASN305

Overview

This course covers the current state of cloud computing, its common architecture, and the major SaaS, PaaS, and IaaS providers in the market today. It covers the security and control deficiencies in cloud-based services and looks at Security as a Service as a way to protect against them. Participants review a risk-based approach to audit and controls for cloud-based services and investigate areas such as cloud-based network models, cloud access security brokers, disaster recovery, and governance in a cloud environment. It reinforces the concepts covered with examples to help participants identify the risks, controls, and gaps in cloud services.

Learning Options

Below are the available learning options for this course:

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

16 Credits

Auditing

Why you should take this course

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Who should take this course

Operational, Business Application, IT, and External Auditors; Audit Managers and Directors; Information Security professionals.

Prerequisites

  • Network Security Essentials (ASG203) 
  • Intermediate IT Audit School (ITG241) 
  • or equivalent experience

1.    Architecture

    What is in the Cloud?

    Cloud Architecture and Services

    Current Market, Pros and Cons

    Cloud Growth Drivers


2.    Service Models

    Software as a Service (SaaS), 

    Platform as a Service (PaaS)

    Infrastructure as a Service (IaaS)

    Cloud Service Brokers (CSBs)

    Security as a Service

    Risks


3.    Security Standards

    Security Standards and Technologies

    NIST

    Cloud Security Alliance (CSA)

    The Open Worldwide Application Security Project (OWASP)

    Identity Management

    FedRAMP

    European Network Information Security (enisa)


4.    Risk Assessment and Vendor Management

    Outsourcing Risks

    Contracts and Right to Audit

    Certifications: SOC, Subservice Organizations

    Security Statements by Provider

    Relationship Monitoring


5.    Provider Security Tools

    Provider Tool Overview

    Amazon Web Services (AWS)

    Google Cloud Provider (GCP)

    Microsoft Cloud

  • Introduce the cloud service model and evaluate how the cloud is being used today.
  • Identify risks and controls for each cloud service model.
  • Discuss cloud standards and certifications as a part of cloud governance – both the cloud provider’s and our governance approach.
  • Provide a risk-based approach to auditing in the cloud.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.