Overview
This course covers the current state of cloud computing, its common architecture, and the major SaaS, PaaS, and IaaS providers in the market today. It covers the security and control deficiencies in cloud-based services and looks at Security as a Service as a way to protect against them. Participants review a risk-based approach to audit and controls for cloud-based services and investigate areas such as cloud-based network models, cloud access security brokers, disaster recovery, and governance in a cloud environment. It reinforces the concepts covered with examples to help participants identify the risks, controls, and gaps in cloud services.
Learning Options
Below are the available learning options for this course:
Enterprise Solutions
Tailored Experience
Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.
Customize your trainingNASBA Certified CPE
Auditing
Why you should take this course
For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.
Who should take this course
Operational, Business Application, IT, and External Auditors; Audit Managers and Directors; Information Security professionals.
Prerequisites
- Network Security Essentials (ASG203)
- Intermediate IT Audit School (ITG241)
- or equivalent experience
1. Architecture
• What is in the Cloud?
• Cloud Architecture and Services
• Current Market, Pros and Cons
• Cloud Growth Drivers
2. Service Models
• Software as a Service (SaaS),
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)
• Cloud Service Brokers (CSBs)
• Security as a Service
• Risks
3. Security Standards
• Security Standards and Technologies
• NIST
• Cloud Security Alliance (CSA)
• The Open Worldwide Application Security Project (OWASP)
• Identity Management
• FedRAMP
• European Network Information Security (enisa)
4. Risk Assessment and Vendor Management
• Outsourcing Risks
• Contracts and Right to Audit
• Certifications: SOC, Subservice Organizations
• Security Statements by Provider
• Relationship Monitoring
5. Provider Security Tools
• Provider Tool Overview
• Amazon Web Services (AWS)
• Google Cloud Provider (GCP)
• Microsoft Cloud
- Introduce the cloud service model and evaluate how the cloud is being used today.
- Identify risks and controls for each cloud service model.
- Discuss cloud standards and certifications as a part of cloud governance – both the cloud provider’s and our governance approach.
- Provide a risk-based approach to auditing in the cloud.
ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.