Cyber Security Assurance Program (CSAP) Workshop

CSAP - Why Boot Camp ?

Can you point out the wrong statement?

  1. You can use proxy and brokerage services to separate clients from direct access to shared cloud storage
  2. Any distributed application has a much greater attack surface than an application that is closely held on a Local Area Network
  3. Cloud computing doesn’t have vulnerabilities associated with Internet applications
  4. All of the mentioned

You Will Learn

Models of Cloud Computing –Iaas, Paas

Cloud Computing deployment Model – Private, Public

Characteristics of cloud computing

Challenges of Cloud Computing

Identity and Access Management (IAM)

Risk, Audit, and Assessment for the Cloud

Building blocks on cloud – Security Groups, VPC’s, KMS

Common Risks, Threats and Vulnerabilities of Cloud-based Services and Cloud-hosted Solutions

Disaster Recovery and Business Continuity Planning in the Cloud Data Security in the Cloud

How to adapt security architecture, tools, and processes for use in cloud environments

No Events on The List at This Time

Course Syllabus

CLOUD COMPUTING CONCEPTS
  • Brief history of cloud computing
  • Essential Characteristics
  • Service models
  • Deployment model
  • Cloud Security and Compliance Scope and Responsibilities
CLOUD COMPUTING ARCHITECTURE & DESIGN REQUIREMENTS
  • Reference and Architecture Models
    1. Simplified architectural of Iaas platform
    2. Simplified architectural of Paas platform
    3. Simplified architectural of SaaS platform
    4. Generalized architecture
  • Domain specific reference models
GOVERANCE AND ENTERPRISE RISK MANAGEMENT
  • Risk and Governance Hierarchy
  • Governing in the Cloud
  • Tools of Cloud Governance
  • Cloud Information Governance Domains
CHALLENGES OF CLOUD COMPUTING
  • Security
  • Data privacy
  • Performance
  • Governance
PLATFORM AND INFRASTRUCURE SECURITY
  • A Simple Cloud Security Process Model
  • Management Plane Security
  • Cloud Network Virtualization
DATA SECURITY AND ENCRYPTION
  • Data Security Controls
  • Cloud Data Storage Types
  • Managing Data Migrations to the Cloud
  • Securing Cloud Data Transfers
  • Storage (At-Rest) Encryption and Tokenization
  • Key management procedures ( generic topic)
  • Data Security Architectures
  • Data Loss Prevention
  • Enterprise Rights Management
  • Enforcing Life-cycle Management Security
IDENTITY , ENTITLEMENT AND ACCESS MANAGEMENT
  • How IAM is Different in the Cloud
  • Terms related to IAM
  • IAM Standards for Cloud Computing
  • Authentication and Credentials
  • Entitlement and Access Management
  • Privileged User Management
APPLICATION SECURITY
  • Opportunities and challenges
  • Secure Software Development Life-cycle
  • Design and Architecture
  • DevOps and Continuous Integration/Continuous Deployment (CI/CD)
BUSINESS CONTINUNITY
  • Business Continuity and Disaster Recovery in the Cloud
VIRTUALIZATION AND CONTAINERIZATION
  • Brief into of Virtualization ( general topic)
  • Brief into of Containerization ( general topic)
  • Major Virtualization Categories Relevant to Cloud Computing
CLOUD OPERATIONS
  • Operating in the Cloud
  • Secure Operations
INCIDENT MANAGEMENT
  • Incident Response Life-cycle, as laid out in NIST 800-61 rev2
  • Cloud impact on IR
LEGAL AND COMPLAINCE
  • Legal Frameworks Governing Data Protection and Privacy
  • Cross-border Data Transfers
  • GDPR
  • Compliance - Audit scope
  • Audit Management
DEVOPS
  • Brief introduction to DevOps
  • Security during DevOps
X

Pop up

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from. While using our website, we may ask you to provide us with certain personally identifiable information, that can be used to contact you about our service offerings. By browsing our website, you consent to our privacy and cookies policy.