SEC524: Cloud Security Fundamentals teaches you how to properly evaluate cloud providers, and perform risk assessment and review, with a focus on risk assessment versus technical implementation and operations. The course starts with a detailed introduction to the various cloud computing delivery models, ranging from Software as a Service (SaaS) to Infrastructure as a Service (IaaS) and everything in between. Each of these delivery models represents an entirely separate set of security conditions to consider, especially when coupled with various cloud types, including public, private, and hybrid. We'll take a close look at the security issues and the risks involved within each of these models.
The course will also touch on architecture and infrastructure fundamentals for the private, public, and hybrid clouds, including a wide range of topics such as patch and configuration management, virtualization security, application security, and change management. Policy, risk assessment, and governance within cloud environments will also be covered, with recommendations for both internal policies and contract provisions. This will lead us to a discussion of compliance and legal concerns. The first day will wrap up with an examination of disaster recovery and business continuity planning using cloud models and architecture.
Day 2 starts with a discussion about the challenges of identity and access management in cloud environments. As more and more businesses are using the cloud to store data, we will discuss how to protect your critical data in the cloud. New approaches for data encryption, network encryption, key management, and data lifecycle concerns will be covered in detail. This will be followed by a discussion on intrusion detection and incident response in cloud environments, along with how to best manage these critical security processes and the technologies that support them, given that most controls are managed by the Cloud Service Provider (CSP). We'll wrap up with a deep dive into risk assessments and risk management that will provide students with a framework to properly assess and review current cloud provider controls.
- Build a risk-based assessment program of cloud providers' controls
- Understand the key areas to focus on in cloud contracts
- Evaluate the various layers of cloud infrastructure
- Adapt a disaster recovery and business continuity plan for cloud environments
- Perform vulnerability assessments in a cloud environment
- Integrate encryption and identity management services in a cloud environment
- Improve your incident response and monitoring capabilities in the cloud
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.