• Online, Self-Paced
Course Description

IT security is a concern for most modern organizations and moving to the cloud heightens those concerns for most. The security implications are potentially magnified by large tranches of data existing outside the immediate control of the organization. Although some of the fears with regard to security in the cloud are exaggerated, there are specific areas to be aware of and cautious about. This course explores some of the key risk areas when it comes to security and cloud computing. It also introduces control assessment frameworks and models that can be used in assessing your risk in going to the cloud and evaluating the cloud provider's security offering. It goes on to outline basic guidelines that you should follow to ensure an adequate level of security in an XaaS environment, including key areas of the IT infrastructure and issues relating to data transfer and storage.

Learning Objectives

Cloud Security

  • start the course
  • describe the objectives of information security and how they relate to the cloud
  • describe the challenges associated with cloud security
  • describe the three models for public cloud security responsibilities
  • describe relevant ISO standards for information security
  • describe the Security as a Service model

Security Risks

  • describe the security risk areas for cloud computing
  • describe how to assess security offerings for cloud services
  • describe the challenges associated with security in a Software as a Service or SaaS offering
  • describe the best practices for securing a Software-as-a-Service or SaaS offering
  • describe secure software development practices

IT Infrastructure Security

  • describe the Jericho Forum Cloud Cube Model for defining cloud characteristics
  • describe the considerations for infrastructure security in cloud computing
  • describe the host-level security considerations in cloud computing
  • describe considerations for security virtualization hosts in a cloud environment
  • describe application-level security in cloud computing

Securing Cloud Data

  • describe the measures to secure data at rest and data in transit
  • describe how to perform risk assessment in a cloud environment
  • describe the service-level agreements for cloud security

Practice: Cloud Security

  • describe the measures to secure data and connection in a cloud environment

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.