This session will focus on the audit and assurance related to Cloud Computing environments:
- How to perform cloud security & control assessments / audits
- Understand cloud shared responsibility models
Session Outline
Cloud Security & Compliance
- Security and Compliance Overview (e.g. ISO27001)
- SOC2 Reports
- Cloud Security & Control Requirements
- Network Security
- Identity Management & Access Control
- CASB (Cloud Access Security Broker)
- Provisioning and Security Administration
- Privilege Management
- Configuration Management / Change Management
- Security Configuration
- Logging and Monitoring / SIEM / Incident Management
- Vulnerability Management / Penetration Testing
AWS Security & Audit
- Foundation Services
- Three-Tier Web Services
- AWS Security Mechanisms and Tools for Audit
Azure Security & Audit
- Foundation Services
- Azure Security Mechanisms and Tools for Audit
Audit Tools & Techniques
- ISACA Security and Audit Resources
- Cloud Security Certifications
- References to Example Audit Programs & Checklists