Seminar Description:
Cloud Computing is here to stay, and has been described as “outsourcing on steroids”. It introduces some compelling advantages, but also exposes the enterprise to new risks.
The outsource model has been around for decades. However, the various “flavors” of cloud computing introduces risks associated with the Internet, web applications, external management of enterprise data, contractual issues, and basic loss of control.
This seminar, provided by CPE Interactive, will provide you with an understanding of the cloud models, the security risks, differences between traditional IT Security and Cloud, and how to control it.
Learning Objectives:
- Identify Cloud environment and architecture
- Understand the security advantages and disadvantages
- Identify the top security risks
- Describe the common controls to secure the cloud
- Describe benefits and corresponding risks associated with each Cloud Computing model
- Identify issues to be included in the contract
- Address the Cloud CIAA (Confidentiality, Integrity, Availability and Accountability)
- Define the ongoing risk assessment process in a Cloud environment
Who Should Attend:
- Information security professionals
- Internal control professionals
- IT and operational auditors
- Risk managers
Level: Intermediate
Prerequisites: General understanding of IT processes, business and accounting applications, and IT outsourcing processes.
CPE Credits: 16; Information Technology
Delivery: Group Internet-Based
Course Outline:
1. Cloud Computing Background, Definition and Architecture
- Evolution to the Cloud Model
- Definition Cloud Essential Characteristics
- Cloud Service Models (IaaS, PaaS, SaaS)
- Cloud Deployment Models (Public, Private, Hybrid, Community)
2. Security in the Cloud
- Common Myths and Misconceptions About Security in the Cloud
- Cloud Security vs. Traditional IT Security
- Security Benefits of Cloud Computing (Concentration of Resources, Central Updates, Intelligent Scaling of Resources, Standardization of Technology, Scaling)
- Top Security Risk Areas (and Threats) with Cloud Computing – What to Look Out For
- Auditing the Cloud (Data Governance, Information Security, Security Architecture, Resiliency, Operations Management, Compliance, Facility Security, Interfaces with internal applications, Contingency Planning)
- Contract Requirements (SLA’s, Termination, Audit Rights, Dispute Resolution)
- Resources for Auditing the Cloud (Cloud Security Alliance (CSA), Consensus Assessments Initiative Questionnaire (CAIQ), CSA – Cloud Controls Matrix (CCM), NIST SP800-53 – Risk Management Guidance)
- Other (COBIT, FedRAMP, ISO 27001/2, HIPAA, PCI/PCI DSS)
- International Regulation (Data Protection and Difference in regulations)
Location: Virtual Interactive On-Line Classroom, a link will be provided a week prior to the event.
Preparation: Each attendee must attend using a dedicated computer. The use of headphone/microphone combination connection to your computer is required. The use of microphones built into laptops or webcams should be avoided as they often create feedback and pick up surrounding noises resulting in audio interference for you and the entire class. Hands-free telephones also pick-up surrounding noise and should be avoided. Additionally, the use of webcam is strongly recommended to provide the attendees and instructor with the maximum classroom experience.
Cost: $250 - Current ISACA of Middle Tennessee Members / $325 - Non-Members
Date/Time : Auditing Cloud Computing Security Virtual Seminar will take place over 4-days on:
Tuesday - February 23, 2021 (1: 30PM to 5:00PM CT)
Wednesday - February 24, 2021 (1: 30PM to 5:00PM CT)
Thursday - February 25, 2021 (1: 30PM to 5:00PM CT)
Friday, February 26, 2021 (1: 30PM to 5:00PM CT)
Prerequisite: None / Advance Preparation: None / Program Level: Intermediate / Delivery Method: Group-Internet
NOTES: Refunds and Cancellations: Cancellations will be refunded less a $20 processing fee and the cost of the manual (if already shipped/emailed). Cancellations must be made via email to certification@isacanashville.org by the close of business October 14, 2020. See the Chapter website for complete details on the Chapter's event policies.
Please contact us at certification@isacanashville.org with any questions or concerns.
The Middle Tennessee Chapter of ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
Refunds and Cancellations: Cancellations will be refunded less a $20 processing fee. Cancellations must be made via email to certification@isacanashville.org by the close of business February 12, 2020.
Please contact us at certification@isacanashville.org with any questions or concerns.
The CPE Interactive is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
Instructor: Leighton Johnson, CISM, CISA, CISSP, CIFI, CRISC, CMAS, FITSP-A —Senior Fellow in CyberSecurity and IT Audit
Leighton is an information security and IT audit professional. In addition to his training role at CPE Interactive, he is CTO of ISFMT, a company focusing on computer security, forensics consulting and certification training, and cybersecurity. He is also the founder and CEO of Chimera Security, a research and development company focusing on cryptography, mobile technology, and cloud computing to create better and more secure solutions for today’s advanced users and providers.
He has over 40 years’ experience in computer security, cybersecurity, software development, communications equipment operations and maintenance, incident response, and forensic investigations. He has taught numerous cybersecurity, anti-terrorism, forensics, and risk management courses both domestically and internationally.
He previously was the Regional CIO and Senior Security Engineer for a large directorate within Lockheed Martin Information Systems and Global Solutions Company.
He is members of the CSA CloudSIRT Working Group developing the model for collaboration among cloud providers, CERT organizations, responders and users; the CSA Security-as-of-Service working group, and other cloud related working groups. He is a contributing author to the “Encyclopedia of Information Assurance”, and authored “Computer Incident Response and Forensics Team Management”, and “Security Controls Evaluation, Testing, And Assessment Handbook”.
past_events
Members - 29
Non-members - 12
Speakers - 1
Sponsors - 0