Cloud Security
- Codice corso: SEC_Cloude
- Durata corso: 5gg
INTRODUCTION
This course provides theoretical knowledge and skills (there are no Laboratory activities) in the Cloud Security field.
The contents of the course include the presentation of the elements at the base of preparation, implementation, maintenance, monitoring and improvement of Security attitude in the cloud context.
The teaching activity includes the review of changes that the Cloud imposes on governance, risk and compliance processes. The risks characteristic of the Cloud are illustrated. and also the Cloud Audit techniques are evaluated
OBJECTIVITIES
This course provides theoretical knowledge and skills (there is no Laboratory activity) in the field of Cloud Security
REQUIREMENTS
Information Security, Cyber Security, Cloud, Auditing knowledge
CONTENTS
The contents of the course include the presentation of the elements at the base of preparation, implementation, maintenance, monitoring and improvement of Security attitude in the cloud context.
Cloud Computing Overview
- IaaS, Pass, Saas
- Public, Private, Hybrid
Governance
- Compliance and Audit
- Legal, Contracts and Electronic Discovery
Information Governance
- Multitenancy
- Shared security responsibility (Ownership, Custodianship)
- Data Security Lifecycle
Management Plane and Business Continuity
- Web Console
- API
- Disaster Recovery
Infrastructure Security
- Resource Pooling
- Workload
- Logging
- Management
Virtualization & Container
- Compute
- Storage
- Network
- Container
Incident Response
- Incident Response Lifecycle
- Cloud and Incident Response
Application Security
- Secure Software Development Lifecycle
- Design and Architecture
- DevOps and Continuous Integration/Continuous Deployment (CI/CD)
Data Security
- Controlling
- Protecting and managing
- Information lifecycle management security
Identity and Access Management
- Entity
- Identity
- Role,
- Authentication
- Multifactor Authentication
- Authorization
- Entitlement
Cloud Threat Analysis & Assessment
- Post-incident analysis to assemble, identify and classify the essential
- components of an incident
- Attack details—Threat actors, threats, vulnerabilities
- Technical impacts—Confidentiality, integrity and availability
- Business impacts—Financial, operational, compliance and reputational impacts
- Controls—Preventive, detective, corrective controls
Cloud Risk Management
- Changes in Risk Management
- Top Threats
CCM & CAIQ
- Cloud Controls Matrix (CCM) control framework to managing risk in the cloud.
- CCM Domain
- Consensus Assessment Initiative Questionnaire (CAIQ)
- A set of questions to check security posture
- STAR
- Security, Trust and Assurance Risk a governance, risk and compliance program
Continuous Assurance & Compliance, Audit and Continuous Audit
- Assessment
- Assurance
- Compliance
- Cloud-native app and impact on cloud assessment and auditing
