Objectives
After completing this workshop, participants will be able to:
· Describe the building blocks necessary to develop cloud based systems, including concepts with regard to customer, provider, partner, measured services, scalability, virtualization, storage, and networking. Students will also be able to understand the cloud reference architecture based on activities defined by industry standard documents.
· Identify the types of controls necessary to administer various levels of confidentiality, integrity, and availability, with regard to securing data in the cloud. You will gain knowledge on topics of data discovery and classification techniques, digital rights management, privacy of data, data retention, deletion, and archiving, data event logging, chain of custody and non-repudiation, and the strategic use of security information and event management.
· Identify the virtual and physical components of the cloud infrastructure with regard to risk management analysis, including tools and techniques necessary for maintaining a secure cloud infrastructure. In addition to risk analysis, you will gain an understanding in how to prepare and maintain business continuity and disaster recovery plans, including techniques and concepts for identifying critical systems and lost data recovery.
· Demonstrate an understanding of the Software Development Life Cycle, you will gain an understanding in cloud software assurance and validation, utilizing secure software, and the controls necessary for developing secure cloud environments with regard to program interfaces, cloud application architecture, and how to ensure data and application integrity, confidentiality, and availability through identity and access management solutions.
· Demonstrate an ability to develop, plan, implement, run, and manage the physical and logical cloud infrastructure though an understanding of the necessary controls and resources, best practices in monitoring and auditing, and the importance of risk assessment in both the physical and logical cloud infrastructures.
· Identify privacy issues and audit processes utilized within a cloud environment, including, auditing controls, assurance issues, and the specific reporting attributes. Topics covered include, ethical behavior and required compliance within regulatory frameworks, which includes investigative techniques for crime analysis and evidence gathering methods.