Advanced Cloud Security Governance Training

• Module 1: Cloud Computing Concepts & Architecture
  • Cloud Computing Overview
  • Essential characteristics, benefits, and challenges
  • Abstraction & Orchestration
  • Cloud Service Models: IaaS, PaaS & SaaS
  • Deployment Models: Public, Private, Hybrid & Community
  • CSA Enterprise Architecture Model
  • Cloud Security Overview
  • Shared Security Responsibility Model
  • Scope, Responsibilities & Models
  • Threat landscape and new attack vectors in the cloud
• Module 2: Introduction to Cloud Security Governance
  • Understanding cloud security governance
  • Complexities in Cloud Security Governance
  • Leveraging key tools for governance in the cloud & Shared Security Responsibility Model
  • Building & Integrating an effective cloud governance strategy
  • Analyzing cloud-specific threats and attack vectors
  • Case Study: Capital One Data Breach and its Timeline
• Module 3: Cloud Risk Assessment and Management
  • Identifying cloud-specific risks and threats
  • Risk assessment methodologies for cloud environments
  • Developing risk management strategies
  • Cloud risk monitoring and continuous improvement
  • Case Study: Conducting a Cloud Risk Assessment & Creating a Sample Risk Assessment Report
  • CSA Enterprise Architecture Model
• Module 4: Cloud Compliance & Audit
  • Cloud Compliance Program Overview
  • Design & Build a Cloud Compliance Program
  • Cloud-Relevant Laws & Regulations Examples
  • Implementing compliance controls in cloud environments
  • Compliance Inheritance
  • Artifacts of Compliance
  • Defining controls and evaluating effectiveness
  • Audit characteristics, principles, and criteria in Cloud
  • Auditing and reporting in the cloud
  • Auditing standards for cloud computing
  • Case Study: Enabling PCI DSS Compliance on AWS
• Module 5: Organization Management
  • Organization Hierarchy Models
  • Managing Organization-Level Security Within a Provider
  • Considerations for Hybrid & Multi-Cloud Deployments
• Module 6: Identity and Access Management (IAM) & Zero Trust in the Cloud
  • Principles of IAM in cloud environments
  • Federation, Single sign-on (SSO), and multi-factor authentication (MFA) in the cloud
  • Zero Trust Model (ZTMF)
  • Architecting for zero trust
  • LABS
    • Securing AWS Root User Accounts
    • Creating Users & Configuring IAM Policies
    • Conditional Access
    • AWS Roles & STS
  • Case Study: Best Practices & Baselining Identity & Access Management in AWS
• Module 7: Cloud Data Security and Encryption
  • Primer on Cloud Storage
  • Data Security Tools & Techniques
  • Building a proper data classification program for the cloud
  • Data dispersion and resiliency
  • Data Encryption and Key Management best practices
  • Data retention, deletion, and archiving policies for cloud
  • Data Sovereignty & Legal hold challenges and preparation
  • LABS
    • Configuring EBS Volume
    • Encrypting an EBS Volume & Snapshot
    • AWS KMS Key Management
  • Scenario Discussion: Data encryption strategies, 3rd party integration, and practical architecture
• Module 8: Cloud Infrastructure & Networking
  • Securing virtual networks in the cloud
  • Network segmentation and isolation strategies
  • Application and network-level firewalls for cloud environments
  • Attack distribution and DDoS protection in the cloud
  • Zero Trust for Cloud Infrastructure & Networks
  • Secure Access Service Edge (SASE)
  • LABS
    • Configure Virtual Private Network (VPC) on AWS
    • Configuring Security Groups & NACLs
    • Understanding Route Tables
    • AWS Inspector Overview
• Module 9: Cloud Workload Security
  • Types of Cloud Workloads
  • Impact on Workload Security Controls
  • Securing Virtual Machines
  • Securing Containers
  • Securing Serverless and Function as a Service
  • Securing AI Workloads
  • AI-System Threats
  • AI Risk Mitigation and Shared Responsibilities
• Module 10: Security Monitoring
  • Cloud Monitoring
  • Beyond Logs – Posture Management
  • Cloud Telemetry Sources
  • Collection Architectures
  • AI for Security Monitoring
  • LABS
    • Configure Baseline Security Monitoring
    • Configure CloudTrail Logs
    • Alerting using EventBridge & SNS
    • Open Source CSPM Tool
• Module 11: Application Security
  • Secure Development Lifecycle
  • Architecture’s Role in Secure Cloud Applications
  • Identity & Access Management and Application Security
  • DevOps & DevSecOps
  • Microservices
• Module 12: Incident Response and Cloud Forensics
  • Incident Response Lifecycle
  • Preparation
  • Detection & Analysis
  • Containment, Eradication, & Recovery
  • Post Incident Analysis
  • Developing a cloud-specific incident response plan
  • Investigating security incidents in the cloud
  • Digital forensics challenges and best practices in cloud environments
  • Scenario Discussion: Creating an Incident Response Runbook
• Module 13: Cloud Security Assurance and Assessment
  • Cloud security assessment methodologies
  • Security controls testing and validation in the cloud.
  • Cloud security certifications and their significance
  • CCM and CAIQ
  • CCM Domains & Controls
  • Architecture Relevance
  • Mapping standards and frameworks
  • Scenario Discussion: Creating an assessment report on Cloud-based on CCM & CAIQ
• Module 14: Cost Management and Security
  • Understanding the cost implications of security decisions
  • Budgeting for cloud and cloud security initiatives
  • Cost optimization without compromising security
  • Cost-benefit analysis and return on investment for Cloud services
• Module 15: Security Trust Assurance and Risk (STAR) Program
  • CSA STAR Program
  • Security & Privacy Implications of STAR
  • STAR Program Components
  • STAR Levels

This training is ideal for:

• Information Security Professionals
• Cloud Security/Architects
• Enterprise Risk Management Professionals
• Cloud Managers
• GRC Professionals
• Enterprise Security Architects
• IT & Security Leaders
• Security Architects & Engineers
• Consultants & Auditors

• Basic understanding of cloud computing and security concepts.
• Some experience in information security or risk management is beneficial but not mandatory.

Upon successful completion of the training, participants will be able to:

• Master the fundamentals of cloud security and risk assessment methodologies.
• Implement compliance controls and audit principles within cloud environments.
• Designed and managed robust Identity and Access Management (IAM) solutions for the cloud.
• Develop comprehensive data security and encryption strategies to safeguard sensitive information.
• Secure cloud networks through network segmentation and advanced architectural designs.
• Prepare for incident response and conduct cloud forensics during security breaches.
• Evaluate cloud security using established methodologies and achieve recognized certifications.
• Make informed budgeting decisions while maintaining high-security standards.
• Navigate legal frameworks, contracts, and electronic discovery specific to cloud settings.
• Understand the significance of the CSA STAR Program for cloud security and its application.