Post on 23-Jan-2018
Security and
Compliance Topics
Covered in
CloudMASTER Cloud
Computing Classes
Carvertc.com/cloudCarvertc.com/class-schedule
When implementing
cloud computing
solutions, an
understanding of cloud
security and compliance
issues, options, and
solutions is essential.
Cloud Security Topics Covered in
CloudMASTER Cloud Computing Classes
Classes cover how cloud
computing has security
threats just like
traditional networks.
Common threats
discussed in class
include:• Hacking
• Data Breaches
• Data Loss
• Traffic Hijacking
• Insecure Interfaces / APIs
• DDos Attacks
• Poor Planning
• Shared Technology Risks
Discontinued Services
Classes cover a defense in depth approach to implement layers of security to protect your cloud environment.
Security topics include:• Essential Security Practices
• Essential Security Tools
• FedRAMP Security Standards
Classes cover encryption to
protect the confidentiality
of data in the cloud.
Encryption topics include:• Encryption Types
• Encryption Strengths
• Encryption Options
Classes cover encryption
key management to
securely store, protect
and retrieve keys.
Key management topics
include:• Key Pairs
• Key Pair Scenarios
• Key Rotation
• Certificate Vendor Selection
Classes cover identity and Account Management (IAM) to provide single sign-on for users.
IAM topics include:• Authentication Requirements
• Multi-factor Authentication
• Federation for Single Sign On
• AWS IAM
• Third Party IAM Solutions
Classes cover secure
data in transit whether it
is internal, or in the
cloud.
Classes cover secure
data at rest whether it
is internal or in the
cloud.
Classes cover the
impact of security on
data portability.
Classes cover the
impact of data
movement on security.
Discontinued Services
Classes cover securing cloud applications as you would with any application.
Application security topics
include:• Cloud App Security Fundamentals
• Interface and API Security
• Secure App Administration
• Secure Shell (SSH) Configuration
• Securing Heroku Apps wtih
GitBash
Classes cover perimeter
security to keep your
network secure when
connecting to the cloud.
Perimeter security topics
include:• Firewall
• DDoS Detection and Mitigation
• Cloud Service Monitoring
• Third Party Services
Classes cover defining
a process for how to
respond to a security
event.
Event response topics
include:• Types of Security Events
• Impact of a Cloud Security
Breach
• Response Processes and Tools
Compliance Topics Covered in
CloudMASTER Cloud Computing Classes
HIPAA Health Insurance Portability and Accountability Act
Regulatory Requirements Defined
FERPA Federal Education Rights and Privacy Act
SCA Stored Communications Act
FCRA Fair Credit Reporting Act
COPPA Children’s Online Privacy Protection Act
SOX Sarbanes-Oxley Act
FISMA Federal Information Security Management Act
PCI DSS Payment Card Industry Data Security Standard
Classes cover who owns compliance responsibilities during an audit.
Yours
Providers
Classes cover key strategies to help ensure compliance.
Key strategies topics include:• Provider compliance vetting and
comparison
• Using hybrid cloud implementations for compliance
• Patriot Act impact on Cloud Providers and Services
Classes cover the tools and standards that help meet compliance.
Tools and standards topics include:• Compliance standards:
SSAE 16, ISAE 3402, and ISO 27001
• 3rd party compliance tools and services
• CloudAudit specification
Classes cover the questions you need to ask your providers that relate to compliance.
Common question topics include:
• Data location
• Data center security
• Tenant data isolation
• Security controls
• Auditing and logging
• Incident response
• Audit response
What are you waiting for?
Turn up your cloud
computing expertise!
Learn more about CloudMASTER:
https://carvertc.com/cloudmaster
See our class schedule & class
descriptions:
http://carvertc.com/class-schedule
Get 5% off your first CloudMASTER class, or
10% off for 3 or more attendees!
Connect with us on our Cloud Channels:
Cloud Blog: http://blog.carvertc.com/cloud
Class Schedule: http://carvertc.com/class-schedule