View Descriptor

None

None

ITIS 160 – Introduction to Information Systems Security (3)
ITIS 170 – Virtualization and Cloud Essentials (3)

1. Introduction to Cloud Computing
   1. Delivery models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)
   2. Cloud types (public, private, hybrid)
   3. Explaining the Jericho Cloud Cube Model
2. Security Challenges in the Cloud
   1. Introduction to the topic: Why is this hard?
   2. Virtualization and multi-tenancy
   3. Risk assessment for cloud migration
   4. Unique SaaS challenges and Cloud Access Security Brokers (CASBs)
3. Infrastructure Security in the Cloud
1. Patch and configuration management
2. Change management
3. Network and virtualization security
4. Application security for SaaS, PaaS, and IaaS
4. Policy and Governance for Cloud Computing
   1. Internal policy needs
   2. Contract requirements for security
   3. Service-level agreements
   4. Governance models for the cloud
5. Compliance and Legal Considerations
   1. Compliance challenges for the cloud
   2. Legal and geographic jurisdiction
   3. Privacy concerns
6. Disaster Recovery and Business Continuity Planning in the Cloud
7. Identity and Access Management (IAM)
   1. IAM architecture and relevance to the cloud
   2. Authentication and authorization standards
   3. Account management and provisioning
   4. Federation
8. Data Security in the Cloud
   1. Encryption types and availability
   2. Key management and encryption architectures
   3. Data/information lifecycle
   4. Retention
   5. Disposal
   6. Classification
9. Intrusion Detection and Incident Response
   1. Incident detection for different cloud models
   2. Managing Intrusion Detection System/Intrusion Prevention System (IDS/IPS) and alerting
   3. The event management feedback loop
10. Risk, Audit, and Assessment for the Cloud
    1. Risk management
    2. Auditing the cloud
    3. Remote
    4. Onsite
    5. CloudAudit A6
    6. Assessments for the cloud
    7. Penetration testing the cloud
    8. Internal assessments

At the conclusion of this course, the student should be able to:

1. Build a risk-based assessment program of cloud providers' controls
2. Understand the key areas to focus on in cloud contracts
3. Evaluate the various layers of cloud infrastructure
4. Adapt a disaster recovery and business continuity plan for cloud environments
5. Perform vulnerability assessments in a cloud environment
6. Integrate encryption and identity management services in a cloud environment
7. Improve your incident response and monitoring capabilities in the cloud

Evaluation will include hands-on projects and a combination of examinations, presentations, discussions, or problem-solving assignments.

• Winkler, V. (J.R.), Securing the Cloud: Cloud Computing Security Techniques and Tactics, by Syngress/Elsevier
• Carter, D., CCSP Certified Cloud Security Professional All-in-One Exam Guide