Description

4 credit/unit hours – Four hours of lecture weekly; one term

This course introduces the learner to the fundamental concepts of cloud security: cloud policy and governance for security professionals; technical security principles and controls for cloud delivery types (e.g., SaaS, PaaS, and IaaS); cloud architecture and security design; vulnerability management; penetration testing; incident handling, forensics, event management; application security; SecDevOps; and automation.

Learning Objectives

Upon completion of this course the learner will be able to:

  • Describe the fundamentals of cloud security;
  • Explain and implement various core security controls for cloud computing;
  • Discuss and design secure cloud architectures;
  • Describe threats to cloud computing environments; and
  • Discuss security as it relates to cloud computing (e.g., Vulnerability Management, Penetration Testing, Intrusion Detection, Incident Response, Event Management, Forensics, automation, orchestration)

Main Topics

1.0 Cloud Security Foundations

  • Introduction to the Cloud and Cloud Security Basics
  • Cloud Security Alliance Guidance
  • Cloud Policy and Planning
  • Software-as-a-Service (SaaS) Security
  • Cloud Access Security Brokers (CASBs)
  • Intro to Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (Iaas) Security Controls

2.0 Core Security Controls for Cloud Computing

  • Cloud Security: In-House vs. Cloud
  • Virtualization Security Primer
  • Cloud Network Security
  • Instance and Image Security
  • Identity and Access Management (IAM)
  • Data Security for the Cloud
  • Application Security for the Cloud
  • Provider Security: Cloud Risk Assessment

3.0  Cloud Security Architecture and Design

  • Cloud Security Architecture Overview
  • Cloud Architecture and Security Principles
  • Infrastructure and Core Component Security
  • Access Controls and Compartmentalization
  • Confidentiality and Data ProtectionAvailability

4.0  Cloud Security

  • Threats to Cloud Computing
  • Vulnerability Management in the Cloud
  • Cloud Penetration Testing
  • Intrusion Detection in the Cloud
  • Cloud Incident Response and Event Management
  • Cloud Forensics

5.0  Cloud Security Automation and Orchestration

  • Scripting and Automation in the Cloud
  • SecDevOps Principles
  • Creating Secure Cloud Workflows
  • Building Automated Event Management
  • Building Automated Defensive Strategies
  • Tools and Tactics