Course 126: Conducting cloud service provider IT security assessment

Description

This course is designed based on the Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. (Cyber Centre) Cloud Assessment Program methodology. In this course, you will gain the ability to assess Software as a Service (SaaS) vendors. This course will give you an in-depth understanding of how-to set up an assessment team, the overall methodology to conduct an assessment including evaluating controls, calculating residual risk Residual riskThe likelihood and impact of a threat that remains after security controls are implemented. , and creating IT security assessment reports. Information on the Cyber Centre Supply chain integrity IntegrityThe ability to protect information from being modified or deleted unintentionally or when it’s not supposed to be. Integrity helps determine that information is what it claims to be. Integrity also applies to business processes, software application logic, hardware, and personnel. program, the Public Services and Procurement Canada (PSPC) Contract security program and engaging with the Cyber Centre Cloud architecture oversight and verification team will also be presented.

Objectives

Upon successful completion, the participants will be able to:

  • describe the Cyber Centre’s Cloud Assessment methodology and usage to assess Software as a Service (SaaS) vendors
  • recall how to set up an assessment team including roles and responsibilities
  • describe the role of the Cyber Centre Supply chain integrity program and the PSPC Contract security program
  • explain the role of the Cyber Centre Oversight and Verification team

Target audience

The target audience of this course is professionals in IT roles, such as IT practitioners, architects and security analysts, project managers, and coordinators, who participate in the conduct of Security Assessment and Authorization AuthorizationAccess privileges granted to a user, program, or process. (SA&A) assessments or the implementation of cloud service controls.

Prerequisites

It is strongly recommended that participants have previous knowledge in cloud computing Cloud computingThe use of remote servers hosted on the Internet. Cloud computing allows users to access a shared pool of computing resources (such as networks, servers, applications, or services) on demand and from anywhere. Users access these resources via a computer network instead of storing and maintaining all resources on their local computer. , IT security risk management, and threat risk assessments. This knowledge could be gained by attending course 910 - IT security risk management boot camp.

Date modified: