ORSYS formation
CONTACT - +352 26 49 79 1204
CONTACT - 📞 +352 26 49 79 1204    drapeau francais   drapeau anglais

Consult our trainings :

Cloud Computing Security Training

Seminar
Duration : 2 days
Ref : OUD
Price  2021 : Contact us
  • Program
  • Participants / Prerequisite
  • Intra/Tailored
Program

How can you ensure the security of information that's spread out in the cloud? This seminar gives a full overview of this critical issue for remote storage. Once it is complete, participants will have gained the essential knowledge to take the Cloud Security Alliance's CCSK certification test.

PROGRAM

Introduction to Cloud Computing security

  • Definition of Cloud Computing (NIST, Burton Group).
  • Major providers and main faults already observed.
  • SecaaS (Security as a Service).
  • The keys to a secure architecture in the Cloud.

Virtual environment security

  • How virtualization helps security.
  • Specific threats and vulnerabilities.
  • Three security integration models: Virtual DataCenter, Hardware Appliance and Virtual Appliance.
  • Virtualization-specific security solutions.

Secure network access to the Cloud

  • Vulnerabilities and issues in access security.
  • Native security in IP v4, IPsec and IP v6.
  • Protocols: PPTP, L2TP, IPsec and VPN SSL.
  • Access to Cloud via the secure Web (https).
  • Vulnerabilities of Cloud clients (PC, tablets, smartphones) and browsers.

Work of the Cloud Security Alliance (CSA)

  • Security Guidance for Critical Areas of Focus in Cloud Computing.
  • The thirteen areas of security. The seven main threats.
  • The GRC integrated suite.
  • CloudAudit, Cloud Controls Matrix, Consensus Assessments Initiative Questionnaire, Cloud Trust Protocol.
  • CCSK certification (Certificate of Cloud Security Knowledge).

Cloud Computing security according to ENISA

  • Cloud risk assessment and management using the ISO 27005 standard.
  • The thirty-five risks identified by ENISA. ENISA recommendations for government Cloud security.

NIST recommendations for security

  • Guidelines for security and confidentiality in public cloud computing.
  • Analysis of the NIST 800-144 and NIST 800-146 standards.

Testing Cloud security

  • What security label for suppliers: Cobit, ISO2700x, or ISO 15401 common criteria?
  • How do you audit security in the Cloud?
  • Cloud-oriented security testing tools (Metasploit & VASTO, openVAS, xStorm, etc.).

Legal aspects

  • Private cloud to public cloud: Legal consequences. Responsibilities of various players.
  • Regulatory compliance (PCI-DSS, CNIL, SOX...).
  • Precautions for writing a contract.
Participants / Prerequisite

» Participants

CIOs, CISOs, security managers, project managers, consultants, administrators.

» Prerequisite

Basic knowledge on computing is required.
Intra/Tailored

Contact Informations

By checking this box, I certify that I have read and accepted the conditions for the use of my data regarding the General Data Protection Regulation (GDPR).
You can at any time modify the use of your data and exercise your rights by sending an email to rgpd@orsys.fr
By checking this box, I agree to receive commercial and promotional communications from ORSYS Training*. You can unsubscribe at any time by using the link included in our communications.

Book your place

Submit your request

Time schedule

Generally, courses take place from 9:00 to 12:30 and from 14:00 to 17:30.
However, on the first day attendees are welcomed from 8:45, and there is a presentation of the session between 9:15 and 9:30.
The course itself begins at 9:30. For the 4- or 5-day hands-on courses, the sessions finish at 15:30 on the last day
linkedin orsys
twitter orsys
it! orsys
instagram orsys
pinterest orsys
facebook orsys
youtube orsys