This six-module course provides insight for systems developers, analysts, and administrators who integrate cloud systems. Cloud architects and integrators often encounter challenges in extending the system boundary when infrastructure and capability is scaled. Although elasticity is a benefit of the cloud, the scalability requires due diligence in identifying the impact of these modifications. It is imperative for cloud architect teams to understand the impact of expanding systems boundaries and ensure security on a continuous basis.
Individuals who complete this course increase their understanding in cloud system architecture to identify challenges and gain insight on the various cloud deployment and cloud service models according to NIST’s definition in SP 800-145. The challenges and recommendations for managing the cloud architecture is an outcome in developing cloud architect and integrator knowledge.
SELF-PACED, 18 CPE CREDITS
You will learn:
- The white paper on challenging security concerns in the cloud is included in this training. This white paper identified the problematic issues addressed by government agencies in implementation.
- The lessons learned document aligns with integrator knowledge as a preventive in applying the best methodology in considering a cloud solution.
- Participants in this course are introduced to the risk management framework for assessing the level of risk in the chosen cloud system.
- Scenarios of the models and services provide the necessary use case studies for decision-makers in providing the best optimal outcome for integration and implementation of cloud systems. As the organizations add various components and cross-architectural clouds within the same organization, the system boundaries change, expand, retract, and require visibility. The course aligns with knowledge to identify changing system boundaries.
You will need:
- Participants in the course will require a basic understanding of the risk management framework as identified by NIST. Individuals who are system architects and system administrators are the targeted audience in this course for increasing abilities in system integration.
- Individuals who participate in this class will be directed to public URL sites to complete exercises in cloud integration based on published information. No system integration software is required for this class.
Your Instructor: Nancy M Landreville
Professor and CEO/CISO of NML Computer Consulting Co., LLC, Nancy M Landreville is a recognized leader in industry, military, government, and academia. Professor Landreville is frequently requested as a speaker, lecturer, workshop designer, curriculum designer, course developer, consultant in industry best practices, and author.
- Academy of Management
- International Academy of Management
- IEEE (editor and contributing author)
- ISACA (subject matter expert reviews)
- ISC2 (contributing editor)
- GovSec (subject matter expert)
- National Institute Science and Technology (NIST) (contributor, editor, speaker, consultant)
- Cap-Sci (author of Geothermal Energy implementation)
- Cloud Security Alliance (Canada) (speaker), plus Pen-Test magazine and book author on e-discovery.
She is one of the officers with the Academy of Management, Organizational Division where she serves as the newsletter editor. She was a presenter at VA’s Annual Security Conference on Cloud Computing. Professor Landreville has over a decade in providing consulting services for industry at a level comparable to a government SES; decades of combined military service with the Navy and Army; several decades of higher level government service in information technology; and eight years as a college professor in cybersecurity and information assurance. As a veteran and volunteer with “Bugles across America,” Professor Landreville sounds taps as a volunteer at veteran funerals and other occasions including Memorial and Veterans Day.
She has pursued two doctorates simultaneously from 2006 (Doctor of Management and PhD in Applied Management and Decision Science; two Master degrees (Technology Management and Master of Business Administration); two Bachelor degrees (Information Systems Management and Law); several information technology certificates and miscellaneous certifications while working full time and serving her country as a reservist.
Module 1: Security in the systems development lifecycle and compliance with ISO 27001
- Applying Control Objectives for information and related technology (COBIT)
- Sarbanes Oxley security control assessments
- Gramm-Leach Act
- Health Insurance Portability and Accountability Act (HIPAA)
- Data Protection Act
Exercise on ISO 27001 and regulatory authority
Module 2: Architecture of the cloud
- Identifying challenges in integration
- Determining risks in elasticity and scalability
- Extending system boundaries in the cloud
- Establishing ad hoc local policies for immediate remediation
- Configuration management
Exercise on cloud architecture
Module 3: Trusted computing
- Trust boundary for security perimeter
- Trust computing base
- Trusted platform
- Clark and Wilson Model
- Brewer and Nash Model
- Open web application security project (OWASP)
Exercise on trusted cloud modeling
Module 4: Security in the cloud
- Secure software coding for cloud systems
- Infrastructure security
- Platform security
- Security testing methodologies
Exercise on security and testing in the cloud
Module 5: Applied cloud forensics
- Evidence collection in the cloud
- Applying network forensics in the cloud
- Incident response protections in the cloud
- Managing cloud usage patterns
- Identifying security risks of the current cloud
- Establishing improvements in the future cloud
Exercise on applying cloud forensics
Module 6: Exam (25 multiple choice)