Skip to main content

Auditing Cloud Computing Security

Back to Course Schedule
Date(s): Feb 26, 2018 - Feb 27, 2018
Time: 8:30AM - 5:00PM
Registration Fee: $369.00
Cancellation Date: Feb 16, 2018
City: Austin

Course Description

Cloud Computing is an integral part of the Texas State IT infrastructure. This seminar will provide you with an understanding of the cloud models, the security risks, differences between traditional IT Security and Cloud, and how to control it.

Potential CPE Credits: 16.0
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Classroom
Experience Level: INTERMEDIATE
Category: Auditing

Course Objectives

Upon completion of this course, participants will be able to:

Identify Cloud environment and architecture

Understand the security advantages and disadvantages

Identify the top security risks

Describe the common controls to secure the cloud

Describe benefits and corresponding risks associated with each Cloud Computing model

• Identify issues to be included in the contract

• Address the Cloud CIAA (Confidentiality, Integrity, Availability and Accountability)

• Define the ongoing risk assessment process in a Cloud environment


Course Outline

Cloud Computing Background, Definition and Architecture

• Evolution to the Cloud Model

• Definition Cloud Essential Characteristics

• Cloud Service Models - IaaS

- PaaS

- SaaS

• Cloud Deployment Models - Public

- Private

- Hybrid

- Community


Security in the Cloud

• Common Myths and Misconceptions About Security in the Cloud

• Cloud Security vs. Traditional IT Security

• Security Benefits of Cloud Computing - Concentration of Resources

- Central Updates

- Intelligent Scaling of Resources

- Standardization of Technology

- Scaling

• Top Security Risk Areas (and Threats) with Cloud Computing – What to Look Out For - Technology Lock-in

- Governance and Control

- Compliance

- Data Protection

- Insider Threat

- Data Deletion

- Isolation Failure


Auditing the Cloud

• Audit Points for Cloud Computing - Data Governance

- Information Security

- Security Architecture

- Resiliency

- Operations Management

- Compliance

- Facility Security

- Interfaces with internal applications

- Contingency Planning

• Contract Requirements - SLA’s

- Termination

- Audit Rights

- Dispute Resolution

• Resources for Auditing the Cloud - Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ)

- CSA – Cloud Controls Matrix (CCM)

- NIST SP800-53 – Risk Management Guidance


- FedRAMP specifications

- ISO 27001/2

- Specific Industry Standards




International Regulation

• Data Protection

• Difference in regulations



• Maintain Legal Right

• Effective Resolution


A general understanding of IT processes, business and accounting applications and IT outsourcing processes is preferred.


Michael Woodson

Michael Woodson, CISM, CI|CISO is Senior Fellow in Information Security with CPE Interactive. Michael is an IT information security professional withover 30 years' experience. He is a leader as a consultant and trainer in managing, evaluating and advising in the areas of technology risk and information security.

Michael's specialty is a combination of IT and cybersecurity, forensics and risk management. He has served as a lecturer at Northeastern University, Endicott College and Cambridge College. He is Certified in Information Security Management and Certified Chief Information Security Officer.

He received his bachelor of science degree from the University of Massachusetts and Masters Degrees from Boston University and Utica College of Syracuse University.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit

Back to Course Schedule