Course Information

Cloud Computing is an integral part of the Texas State IT infrastructure. This seminar will provide you with an understanding of the cloud models, the security risks, differences between traditional IT Security and Cloud, and how to control it.

Upon completion of this course, participants will be able to:

• Identify Cloud environment and architecture

• Understand the security advantages and disadvantages

• Identify the top security risks

• Describe the common controls to secure the cloud

• Describe benefits and corresponding risks associated with each Cloud Computing model

• Identify issues to be included in the contract

• Address the Cloud CIAA (Confidentiality, Integrity, Availability and Accountability)

• Define the ongoing risk assessment process in a Cloud environment

Course Outline

Cloud Computing Background, Definition and Architecture

• Evolution to the Cloud Model

• Definition Cloud Essential Characteristics

• Cloud Service Models - IaaS

- PaaS

- SaaS

• Cloud Deployment Models - Public

- Private

- Hybrid

- Community

Security in the Cloud

• Common Myths and Misconceptions About Security in the Cloud

• Cloud Security vs. Traditional IT Security

• Security Benefits of Cloud Computing - Concentration of Resources

- Central Updates

- Intelligent Scaling of Resources

- Standardization of Technology

- Scaling

• Top Security Risk Areas (and Threats) with Cloud Computing – What to Look Out For - Technology Lock-in

- Governance and Control

- Compliance

- Data Protection

- Insider Threat

- Data Deletion

- Isolation Failure

Auditing the Cloud

• Audit Points for Cloud Computing - Data Governance

- Information Security

- Security Architecture

- Resiliency

- Operations Management

- Compliance

- Facility Security

- Interfaces with internal applications

- Contingency Planning

• Contract Requirements - SLA’s

- Termination

- Audit Rights

- Dispute Resolution

• Resources for Auditing the Cloud - Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ)

- CSA – Cloud Controls Matrix (CCM)

- NIST SP800-53 – Risk Management Guidance

- COBIT

- FedRAMP specifications

- ISO 27001/2

- Specific Industry Standards

- HIPPA

- PCI/PCI DSS

International Regulation

• Data Protection

• Difference in regulations

E-Discovery

• Maintain Legal Right

• Effective Resolution

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.