In depth virtualization & cloud expertise, delivered in the IT Audit & Risk Language'Understand the essential "under-the-hood" differences between virtual and traditional (physical) appliances, servers and networks and how they affect standard information system audit techniques and tools. Learn about inherent risk that is associated with the virtualization of enterprise components and cloud based services. Identify vulnerabilities & threats. Design, develop and implement mitigating controlsAppreciation beyond what you can readWhile organizations are embracing Virtualization and Cloud Services, the uncertainty and concerns surrounding risk and compliance impact remains. How does IT deliver on the agility requested by business, whilst ensuring the provision of this agility is not detrimental to their enterprise's risk posture? Are current policies kept being reinforced? How to prove that data is handled securely, while cloud service providers maintain their 'black box' as this is exactly where their IP rests? There are a lot of questions and only a handful of guidelines available. Those guidelines all start by warning its readers to not attempt to use them as they would lack the necessary skills to perform these tasks.This course slices through the hyperbole, takes in- depth virtualization & cloud expertise and delivers it in the IT- Audit & Risk language. The training opens the deep Risk- and Audit- specific aspects of virtual infrastructures & cloud services and tests them against existing & emerging guidelines, industry standards, techniques and tools. The course approaches Virtual Assurance from different angles and takes a case study and hands on driven approach, using mock virtualized and 'cloudified' information systems and virtual assets in a data center,.Training includes/ covers:-Official Courseware (500+ pages)-Detailed Lab Manuals with over 40 exercises that have been created on an actual data center-SAS 70, ENISA, ISO, ISACA, NIST, PCI DSS, vSphere 4.1 Hardening Guidelines, Cloud Security Alliance-The 3 day training prepares for the Virtualization Audit Professional examAfter this training:Students understand the essential differences between virtual and traditional environments and how they affect standard information system audit techniques and tools. They have deep appreciation of inherent risk that is associated with the virtualization of enterprise components; are able to identify specific vulnerabilities & threats and design, develop and implement controls. They can create risk- directed audit projects and audit virtualized segments of information systems.Exams:Students that only take the three (3) day training on VMware vSphere 4.x & Private Clouds are prepared to take the Virtualization Audit Professional exam which contains fifty (50) questions. The passing rate is 75% and students have one (1) hour to finish their test. The test for students that attend the 4 day training (Virtualization & Cloud Computing Audit Professional) covers 60 questions. The passing rate for this exam is 75% overall and 75% of the Cloud related questions. Students have 75 minutes to finish their test.Standards, Audit Initiatives & Models Covered:(-) SAS 70 (-) ENISA (-) ISO 27001(-) ISACA VMware Audit Guidelines (-) NIST (-) CSA(-) PCI DSS 2.0 (-) vSphere 4.1 Hardening Guidelines(-) Cloud Security Alliance Guidelines(-) ISACA's Cloud Computing Management Audit/ Assurance Program
There are no prerequisites required for this course.
3 Days/Lecture & Lab
This course is designed for IT Auditor, IT Risk Manager, IT Compliance Officer, Information Security & IT Architects.
- Virtualization Overview
- Virtual Infrastructure Models
- Virtual Infrastructure Architectures
- Information System Risks
- Risk Assessment & Risk Mitigation