• Classroom
Course Description

We can argue that it is not a matter of whether cloud computing will become ubiquitous because the economic forces are inescapable but rather what can we do to assess enterprise governance, risk assessment and development of strong internal controls, in the implementation and management of ever increasing cloud computing environments.

This new training program will begin by first establishing the definition of cloud computing, then describing the various service delivery models of a cloud computing architecture, and the ways in which clouds can be deployed as public, private, hybrid, and community clouds, followed by a much deeper review of the security and privacy issues related to cloud computing environments.

We will examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure cloud computing. Using the confidentiality, integrity, and availability of data (CIA) model we will examine the threats and security implications to befall poorly established and maintained cloud computing environment. Audit approaches and methodologies for assessing internal control exposures within cloud computing environments will also be fully discussed and examined.

Learning Objectives

  • Discuss, with confidence, what is cloud computing and what are key security and control considerations within cloud computing environments.
  • Identify various cloud services.
  • Assess cloud characteristics and service attributes, for compliance with enterprise objectives.
  • Explain the four primary cloud category types.
  • Evaluate various cloud delivery models.
  • Contrast the risks and benefits of implementing cloud computing.
  • Specify security threat exposure within a cloud computing infrastructure.
  • Recognize steps and processes used to perform an audit assessment of a cloud computing environment.
  • Summarize specific environments that would benefit from implementing cloud computing, contrasted against those environments that might not benefit.
  • Weight the impact of improperly controlled cloud computing environments on organizational sustainability.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis


If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.