“Cloudy Skies” – Examining the Risks of Cloud Computing
Organizations now more than ever are feeling pressure to reduce IT costs and optimize IT operations. Cloud computing is rapidly growing, as it is a viable, cost-effective way to create dynamic, rapidly provisioned resources for a number of areas; including: development environments, operating platforms, applications, storage, etc. There are many security considerations that exist that compliance and information security professionals need to consider when evaluating the risks of cloud computing.
During this 1 day session we will explore:
a. Cloud Architecture – utilizing NIST architecture and materials
b. Cloud Threats, Vulnerabilities, and Exploits
c. Reviewing the SSAE 16 Auditor’s Report
d. Extending controls to the cloud `
e. Access Control and Key Management in the Cloud
What you will learn:
· Understand the benefits, risks and recommendations for Information Security in the Cloud and develop an information assurance framework that outlines vulnerabilities, liabilities and key legal issues
· Learn how to develop a cloud computing architectural framework and reference model
· Understand Governance and Enterprise Risk Management in the Cloud
· Identify legal issues and eDiscovery considerations
· Analyze compliance and auditor requirements
· Identify the phases of data security lifecycle and their key elements
· Understand encryption methods and review practical encryption use cases and key management practices and standards
· Summarize risk mitigation techniques
· Review Data Center Operations in a cloud environment
· Identify Incident Response, Notification, and Remediation
· Understand response trade-offs in Application Security
What you get
Workbook + CD containing the following:
· CSA’s eBook on Security Guidance for Critical Areas of Focus in Cloud computing V2.1
· ENISA eBook on Cloud Computing Security Risk Assessment
· Relevant white papers on Cloud Computing
· 8 CPE Credits
NIST Documentation on the Cloud:
· SP800-144 Guidelines on Security and Privacy in Public Cloud Computing
· SP800-145 The NIST Definition of Cloud Computing
· SP800-146 Cloud Computing Synopsis and Recommendations
About the Presenter
M. Scott Koger, CISSP, CRISC
Western Carolina University
Mr. M. Scott Koger currently serves as the ISSO (Information System Security Officer) for NOAA’s Comprehensive Large Array-data Stewardship System at the National Climatic Data Center in Asheville, North Carolina where he is responsible for information security and regulatory compliance. Prior to joining NOAA, Scott served as the Security Analyst for Western Carolina University in Cullowhee, North Carolina where he was responsible for operational network security, policy development and regulatory compliance with FERPA, GLBA, PCI-DSS and HIPAA.
Before joining WCU, Scott spent an eventful year with the Sewerage and Water Board of New Orleans as the Systems Development Project Lead during the disaster recovery and reconstitution efforts in the months following Hurricane Katrina. Previous to that he was an Information Technology Projects Consultant for the University of New Orleans. While at UNO he also served as an Adjunct Instructor for the department of Management. His research efforts include distance education; disaster recovery; network security and design; and regulatory compliance.
Mr. Koger has been an IP3 Instructor for the past 5 years. His work experience coupled with his teaching experience has made him one our top instructor’s.
Earn 8 CPE credits
Member price: $150
Non-member price: $175
Registration begins at 7:30 AM
Breakfast and snacks will be provided. Lunch on your own.