Conducting cloud service provider IT security assessment

Overview

Delivery method

Virtual classroom

Duration

4 days

Audience

All SSC employees at all levels

Description

This course is designed based on the Canadian Centre for Cyber Security (Cyber Centre) Cloud Assessment Program methodology. In this course, you will gain the ability to assess Software as a Service (SaaS) vendors. This course will give you an in-depth understanding of how-to set up an assessment team, the overall methodology to conduct an assessment including evaluating controls, calculating residual risk, and creating IT security assessment reports. Information on the Cyber Centre Supply chain integrity program, the Public Services and Procurement Canada (PSPC) Contract security program and engaging with the Cyber Centre Cloud architecture oversight and verification team will also be presented.

Learning Objectives

Upon successful completion, the participants will be able to:

• Describe the Cyber Centre’s Cloud Assessment methodology and usage to assess Software as a Service (SaaS) vendors;

• Recall how to set up an assessment team including roles and responsibilities;

• Describe the role of the Cyber Centre Supply chain integrity program and the PSPC Contract security program;

• Explain the role of the Cyber Centre Oversight and Verification team.

Target Audience

The target audience of this course is professionals in IT roles, such as IT practitioners, architects and security analysts, project managers, and coordinators, who participate in the conduct of Security Assessment and Authorization (SA&A) assessments or the implementation of cloud service controls.

Prerequisite(s)

It is strongly recommended that participants have previous knowledge in cloud computing, IT security risk management, and threat risk assessments. This knowledge could be gained by attending course ITS202C - IT security risk management boot camp.