Home - Course Catalogue - Risk & Audit VMware vSphere & Cloud Based Services > AVC02-Risk Management & Auditing | VMware vSphere, Private Clouds & External Cloud Based Services

Microsoft Administration Microsoft Development Cisco ITIL® VMware Cloud Computing Risk & Audit VMware vSphere & Cloud Based Services Business Analysis Project Management CompTIA Java and Programming Security COBIT TOGAF Storage Area Networking Business Skills for IT Novell SAP UNIX

60% Off SCCM 2012, Hyper-V, & SQL 2012 Training The Microsoft Virtualization Challenge Register Online & Save Up To 15% Instantly Volume Pricing - Corporate Training Volume Pricing - Individual Training 25% Off for Microsoft Partners Microsoft Software Assurance

Talk to an Educational Consultant and get the answers you need.

By Phone
Ottawa: 613-798-5353
Toronto: 416-284-2700
Toll Free: 866-635-5353

Ask your question online

AVC02 - Risk Management & Auditing | VMware vSphere, Private Clouds & External Cloud Based Services

Summary

Auditing Vmware and Private Clouds Training Course in Ottawa and Toronto Duration: 4 days
Exam: Virtualization & Cloud Computing Audit Professional
Delivery: Instructor led, case study driven, hands on exercises
CPE: Up to 28 CPE Credit Hours

Audiences: IT- Auditor, IT-Risk-/Security-/Security Governance-/Compliance- expert, IT Architect

Note: There is also a three (3) day training that covers only VMware vSphere & Private Clouds. Please refer to course Risk Management & Auditing | VMware vSphere & Private Clouds

Course description

Virtualization and Cloud Computing are ranked the CIO’s top 2 technology priorities, according to Gartner’s survey amongst 2.000 CIO’s. While delivering on agility requested by business, they recognize the inherent risk and compliance concerns that are associated with emerging technologies and regulatory requirements. This training examines what exactly those risks are; evaluates mitigating controls and how to properly create and execute a risk- directed IT- Audit project for Virtual Environments and Cloud Based Services.

(a) Approach: Integrated

This course translates Virtual Information System- & Cloud Services- Assurance to specific activities within IT- Risk & Compliance, IT- Control & IT- Audit. More importantly it also examines how these domains interconnect! The course stimulates interactive, case- study driven discussions between various disciplines like they would in the real world. They will hear and understand how each role approaches ‘Virtual & Cloudspecific’ risks and controls. Information security would want to learn about specific risks and how to address them thru mitigating controls; IT- architects would be interested in designs that make use of native controls; and the IT-auditors would be interested in how best to audit for the presence of these controls.

(b) Delivery: In- depth, hands on

This training takes in- depth virtualization & cloud expertise and delivers it in the Risk and Audit- language. The training takes a no-nonsense, case study driven and hands on approach; using mock virtualized information systems and their virtual assets. Students walk away from this training with practical skills that they obtained in an environment that is (or soon will be) very much similar to their own.

Intended Audiences & Objectives

IT Auditors will learn: How to create risk- directed audit projects for virtual environments and Cloud- based services. How to correctly audit virtualized segments of information systems and audit for Cloud- Governance & Cloud- operations- specific Controls.
IT- Risk- , IT- Compliance-, IT- Security- & Information Security Governance- experts will learn: Inherent risk and compliance concerns that are associated with the virtualization of enterprise components and bringing parts of the business into the cloud. How to assess critical compliance requirements against virtual infrastructures and cloud services. How to identify specific vulnerabilities and threats. How to mitigate against them thru detective, preventive and corrective mitigating controls.
IT- Architects will learn: What auditors look for and how to design, develop and implement controls that auditors must investigate, see and prove. Typical best practice design configurations that address compliance & risk concerns and that will prevent expensive re-engineering. How to prove that the stated designs are actually are working and are assured.

Note 1) Prerequisites

This course is aimed at senior Audit, Risk and Technology professionals. Attendees that lack VMware- Cloud- skills must have a solid background in IT- Audit, IT- Security, IT- Risk or IT- Compliance. Technology professionals must have experience in / operate at the Architect level. This training is not aimed at system administrators and does not cover penetration testing.

Note 2) CPE Credit

Continuing Professional Education refers to obligations that certified professionals have to maintain their credentials. This course builds on and adds value to existing standards and justifies CPE Credit claims. Consult the CPE Policy Statement that applies to the maintenance of your certification, e.g.
(-) ISACA CPE Requirements for CISA, CISM, CRISC (-) IIA CPE Statement for Certified Internal Auditor
(-) ISC2 Policy on Maintaining Credentials for CISSP (-) NOREA Guidelines for Permanent Education for RE, Register of qualified IT- Auditors

(1) DAY 1 TILL 3: Virtualization Audit Professional

Module 01: Virtualization de- mystified

01. Virtualization Overview
ı Benefits ı Reasons to virtualize ı Balance between Risk & Business Opportunity
02. What is virtualized?
ı Software appliances ı Operating Systems ı Infrastructure ı Desktops ı Servers ı Storage ı Network Devices
03. Virtual Infrastructure Models
ı Software-, Infrastructure-, Platform- & Desktop ‘as-a-service’
04. Virtual Infrastructure Architectures
ı Virtual Machines ı -Hosts ı -Clusters ı -Networking ı -Storage ı -Private/Public/Hybrid Clouds

Examination Objectives Module 01: Understand essential, Risk- & Audit- relevant differences between virtual and traditional (physical) appliances, servers and networks. Know the various virtual infrastructure models & architectures and their basic Risk & Audit- specific considerations.

Module 02: Information Systems Risks

01. A 7- Step Risk Management Framework for Virtual Environments
02. Migrating to and Operating Virtual Infrastructures: Identified & emerging Risks for:
ı Virtual Machines ı -Hosts ı -Clusters ı -Networking ı -Storage ı -Private Clouds

Examination Objectives Module 02: Understand the Risk Management Framework for virtual environments. Know specific risks and critical compliance requirements for virtual infrastructure architectures and understand the proper interaction between Risk Management, IT Control and IT- auditing.

Module 03 & Module 04: Risk Assessment & Risk Mitigation

01. How to identify specific vulnerabilities ı Best practice techniques ı Practical tools
02. How to identify specific threats
ı Top 10 Threats Facing Virtual Infrastructures ı Best practice techniques ı Practical tools
03. Detective, preventive and corrective controls to be deployed in virtual environments
04. Typical best practice design configurations

Examination Objectives Module 03 & Module 04: Know how to identify specific vulnerabilities & threats and how to assess virtual environments against critical compliance requirements. Know recommended detective, preventive and corrective controls to be deployed in virtual environments. Know how to design, develop and implement controls that auditors must see, investigate and prove. Know typical best practice design configurations.

Module 05: Auditing VMware vSphere 4.x, 5.x & Private Clouds

01. Governing the Virtual Infrastructure
02. Metrics within the virtual infrastructure
ı Designing metrics ı Developing metrics ı Monitoring Metrics ı 3rd Party Tools
03. Auditing VMware vSphere 4.x, 5.x & Private Clouds

Examination Objectives Module 05: Understand IT- Governance for Virtual Infrastructures. Know how to design, develop and monitor metrics and how to confirm their presence and effectiveness via detective, preventive and corrective controls. Know how to audit virtualized segments of information systems & private clouds and how to obtain evidence to prove that the stated designs (Module 03- Risk Mitigation) are actually working and are assured.

(2) Day 1 till 4: Virtualization & Cloud Computing Audit Professional

Module 01 till Module 04: Virtualization Audit Professional

Module 05: Planning & Scoping External/Public/Hybrid Cloud Computing Audit Assignments

01. Defining Audit Objectives:
ı Compliance Objectives ı Substantive Objectives
02. Defining the Audit Scope
03. Defining Risks
ı Cloud Computing process-specific inherent risk ı Audit process-specific inherent risk ı Sampling Risk
ı Evidentiary Risk
04. Defining the (skill set for the) Audit- team

Examination Objectives Module 05: Know how to correctly perform Planning & Scoping for External/Public/Hybrid Cloud Computing Audit Assignments

Module 06: Cloud Governance: Risks, Critical Compliance Requirements & Controls

01. Cloud Governance
ı Key Concepts ı IT- Governance in the context of Information Governance ı Metrics and SLAs
02. Risk Management
ı Governance Risks affecting External Clouds ı Ways to mitigate Cloud Governance specific Risks

Examination Objectives Module 06: Understand Cloud Governance Models & typical policies for managing Cloud Services. Understand Metrics and Service Level Agreements for Cloud Based Services. Know how to identify Cloud Governance- specific Risks. Know mitigating controls and how to deploy them.

Module 07: Cloud Governance: Auditing for Cloud Governance-specific Controls

01. Information Security Collaboration between Service Provider and Client
ı Risk Management Collaboration ı Risk Management Framework ı Risk Management Maturity Model
ı Collaborative Controls
02. Service Providers Audit & Assurance Procedures
03. Service Providers Information Security Operations Alignment with Clients Requirements
04. Clients Information Security Operations Alignment with Compliance- and/or Substantive based Claims

Examination Objectives Module 07: Know how to design, develop and monitor metrics and how to confirm their presence and effectiveness via detective, preventive and corrective controls. Know how to audit for Cloud Governance- specific Controls and how to obtain evidence to prove that the stated designs (see Risk Mitigation) are actually working and are assured.

Module 08: Cloud Operations: Risk, Critical Compliance Requirements & Controls

01. Cloud Operations
ı key concepts ı Risk Management-, IT- Control- & IT- Audit- considerations
02. Risks & Critical Compliance
ı Critical compliance requirements ı Cloud Operations / Cloud Architecture specific Risks
03. Mitigating Controls

Examination Objectives Module 08: Understand how Risk Management, IT Control & IT Audit change with parts of the business brought into the Cloud. Know how to assess Cloud Operations against critical compliance requirements. Understand Cloud Operations / Cloud Architecture specific Risks and know how to identify Vulnerabilities and Threats. Know mitigating controls and how to deploy them.

Module 09: Cloud Operations: Auditing for Cloud Operations

01. Incident Response, Notification, Remediation
02. Incident Response Process
ı Incident Response Process for Service Provider ı Incident Response Process for Client
03. Application Security Architecture
04. Configuration Management & Provisioning
05. Data Security
ı Data at Rest versus Data in Transit ı Confidentiality ı Integrity ı Availability ı Encryption ı Key Management
06. Access Control via Identity Management
ı Identity provisioning ı Authentication

Examination Objectives Module 09: Know how to design, develop and monitor metrics and how to confirm their presence and effectiveness via detective, preventive and corrective controls. Know how to audit for Cloud Operations- specific Controls and how to obtain evidence to prove that the stated designs (see Risk Mitigation) are actually working and are assured.