Home - Course Catalogue - Risk & Audit VMware vSphere & Cloud Based Services > AVC01-Risk Management & Auditing | VMware vSphere & Private Clouds

Microsoft Administration Microsoft Development Cisco ITIL® VMware Cloud Computing Risk & Audit VMware vSphere & Cloud Based Services Business Analysis Project Management CompTIA Java and Programming Security COBIT TOGAF Storage Area Networking Business Skills for IT Novell SAP UNIX

60% Off SCCM 2012, Hyper-V, & SQL 2012 Training The Microsoft Virtualization Challenge Register Online & Save Up To 15% Instantly Volume Pricing - Corporate Training Volume Pricing - Individual Training 25% Off for Microsoft Partners Microsoft Software Assurance

Talk to an Educational Consultant and get the answers you need.

By Phone
Ottawa: 613-798-5353
Toronto: 416-284-2700
Toll Free: 866-635-5353

Ask your question online

AVC01 - Risk Management & Auditing | VMware vSphere & Private Clouds

Summary

Auditing Vmware and Private Clouds Training Course in Ottawa and Toronto Duration: 3 days
Exam: Virtualization Audit Professional (VAP)
Delivery: Instructor led, case study driven, hands on exercises
CPE: Up to 21 CPE Credit Hours

Audiences: IT- Auditor, IT-Risk-/Security-/Security Governance-/Compliance- expert, IT Architect

Note: There is an optional 4th day that covers Cloud Based Services - please refer to course Risk Management & Auditing | VMware vSphere, Private Clouds & External Cloud Based Services

Course description

As organizations continue to deploy their virtualization programs or maybe even are preparing for Cloud Computing they do recognize inherent risk and compliance implications that are associated. This three day training examines what exactly those risks are for VMware’s vSphere environment, evaluates recommended controls that can be deployed to mitigate against them and how to audit virtualized segments of information systems and private clouds. Throughout the course industry standards, available guidelines and emerging initiatives are covered (SAS 70, ENISA, ISO, ISACA, NIST, PCI DSS 2.0, vSphere Hardening Guidelines, Cloud Security Alliance and more)

(a) Approach: Integrated

This course translates Virtual Information Systems Assurance to specific activities within IT- Risk & Compliance, IT- Control & IT- Audit. More importantly it also examines how these domains interconnect! The course stimulates interactive, case- study driven discussions between various disciplines like they would in the real world. They will hear and understand how each role approaches ‘Virtual & Cloud- specific’ risks and controls: Information security would want to learn about specific risks and how to address them through mitigating controls; IT- architects would be interested in designs that make use of VMware´s native controls; and the IT-auditors would be interested in how best to audit for the presence of these controls.

(b) Delivery: In- depth, hands on

This training takes in- depth virtualization expertise and delivers it in the Risk and Audit- language. The training takes a no-nonsense, case study driven and hands on approach; using mock virtualized information systems and their virtual assets. Students walk away from this training with practical skills that they obtained in an environment that is (or soon will be) very much similar to their own.

Intended Audiences & Objectives

IT Auditors will learn: How to create risk- directed audit projects for virtual environments and private clouds. How to correctly audit virtualized segments of VMware vSphere- based Information Systems and Private Cloud- specific controls.
IT- Risk- , IT- Compliance-, IT- Security- & Information Security Governance- experts will learn: Inherent risk and compliance concerns that are associated with the virtualization of enterprise components and bringing parts of the business into the private cloud. How to assess critical compliance requirements against VMware vSphere- based virtual information systems and
private clouds. How to identify specific vulnerabilities and threats. How to mitigate against them through detective, preventive and corrective mitigating controls.
• IT- Architects will learn: What auditors look for and how to design, develop and implement controls that auditors must investigate, see and prove. Typical best practice design configurations that address compliance & risk concerns and that will prevent expensive re-engineering. How to prove that the stated designs are actually are working and are assured.

Note 1) Prerequisites

This course is aimed at senior Audit, Risk and Technology professionals. Attendees that lack specific VMware- skills must have a solid background in IT- Audit, IT- Security, IT- Risk or IT- Compliance. Technology professionals must have experience in / operate at the Architect level. This training is not aimed at system administrators and does not cover penetration testing.

Note 2) CPE Credit

Continuing Professional Education refers to obligations that certified professionals have to maintain their credentials. This course builds on and adds value to existing standards and justifies CPE Credit claims. Consult the CPE Policy Statement that applies to the maintenance of your certification, e.g.
(-) ISACA CPE Requirements for CISA, CISM, CRISC (-) IIA CPE Statement for Certified Internal Auditor
(-) ISC2 Policy on Maintaining Credentials for CISSP (-) NOREA Guidelines for Permanent Education for RE, Register of qualified IT- Auditors

Module 01: Virtualization de- mystified

Examination Objectives Module 01: Understand essential, Risk- & Audit- relevant differences between virtual and traditional (physical) appliances, servers and networks. Know the various virtual infrastructure models & architectures and their basic Risk & Audit- specific considerations

Module 02: Information Systems Risks

Examination Objectives Module 02: Understand the Risk Management Framework for virtual environments. Know specific risks and critical compliance requirements for virtual infrastructure architectures and understand the proper interaction between Risk Management, IT Control and IT- auditing

Module 03 & Module 04: Risk Assessment & Risk Mitigation

01. How to identify specific vulnerabilities | Best practice techniques | Practical tools
02. How to identify specific threats
| Top 10 Threats Facing Virtual Infrastructures | Best practice techniques | Practical tools
03. Detective, preventive and corrective controls to be deployed in virtual environments
04. Typical best practice design configurations

Examination Objectives Module 03 & Module 04: Know how to identify specific vulnerabilities & threats and how to assess virtual environments against critical compliance requirements. Know recommended detective, preventive and corrective controls to be deployed in virtual environments. Know how to design, develop and implement controls that auditors must see, investigate and prove. Know typical best practice design configurations.

Module 05: Auditing VMware vSphere 4.x, 5.x & Private Clouds

01. Governing the Virtual Infrastructure
02. Metrics within the virtual infrastructure
| Designing metrics | Developing metrics | Monitoring Metrics | 3rd Party Tools
03. Auditing VMware vSphere 4.x, 5.x & Private Clouds

Examination Objectives Module 05: Understand IT- Governance for Virtual Infrastructures. Know how to design, develop and monitor metrics and how to confirm their presence and effectiveness via detective, preventive and corrective controls. Know how to audit virtualized segments of information systems & private clouds and how to obtain evidence to prove that the stated designs (Module 03- Risk Mitigation) are actually working and are assured.