NCI Courses

• Explore cloud computing architecture: cloud computing definition, essential characteristics, service models, deployment models. • Investigate and critically assess the concept of Multi-tenancy. • Analyse and assess the levels of Security Control for SPI Model. • Analyse and assess the security benefits of cloud computing.

• Investigate the Security Fundamentals (i.e. CIA Security Triad, Defence in Depth, AAAs of Security, Non-repudiation, Least privilege, Separation of Duties, Due Diligence, Due Care). • Compare and contrast various threat models (STRIDE Threat model; OWASP Threat Risk modelling). • Identify and investigate Top Security Risks (i.e. Loss of Governance, Lock-in, Isolation Failure, Compliance Risks, Management Interface Compromise, Data Protection, Insecure or incomplete data deletion, Malicious insider). • Evaluate the security benefits of cloud computing. • Investigate CSA STAR initiative, STAR Self-Assessment.

• Assess IaaS Security Concerns. • Explore the concept of Virtualization. • Analyse and assess Hypervisor Architecture Concerns. • Assess the challenges associated with protecting data in IaaS (i.e. Information Architectures for IaaS, IaaS Encryption). • Investigate portability and Interoperability in IaaS; IaaS Lock-in. Appraise security in cloud environments with multi-tenancy at an Infrastructure level and testing in IaaS. • Assess the challenges associated with protecting applications in IaaS. • Explore how applications can be monitored in IaaS.

• Assess the challenges associated with protecting data in PaaS (i.e. Information Architectures for PaaS, PaaS Encryption). • Investigate portability and Interoperability in PaaS; PaaS Lock-in. • Appraise security in cloud environments with multi-tenancy at a Platform level and testing in PaaS. • Assess the challenges associated with protecting applications in PaaS. • Explore how applications can be monitored in PaaS.

• Assess the challenges associated with protecting data in SaaS (i.e. Information Architectures for PaaS, PaaS Encryption). • Investigate portability and Interoperability in SaaS; SaaS Lock-in. • Appraise security in cloud environments with multi-tenancy at a Software level and testing in SaaS. • Assess the challenges associated with protecting applications in SaaS. • Explore how applications can be monitored in SaaS. • Investigate and assess the impact of client-side vulnerabilities and mobile devices on cloud application security (e.g., XSS and CSRF).

• Assess identity federation and claims-based security services with respect to cloud based systems (e.g., Security Assertion Markup Language (SAML), OpenID and OAuth). • Evaluation of IAM provider types (e.g., Silo-based Identity Providers, Replicated Identity Providers). • Investigate risk-based authentication strategies for cloud applications (e.g., authentication based on geo-location, device identifier etc.).

• Assess the challenges associated with establishing security perimeters within cloud computing environments (e.g., the impact of mobile devices on extending the attack surface of cloud based systems). • Investigate and assess a range of attack vectors that may be encountered on cloud based environments (e.g., Cryptanalysis, Impersonation, Social Engineering, DNS Mis-directions, DDoS, Brute Force). • Assess the challenges associated with monitoring and logging within cloud computing systems. • Determine how to identify security breaches, detect intrusions (e.g., honey pots) and recommend responses to such incidents (e.g., containment).

• Analyse and assess data dispersion in cloud environments. • Compare and contrast the Data Security Lifecycle vis-à-vis Information Lifecycle Management. • Analyse and assess information security governance processes. • Assess the challenges associated with protecting data in a cloud (i.e. Detecting and Preventing Data Migrations to the Cloud, Protecting Data Moving To and within the Cloud, Content Discovery, Data Loss Prevention, Database and File Activity Monitoring, Privacy Preserving Storage, Digital Rights Management).

• Evaluate and assess means of cryptographic protection of data in storage, data in transmission and data in an application environment. • Appraise data security in multi-tenancy environments. • Compare and contrast symmetric and asymmetric cryptosystems and analyse how these cryptosystems can be implemented to provide data security in the cloud. • Evaluate and recommend strategies for implementing key management infrastructure solutions. • Investigate network encryption techniques. • Investigate homomorphic encryption techniques • Quantum Computing and secure key distribution

• Assess Cloud Service Provider capabilities and responsibilities with respect to business continuity and disaster recovery. • Investigation of the opportunities afforded by cloud storage for backup and disaster recovery. • Devise strategies for testing disaster recovery and business continuity processes and activities within cloud based environments.

• Analyse and assess information security governance processes. • Evaluate pertinent control frameworks and standards (e.g., ISO/IEC 27001-2). • Investigate and analyse Risk Assessment and Threat Models. • Assess Information Assurance Frameworks in relation to meeting requirements for implementing secure cloud based computing environments. • Analyse and recommend enterprise risk management approaches and techniques. • Investigate the impact and importance of Service Level Agreements (SLAs) with respect to implementing cloud solutions.

• What is cloud security architecture? • Analyse and assess: o Functional elements o cloud service model/deployment model considerations o architectural design patterns o Cloud Security Posture Management (CSPM) o reference security architectures and frameworks (e.g., AWS Security Reference Architecture, Google Cloud Architecture Framework, Microsoft Cloud Adoption Framework, IBM Security Architecture for Cloud Applications)