0 reviews

IT Audit, Cloud Cybersecurity, Governance Risk and Compliance (GRC)

Instructor

Category

402 Students enrolled

Description
Curriculum
Reviews

Citadel Cloud Management provides an in-depth curriculum centered around the Cloud Control Matrix (CCM) created by the Cloud Security Alliance (CSA). This curriculum is aimed at helping enterprises develop and refine their cloud security strategies by leveraging the CCM framework to assess and manage risks associated with cloud computing providers.

Curriculum Content:

Introduction to the Cloud Control Matrix (CCM):
Overview of the CCM framework and its purpose in cloud security.
Explanation of how CCM helps in defining security requirements and assessing cloud providers.
Understanding the relationship of CCM with other industry-accepted security standards and frameworks,
such as ISO 27001/27002, NIST, PCI-DSS, and more.
See references: https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud-controls-matrix-ccm and https://cpl.thalesgroup.com/faq/data-security-cloud/what-cloud-security-alliance

Detailed Domain Coverage:

Application & Interface Security: Principles governing application security, data integrity, and customer access requirements.
Audit Assurance & Compliance: Processes for audit planning, independent audits, and mapping to regulations and standards.
Business Continuity Management & Operational Resilience: Strategies for business continuity planning, testing, and maintenance.
Change Control & Configuration Management: Handling changes, acquiring new applications or data, and managing development and quality testing.
Data Security & Information Lifecycle Management: Best practices for managing data flow, inventory, and lifecycle.
Data Center Security: Physical security controls, asset management, and access control for data centers.
Encryption & Key Management: Policies for key management, encryption, and protecting sensitive data.
Governance & Risk Management: Risk assessments, policy enforcement, and oversight in managing data-focused risks.
Human Resources Security: Governance of employee-related security aspects, including termination, mobile device management, and training.
Identity & Access Management: Credential management, segregation of duties, and access restrictions.
Infrastructure & Virtualization Security: Intrusion detection, vulnerability management, and OS hardening.
Interoperability & Portability: Use of APIs, data requests, and ensuring portability between services.
Mobile Security: Management of mobile devices, anti-malware practices, and app store policies.
Security Incident Management, Cloud Forensics & E-Discovery: Incident reporting, response management, and legal preparation.
Supply Chain Management, Accountability & Transparency: Controls related to data quality, incident reporting, and supply chain metrics.
Threat & Vulnerability Management: Managing antivirus, patch management, and addressing vulnerabilities.

Mapping to Standards and Frameworks:

CCM v4 is mapped to various standards such as ISO/IEC 27001/27002/27017/27018, CIS Controls V8, and others.
CCM v3.0.1 mappings include standards like NIST SP 800-53, PCI DSS, and ISACA COBIT.
Understanding how fulfilling CCM controls can help meet requirements of multiple standards and regulations simultaneously.

Application and Implementation:

Practical application of the CCM framework to develop a cloud security strategy.
Using the CCM spreadsheet to align cloud security controls with multiple frameworks and simplify compliance.

Course materials