Demystifying Cloud Security and Audit in AWS
Several organizations have implemented Cloud in the last couple of years and are still groping in the dark as to the responsibilities of Information Security in the cloud. Cloud computing security, i.e., Cloud Security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers. Organizations use the cloud in a variety of different service models (with acronyms such as SaaS, PaaS, and IaaS) and deployment models (private, public, hybrid, and community). Security concerns associated with cloud computing fall into two broad categories: security issues faced by cloud providers (organizations providing software, platform, or infrastructure-as-a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud). Security is a shared responsibility between the Cloud Service Provider and the Customer. The provider must ensure that their infrastructure is secure and that their client’s data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.
At the conclusion of this course, attendees will be able to understand:
- Overall high-level understanding of the Cloud
- Regulatory Guidelines on Cloud Implementation
- Cloud Control Matrix latest version: High-level overview
- Key Controls on AWS – 50 CIS controls checklist implementation
- Security ‘in’ the cloud and ‘of’ the cloud
Duration: 8 Hours
|Course Content(4 sessions of 90 minutes each)
Participants will have to carry their laptops. It’s advisable to get personal laptops and not corporate laptops. The AWS link should not be blocked on the corporate laptops
Facilitator: Nanda Mohan Shenoy
- CDPSE & CISA, ISACA
- Possess the Banking qualification CAIIB from India
- Holds a Post Graduate Diploma in Industrial Relations and Personnel Management
- A Lead Auditor for ISO 27001:2013.
- Seasoned Banking & Information Security Professional
- More than 30 Years of experience in the entire Banking and Financial Services and Insurance (BFSI) segment with a deep understanding of Business, Operations, Technology, and Information Security.
- Held Leadership positions in BNP Paribas India, Global Trust Bank, and Bharat Overseas Bank
- Worked across multiple verticals, like Operations, Information Technology & Business, and Products like Private Banking, Mutual Funds, Insurance, etc.
- Has a hands-on experience in Audit of AWS, Azure & Google Cloud with organizations in the BFSI Sector
- Data Privacy and Cyber security
- Supported Bureau Veritas India, the certification body as a Subject Matter expert for the ISO 27701:2019 (the Privacy Management Information Systems (PIMS) certification) for Infosys.
- Addressed the Board and the Senior Management of the various Banks/ NBFC /Other Financial Institutions on the Information and Cyber Security Risk (IndusInd Bank, Tata Capital, SVC Bank, SBI Life Insurance, etc) as well as Privacy Issues.
- He has trained more than 400 senior management personnel in Aadhaar Compliance
- He was the keynote speaker on Asian Privacy Laws in Da Nang
- He was invited by the Securities Board of Vietnam to deliver a keynote on India Aadhaar adoption of Capital markets in 2019
- He also is one of the popular Quiz masters at the ISACA Conferences