Module 1: Cloud Governance
In this module, you will learn about the basics of cloud governance, including:
- Assurance
- Governance Frameworks
- Risk Management
- Governance Tools
Module 2: Cloud Compliance Program
In this module, you will learn:
- How to design and build a Cloud Compliance Program
- Legal and regulatory requirements
- Standards and security frameworks
- How to identify controls and measure effectiveness
- CSA certification, attestation, and validation
Module 3: CCM And CAIQ Goals, Objectives, and Structure
In this module, you will learn about:
- The CSA Cloud Controls Matrix (CCM)
- The Consensus Assessments Initiative Questionnaire (CAIQ)
- The relationship to standards: mappings and gap analysis
- The transition from CCM V3.0.1 to CCM V4
Module 4: Threat Analysis Methodology for Cloud Using CCM
In this module, you will learn about:
- Definitions and purpose
- Attack details and impacts
- Mitigating controls and metrics
Module 5: Evaluating A Cloud Compliance Program
In this module, you will learn:
- Governance perspectives
- Legal, regulatory, and standards perspectives
- Risk perspectives
- Services changes implications
- The need for continuous assurance/continuous compliance
Module 6: Cloud Auditing
In this module, you will learn how to:
- Audit characteristics, criteria, and principles
- Audit standards for cloud computing
- Audit an on-premises environment vs. cloud
- Pinpoint the differences in assessing cloud services vs. cloud delivery models
- Build, plan, and execute a cloud audit
Module 7: CCM Auditing Controls
In this module, you will learn about:
- Audit scoping guidance
- Risk evaluation guide
- Using an audit workbook
Module 8: Continuous Assurance and Compliance
In this module, you will learn about:
- DevOps and DevSecOps
- Auditing CI/CD pipelines
- DevSecOps automation and maturity
Module 9: STAR Program
In this module, you will learn about:
- Security and privacy standards
- Open Certification Framework
- STAR Registry
- STAR Levels 1, 2 and 3
