Cloud GRC training

Cloud GRC (Cloud Governance Risk management and Compliance) is a 2 day intensive training course which will give the delegate a practical working knowledge of governance, risk management and compliance in the context of cloud computing. Upon completion, the delegate will be ready to start developing a GRC program.

The audience for this course includes IT risk managers, IT architects, service managers and product managers of IT departments and service providers. Cloud providers will find that this course will seriously strengthen their cloud offerings in the perception of their customers. This course is not intended for small and medium enterprises that mainly consume cloud services and have a low risk profile.

I am afraid the Cloud GRC training is not available anymore. Please check one of my CCSK courses, to learn more about cloud computing en cloud security.

Are you not sure if you are ready to start a full CCSK training yet? Then this free course is perfect for you. It will give you a good idea of how worthwhile it is to go for the CCSK certification. You will also cover some of the basics that are required for the full course.

Click on the button below and start learning about CCSK v4.

Key benefits

• Cloud specific risk management reduces risk exposure for cloud providers and IT departments
• Integrated GRC approach creates value in cloud provider propositions
• Interactive format has delegates leave with immediately applicable skills
• Delegates can use this as a workshop to jumpstart their GRC program

What you will learn

• A clear, vendor-independent understanding of Cloud Computing
• A well-delineated conception of the strengths and weaknesses of Cloud’s three service models: Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service, as well as Cloud’s four deployment models: public, private, community, and hybrid
• The tools and expertise necessary to put together a Cloud roadmap and migration plan for their organizations
• Practical intelligence and advice on securing the Cloud and putting together a robust Cloud governance framework
• A detailed look at the key players in the Cloud Computing marketplace, including SaaS application providers, Cloud service providers, and hardware and software vendors
• Includes real-world case studies on organizations who have achieved success with their Cloud-based initiatives

Cloud GRC Modules

The Cloud Governance, Risk Management and Compliance training  is divided up in 5 modules:

1. Cloud Computing business benefits and risks;
2. Risk analysis and design of controls;
3. Identifying risks and value, governance and compliance;
4. Control frameworks and demonstrating compliance;
5. Managing Compliance and Maturity.

Module 1: Cloud Computing

Learning objectives: What is cloud computing and how does it change value and risk propositions?

First we need to thoroughly understand the five characteristics of cloud computing, and work through practical examples, including the services developed or considered by the delegates. Then we can see in a structured way how this leads to business value for cloud consumers and how it can impact risk profiles.

Similarly we will discuss 3 service models and 4 deployment models.
At the end of this module you will be able to:

• Recognize characteristics of cloud computing
• Recognize service models, deployment models
• Articulate business value of these
• Articulate business risks of these

Module 2: Risk Analysis and design of controls for cloud computing

Learning objectives: what makes a risk a risk, and how can they be controlled?

We will explain the main definitions surrounding risk and its management, and let de delegates practice the application of these concepts to cloud computing examples. Examples are drawn from various sources, including from delegates’ services. The module includes a number of templates that can be used in practice.

At the end of this module you will be able to distinguish and identify:

• Threats
• Adverse consequences
• Evaluation and ranking of risks
• Possible measures and controls specific to cloud computing

Module 3: Identifying risks and value

Learning objectives: What are sources of risks and value, often two sides of the same coin? How can these be identified and enumerated systematically? How can the reduction of risk be presented as a value proposition?

Reduction of risk can be a great source of value. Information technology consumers often create serious dependency on technology in a number of ways. In this module, we give a systematic way to enumerate these risks. We list multiple examples of risk sources, how some can be turned into value propositions, examples of compliance requirements stemming from industry bodies, and review the business reasons for IT governance priorities.

At the end of this module you will be able to identify risks, value propositions, compliance requirements and governance priorities in a structured way.

Module 4: Control frameworks and demonstrating compliance

Learning objectives: what is a control framework, and how are they used in specific industries to demonstrate compliance?

Realistic risk management and compliance endeavors quickly run into hundreds or more risks to be analysed, or compliance obligations to be fulfilled. That is why there are standardization efforts aimed at structuring these. In this module we list the major relevant control frameworks for cloud computing and lead the delegate through a detailed understanding of the various control areas.

For each of the control areas we discuss how controls can be designed and implemented, and compliance can be demonstrated.
At the end of this module you will be able to:

• Name important cloud computing frameworks including ISO 27001, CSA CCM, and industry specific frameworks.
• Select an appropriate control framework
• Understand various control areas
• Link control objectives to controls and evidence

Module 5: Managing Compliance and Maturity

Learning objectives: Understand how to manage a GRC program and demonstrate its effectiveness

A successful GRC program involves interaction with a number of stakeholders, including auditors, customers, and providers and internal staff. We will discuss ways that will allow an organization to manage this complex information flow in an effective and efficient way. Every organization will be on a path to maturity in this process, so we will show how to evaluate and demonstrate ones progress in that path.
At the end of this module you will be able to:

• Identify steps and deliverables that lead to demonstrable control
• Identify and brainstorm metrics that give insight into your progress in GRC
• Identify dependencies between controls and competencies (maturity levels)