Cloud GRC training

Cloud GRC (Cloud Governance Risk management and Compliance) is a 2 day intensive training course which will give the delegate a practical working knowledge of governance, risk management and compliance in the context of cloud computing. Upon completion, the delegate will be ready to start developing a GRC program.

The audience for this course includes IT risk managers, IT architects, service managers and product managers of IT departments and service providers. Cloud providers will find that this course will seriously strengthen their cloud offerings in the perception of their customers. This course is not intended for small and medium enterprises that mainly consume cloud services and have a low risk profile.

FREE CCSK training

I am afraid the Cloud GRC training is not available anymore. Please check one of my CCSK courses, to learn more about cloud computing en cloud security.

Are you not sure if you are ready to start a full CCSK training yet? Then this free course is perfect for you. It will give you a good idea of how worthwhile it is to go for the CCSK certification. You will also cover some of the basics that are required for the full course.

Click on the button below and start learning about CCSK v4.

Key benefits

  • Cloud specific risk management reduces risk exposure for cloud providers and IT departments
  • Integrated GRC approach creates value in cloud provider propositions
  • Interactive format has delegates leave with immediately applicable skills
  • Delegates can use this as a workshop to jumpstart their GRC program

What you will learn

  • A clear, vendor-independent understanding of Cloud Computing
  • A well-delineated conception of the strengths and weaknesses of Cloud’s three service models: Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service, as well as Cloud’s four deployment models: public, private, community, and hybrid
  • The tools and expertise necessary to put together a Cloud roadmap and migration plan for their organizations
  • Practical intelligence and advice on securing the Cloud and putting together a robust Cloud governance framework
  • A detailed look at the key players in the Cloud Computing marketplace, including SaaS application providers, Cloud service providers, and hardware and software vendors
  • Includes real-world case studies on organizations who have achieved success with their Cloud-based initiatives

Cloud GRC Modules

The Cloud Governance, Risk Management and Compliance training  is divided up in 5 modules:

  1. Cloud Computing business benefits and risks;
  2. Risk analysis and design of controls;
  3. Identifying risks and value, governance and compliance;
  4. Control frameworks and demonstrating compliance;
  5. Managing Compliance and Maturity.

Module 1: Cloud Computing

Learning objectives: What is cloud computing and how does it change value and risk propositions?

First we need to thoroughly understand the five characteristics of cloud computing, and work through practical examples, including the services developed or considered by the delegates. Then we can see in a structured way how this leads to business value for cloud consumers and how it can impact risk profiles.

Similarly we will discuss 3 service models and 4 deployment models.
At the end of this module you will be able to:

  • Recognize characteristics of cloud computing
  • Recognize service models, deployment models
  • Articulate business value of these
  • Articulate business risks of these

Module 2: Risk Analysis and design of controls for cloud computing

Learning objectives: what makes a risk a risk, and how can they be controlled?

We will explain the main definitions surrounding risk and its management, and let de delegates practice the application of these concepts to cloud computing examples. Examples are drawn from various sources, including from delegates’ services. The module includes a number of templates that can be used in practice.

At the end of this module you will be able to distinguish and identify:

  • Threats
  • Adverse consequences
  • Evaluation and ranking of risks
  • Possible measures and controls specific to cloud computing

Module 3: Identifying risks and value

Learning objectives: What are sources of risks and value, often two sides of the same coin? How can these be identified and enumerated systematically? How can the reduction of risk be presented as a value proposition?

Reduction of risk can be a great source of value. Information technology consumers often create serious dependency on technology in a number of ways. In this module, we give a systematic way to enumerate these risks. We list multiple examples of risk sources, how some can be turned into value propositions, examples of compliance requirements stemming from industry bodies, and review the business reasons for IT governance priorities.

At the end of this module you will be able to identify risks, value propositions, compliance requirements and governance priorities in a structured way.

Module 4: Control frameworks and demonstrating compliance

Learning objectives: what is a control framework, and how are they used in specific industries to demonstrate compliance?

Realistic risk management and compliance endeavors quickly run into hundreds or more risks to be analysed, or compliance obligations to be fulfilled. That is why there are standardization efforts aimed at structuring these. In this module we list the major relevant control frameworks for cloud computing and lead the delegate through a detailed understanding of the various control areas.

For each of the control areas we discuss how controls can be designed and implemented, and compliance can be demonstrated.
At the end of this module you will be able to:

  • Name important cloud computing frameworks including ISO 27001, CSA CCM, and industry specific frameworks.
  • Select an appropriate control framework
  • Understand various control areas
  • Link control objectives to controls and evidence

Module 5: Managing Compliance and Maturity

Learning objectives: Understand how to manage a GRC program and demonstrate its effectiveness

A successful GRC program involves interaction with a number of stakeholders, including auditors, customers, and providers and internal staff. We will discuss ways that will allow an organization to manage this complex information flow in an effective and efficient way. Every organization will be on a path to maturity in this process, so we will show how to evaluate and demonstrate ones progress in that path.
At the end of this module you will be able to:

  • Identify steps and deliverables that lead to demonstrable control
  • Identify and brainstorm metrics that give insight into your progress in GRC
  • Identify dependencies between controls and competencies (maturity levels)


Security operations manager

The course provides a fantastic overview of Cloud and was an eye opener to me.  The benefits of cloud were made clear, but so too were the limitations and considerations of the service. I would recommend this course to everyone involved in Cloud from hands on IT to Executive. This was one of the most informative courses I have attended.

Security operations manager

IT architect, London City, Canary Wharf

Peter clearly has a great deal of specific industry experience and draws on this to provide real-world examples. Always happy to divert the conversation out of the course where relevant and interesting within the cloud computing context.  I think this was particularly useful and observed this providing value to the entire group.

Attended several of Peter’s courses

I have attended several of Peter’s courses. They are always very good with practical knowledge on cloud computing, and this is helping us very much in our development of the Oman government cloud services.

Shanthi Vijay

Information Technology Agency, government of Oman

Gabe Camacho

Very grateful.  Thank you!

Gabe Camacho

Didier Raelet

I have appreciated very well most topics and particulary the Security Risk & compliance topics. Comparison on IT process on premise with those in the Cloud is quite good. But, it could be done deeper.

Didier Raelet

Vincent Yesue

This class is great. Good balance between you talking, and us chatting. You keep control of the syllabus and the schedule, and we provide some information on what the facts mean to us and how we understand them in our context. Brilliant stuff.

Vincent Yesue


Very professional domain, but very clear explained! Thanks



Most useful: Technical context, risk knowledge and exam approach


Ali Isikli

Experienced trainer. Reflects his experience well within the context

Ali Isikli

Ken Tola

Peter is incredibly knowledgeable and takes the time to answer questions and actually work with his students. The course is also an amazing way to learn how AWS actually works and, by the end of the labs, you feel ready to manage your own cloud! The materials are easy to understand and yet technical enough to get real-life security implemented. This was a great course and far beyond most of the accreditation courses I have completed.

Ken Tola

Carlo Tyrberg

I attended Peter’s CCSK-training and found it very useful, because 1) the sessions gave me more insight on several other aspects of cloud computing than only security, 2) it ‘inspired’ (/forced) me to study the CSA guide/ENISA more thorughly and not least 3) I manage to pass the exam 🙂

Carlo Tyrberg

Frank Cerney

I had very little to no experience wit the CLOUD, so this training was incredibly valuable to me. My new professional responsibilities are becoming more and more cloud centric. I have a greatly improved level of confidence because I know I have a solid educational foundation that the training and exam preparation has provided for me. I cannot recommend it highly enough!

Frank Cerney