Este curso tem como objectivo dotar os participantes das competências e dos conhecimentos necessários para identificar e resolver as questões de segurança específicas para as nuvens públicas e privadas.

No final deste curso os participantes saberão:

·         Analisar e implementar a segurança para nuvens públicas e privadas

·         Estabelecer a integridade dos dados e a privacidade na nuvem para gerir riscos

·         Manter a segurança da plataforma e proteger a confidencialidade dos dados

·         Proteger redes, sistemas operativos e aplicações em diversas implantações de nuvem

·         Alcançar organizational cyber security compliance

Este Curso destina-se a todos os profissionais envolvidos em aspectos de segurança da computação em nuvem.

Conhecimentos de Cloud Computing

1 -    Cloud Computing Essentials

·         Cloud computing service models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)

·         Public

·         Private

·         Virtual private

·         Hybrid

·         Establishing cyber security fundamentals

2 -    Risk Analysis and Division of Responsibility

·         Managing risks in the cloud

·          Dividing operational responsibility and visibility

·          Retaining information security accountability

·          Managing user authentication and authorization

·         Negotiating security requirements with vendors

·          Identifying needed security measures

·          Establishing a Service Level Agreement (SLA)

·          Ensuring SLAs meet security requirements

3 -    Securing the Cloud Infrastructure

·         Securing the platform

·          Restricting network access through security groups

·          Configuring platform-specific user access control

·          Integrating cloud authentication/authorization systems

·         Compartmentalizing access to protect data confidentiality and availability

·          Securing data in motion and data at rest

·          Identifying your security perimeter

·          Designing resilient cloud architectures

4 -    Operating System and Network Security

·         Locking down cloud servers

·          Scanning for and patching vulnerabilities

·          Controlling and verifying configuration management

·         Leveraging provider-specific security options

·          Defining security groups to control access

·          Filtering traffic by port number

·          Benefiting from the provider's built-in security

·          Protecting archived data

5 -    Achieving Security in a Private Cloud

·         Taking full responsibility for cyber security

·          Managing the risks of public clouds

·          Identifying and assigning security tasks in each SPI service model: SaaS, PaaS, IaaS

·         Selecting the appropriate product

·          Comparing product-specific security features

·          Organizational implementation requirements

·         Virtual Private Cloud (VPC)

·          Simulating a private cloud in a public environment

·          Google Secure Data Connector

·          Amazon VPC

·         The hybrid cloud alternative

·          Connecting on-premises data with cloud applications

·          Securely bridging with VPC

·          Expanding capacity to meet business surges

6 -    Meeting Compliance Requirements

·         Managing cloud governance

·          Retaining responsibility for the accuracy of the data

·          Verifying integrity in stored and transmitted data

·          Demonstrating due care and due diligence

·         Assuring compliance with government certification and accreditation regulations

·          HIPAA

·          Sarbanes-Oxley

·          Data Protection Act

·          PCI DSS

·          Following standards for auditing information systems

·          Negotiating third-party provider audits

7 -    Preparing for Disaster Recovery

·         Implementing a plan to sustain availability

·          Distributing data across the cloud to ensure availability and performance

·          Addressing data portability and interoperability for a change in cloud providers

·         Exploiting the cloud for disaster recovery options

·          Achieving cost-effective recovery time objectives

·          Employing a strategy of redundancy to better resist DoS