Auditing the Cloud

Focus & Features

Cloud computing provides organizations with access to human and technical resources that might otherwise be cost prohibited. Each organization should establish a business case, articulating both the benefits and inherent risks of moving a portion of its operations to the cloud.

Globally, there has been a significant increase in the activity of hackers who breach managed service providers (MSPs) in order to execute ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams. The alert explained how the attackers use MSP solutions to gain access into the internal networks of customers.

This Auditing the Cloud course provides participants with a deeper understanding of cloud-related designs, risks, and controls, while examining the connection between cybersecurity and cloud environments. Further, this course provides additional insight into cloud-related standards and guidelines, and explains how to audit cloud environments.

Objectives

• Define cloud computing from an internal audit perspective.
• Explore the cloud-cybersecurity connection and the importance of classifying and assessing the cloud environment.
• Examine internal audit considerations regarding contract provisions and first- and third-party insurance.
• Describe cloud standards and guidelines, and how they affect an organization.
• Explain how to assess an organization's liabilities when utilizing cloud solutions.

What You Will Learn

Understanding the Cloud Environment

• The cloud, and what it is.
• The cloud, and how it works.
• Common cloud standards and guidelines.
• Cloud models and deployments.
• Cloud provider selection criteria.
• Connectivity between the cloud provider and the client site.

Examining Cloud-Based Risks and Controls

• Cloud governance and strategy.
• Cloud-based asset and configuration management.
• Risks related to cloud providers and conducting cloud-based risk assessments.
• Cybersecurity threats associated with cloud utilization.
• Key cloud contract considerations.
• Annual assessment/service organization control (SOC) reports.

Assessing the Cloud Environment

• Assessing cloud tools.
• Assessing the cloud provider contract.
• Assessing cloud controls at the cloud vendor and client sites.

Who will benefit from this course?

This four-hour course is designed for internal auditors with a basic understanding of information technology and cybersecurity concepts and for those who have been involved in internal audit engagements that require an understanding of how to manage the impact of cloud computing on organizational risks.

Number of CPE Units : 4

Cancellation & Substitution Policy

• Cancellations received less than 24 hours prior to the event or after receiving the final confirmation email and zoom link will be charged a cancellation fee, which is 50% of the registration fee.
• Substitutions are allowed within the same event without incurring a cancellation fee. (Rate should be the same, if not, difference should be paid)
• No show registrants will be charged 50% of the registration fee.

Privacy Notice: We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP Seminars. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information.

By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.