PECB Certified Lead Cloud Security Manager

The Lead Cloud Security Manager training course enables participants to develop the competence needed to implement and manage a cloud security program by following widely recognized best practices.

The growing number of organizations that support remote work has increased the use of cloud computing services, which has, in turn, increased the demand for a secure cloud infrastructure proportionally.

This training course is designed to help participants acquire the knowledge and skills needed to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cloud security program based on ISO/IEC 27017 and ISO/IEC 27018. It provides a comprehensive elaboration of cloud computing concepts and principles, cloud computing security risk management, cloud-specific controls, cloud security incident management, and cloud security testing.

The training course is followed by the certification exam. If you successfully pass it, you can apply for a “PECB Certified Lead Cloud Security Manager” credential. A PECB Lead Cloud Security Manager Certificate demonstrates your ability and competencies to manage a cloud security program based on best practices.

Learning objectives:

• Gain a comprehensive understanding of the concepts, approaches, methods, and techniques used for the implementation and effective management of a cloud security program
• Acknowledge the correlation between ISO/IEC 27017, ISO/IEC 27018, and other standards and regulatory frameworks
• Gain the ability to interpret the guidelines of ISO/IEC 27017 and ISO/IEC 27018 in the specific context of an organization
• Develop the necessary knowledge and competence to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cloud security program
• Acquire the practical knowledge to advise an organization in managing a cloud security program by following best practices

Target audience:

• Cloud security and information security professionals seeking to manage a cloud security program
• Managers or consultants seeking to master cloud security best practices
• Individuals responsible for maintaining and managing a cloud security program
• Technical experts seeking to enhance their cloud security knowledge
• Cloud security expert advisors

The main requirement for participating in this training course is having a fundamental understanding of ISO/IEC 27017 and ISO/IEC 27018 and a general knowledge of cloud computing concepts.

Program:

• Day 1 Introduction to ISO/IEC 27017 and ISO/IEC 27018, and the initiation of a cloud security program
  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Fundamental cloud computing concepts and
  • principles
  • Understanding the organization’s cloud computing architecture
  • Information security roles and responsibilities related to cloud computing
  • Information security policy for cloud computing
• Day 2 Cloud computing security risk management and cloud-specific controls
  • Cloud computing security risk management
  • Selection and design of cloud-specific controls
  • Implementation of cloud-specific controls (part 1)
• Day 3 Documented information management and cloud security awareness and training
  • Implementation of cloud-specific controls (part 2)
  • Documented information management in the cloud
  • Cloud security awareness and training
• Day 4 Cloud security incident management, testing, monitoring, and continual improvement
  • Cloud security incident management
  • Cloud security testing
  • Monitoring, measurement, analysis, and evaluation
  • Continual improvement

Koolitaja:
PhD Andro Kull, certified ISO 27001 Lead Auditor

Andro Kull during his career, has worked in both sectors, public and private. In the previous years he has worked for the financial sector with regards to IT and information security, and for the energy sector with regards to IT risks, where security and continuity demands are very high. Kull started his career as IT specialist and IT manager, and has worked extensively as IT auditor and as IT risk manager for one of the largest company in Estonia. At the same time, he founded a small consulting company and managed projects related to IT risk assessment, the implementation of security measures, business continuity planning (BC), planning for recovery (DR), and crisis management mostly in public sector organizations.

The international environment is not new to Andro Kull, since he has participated in the European Central Bank internet payment security working group. Kull has been cooperating with the IT banking supervisors on an international level. Furthermore, he has organized one international conference in Tallinn. In addition, he has worked for European Union DG Connect as advisor connected with IT risk management recommendations development.

Andro Kull holds a PhD degree from the University of Tampere, concentrating on the IT oversight and compliance verification methodologies, and he currently is lecturing IT risk and information security management issues at the University of Tallinn.