Workshop on Cloud Security and Auditing

Map Unavailable

Date/Time
Date(s) - 16/12/2017
9:30 am - 5:30 pm


Workshop on Cloud Security and Auditing
On 16th Dec 2017 from 9.30 am to 5:30 pm (7 CPE Hours)
At Deccan Royale, JM Road, Pune
Workshop Details During this workshop, we will discuss key controls to look for when you are implementing and configuring cloud security. We will also focus on the aspect of auditing. IT auditors collect information on an organization’s information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards to achieve financial success while defending against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this session, we will explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.
Topic Coverage
  • Cloud & Security – Overview​
    • What is cloud computing?​
    • Delivery models vs Security model
    • Logical view vs.Physical view​
  • Core areas of cloud security​
    • Data Security​, Identity Management & Access Control​
    • SaaS v. PaaS v. IaaS – security consideration
    • Infrastructure​ and Networking​
    • Config mgmt. & change control​
    • Security operations – customer v. provider​
    • BCDR, Incident Response – customer v. provider​
  • Cloud Security Auditing: Challenges and Emerging Approaches
    • Regulations, Legal Issues, Privacy,​ Governance & standards​
    • HR & staff competency​
    • Cloud migration / transformation security​
    • Privacy regulations & implications (Safe Harbor, GDPR, etc.)​
    • Geopolitical considerations ​and Government threats​
    • Providers Documentation (Trust Center)​
    • Auditing Frameworks (NIST, COBIT-Cloud, CSA, SANS etc.)​
Who should attend IT & ITES, BPO, IT Consulting, GICs and any other service providers, Auditors and Security Professionals
About the Trainers Manish Prabhu – Director Cloud IT architecture, Microsoft 

Manish leads the Cloud Services security team within Information Security & Risk Management, Microsoft India. Manish’s team is focused on creating engineering tools, automation and guidance that can enable secure dev ops in Azure and accelerate cloud transformation for an enterprise.
Manish recently completed 21 years at Microsoft and has been in the field of information security since 2001 with experience ranging from designing and implementing security in server products such as BizTalk, Commerce, Host Integration Servers, embedded systems such as Microsoft Automotive Embedded (Blue-&-Me and Ford SYNC), enterprise line of business IT solutions for HR, Sales, Marketing, etc. and as a consultant for Microsoft’s global partners and customers. He loves to teach and has contributed to academia through undergraduate and postgraduate Software Security courses local engineering colleges. In his early years at Microsoft, Manish was a developer in the COM/COM+ and .Net Runtime (CLR) teams where he worked in the field of distributed objects and remoting.

 

Hemant Dusane – Digital Security Transformation Leader, Rage Frameworks – a Genpact Company

Hemant is an Information Security & Risk Management Professional offering 12 years of strong, decisive executive leadership in well-known organizations. He is a continuous learner with a passion for innovation in security risk management to drive bottom-line business contributions (optimizes security investments, avoid losses from security incidents, improve customer retention, enhance business decision-making, reduce corporate liability). At his current role, he is cultivating and leading a highly technical team, incorporating analytical, operational, research & development and vulnerability assessment skills in Information Security Risk management field within the organization. He is an active cyber security evangelist and speaker in various national and International forums. He has executed end-to-end implementation of ISO 27001, PCIDSS & ISO 20000 based projects with various clients in EMEA & APAC. His core competencies encompass information technology/information security strategy, policy and governance, security architecture, risk management, data privacy, vulnerability assessment, penetration testing and application security, ISO implementations and cyber security awareness trainings. Specially Hemant is passionate about cyber security awareness; he conducts awareness sessions for Senior Management, Board of directors, Students at colleges and for corporate employees. He has won various national and international awards for his overall contribution in Information Risk Management field.

Pricing for Workshop Including Service Tax ISACA Members- Rs 2100/-

ISACA Non Members- Rs 3200/-

Including Service Tax

Link for Registration

https://goo.gl/forms/5kXPw5qX146KScBL2

Bank Details Bank Account Name: ISACA Pune Chapter,

Name of the Bank: Saraswat Co-operative Bank Limited, Branch: Karve Road

S.B. A/c. No.: 036200100019496, IFSC Code: SRCB0000036, MICR Code: 411088005

(Please mention details of your Cheque No. and NEFT reference in registration form and also mail the same to office@isacapune.org)

For Registration Contact Manjiri Tamhane (Office Manager): 9527448106 Email : office@isacapune.org    

Hemant Dusane – 9890906719 Email: programs@isacapune.org