Course Description

Software as a Service (SaaS) constitutes an increasing risk to enterprises as organizations transition from on-premise business applications to cloud based applications. SaaS applications can contain sensitive enterprise information that can be accessed from any device connected to the Internet.

Due to this significant enterprise risk, SaaS applications need to be assessed for effective security and controls. Unfortunately, this is not easily achieved in SaaS environments.

This on-demand seminar is designed to provide an understanding of foundational SaaS concepts, key risks and associated controls. Throughout the seminar the focus is development of a risk-based approach to protect enterprise information in SaaS applications.

A wide range of globally recognized security and control resources will be highlighted during the seminar that can be used for planning and executing SaaS cybersecurity audits.

The intended audience for this seminar is all auditors (IT Auditors, business auditors, internal and external auditors) and audit management with the responsibility to provide effective assessments of enterprise risk.

Agenda:

• SaaS Key Risks
  
• ERP / SaaS Applications
  
• Cloud Security Resources
  
• Cloud / SaaS Governance
  
• Access Management
  
• Configuration & Change Management
• End Point Security / Zero Trust
  
• Encryption Key Management
  
• API - Application Programming Interface
  
• Incident Response Management
  
• SaaS Business Continuity
  
• Cloud Security Awareness Training
  
• Assessing Cloud Vendor Controls