SaaS Cybersecurity

On-Demand - 6 CPEs

                                                                                                                 

Software as a Service (SaaS) constitutes an increasing risk to enterprises as organizations transition from on-premise business applications to cloud based applications. SaaS applications can contain sensitive enterprise information that can be accessed from any device connected to the Internet.

 

Due to this significant enterprise risk, SaaS applications need to be assessed for effective security and controls. Unfortunately, this is not easily achieved in SaaS environments.

 

This on-demand seminar is designed to provide an understanding of foundational SaaS concepts, key risks, and associated controls. Throughout the seminar the focus is development of a risk-based approach to protect enterprise information in SaaS applications.

 

A wide range of globally recognized security and control resources will be highlighted during the seminar that can be used for planning and executing SaaS cybersecurity audits.

 

The intended audience for this seminar is all auditors (IT Auditors, business auditors, internal and external auditors) and audit management with the responsibility to provide effective assessments of enterprise risk.

 


 

Seminar Agenda

 

SaaS Key Risks                                                                                                                 

·      Defining SaaS, PaaS, IaaS                                                                                                       

·      Cloud Service Provider Risks                                                                                                       

·      SaaS Benefits                                                                                                       

·      SaaS - Who is responsible for data security?                                                                                                       

·      Top Threats to Cloud Computing                                                                                                       

·      Identifying Challenges to SaaS Security                                                                                                       

·      SaaS Shared Responsibilities                                                                                                       

·      Third Party Management                                                                                                       

·      SaaS Security Considerations                                                                                                       

·      SEC Proposed Rules on Cybersecurity                                                                                                       

                                                                                                                 

ERP / SaaS Applications                                                                                                                  

·      ERP Objectives                                                                                                       

·      ERP Risks                                                                                                       

·      ERP / SaaS Examples                                                                                                       

·      ERP Access Management Risks                                                                                                       

·      ERP Data Integrity Risks                                                                                                       

·      ERP Business Continuity Risks                                                                                                       

                                                                                                                 

Cloud Security Resources                                                                                                                 

·      Center for Internet Security (CIS) Critical Controls

·      Cloud Security Alliance - CSA                                                                                                       

·      FedRAMP

·      NIST Cybersecurity Framework                                                                                                       

·      OWASP                                                                                                       

·      Verizon Data Breach Investigations Report

·      Others …

                                                                                                                 


 

Cloud / SaaS Governance                                                                                                                 

·      Enterprise Cloud Strategy                                                                                                       

·      Cloud Risk Management                                                                                                       

·      Regulatory Compliance                                                                                                       

·      SaaS Shared / Governance                                                                                                       

·      Shadow IT / Shadow Cloud                                                                                                       

                                                                                                                 

Access Management                                                                                                                 

·      Identity Access Management / IAM                                                                                                       

·      SaaS Authentication                                                                                                       

·      SaaS MFA                                                                                                       

·      Single Sign On - SSO                                                                                                       

·      SaaS Authorization / User Profiles                                                                                                       

·      SaaS Shared Access Management Responsibilities                                                                                                       

·      SaaS Audit Trail / Logs                                                                                                       

·      SaaS CSP-Owned Log Management Responsibilities                                                                                                       

                                                                                                                 

Configuration & Change Management                                                                                                                 

·      Security Configuration Management Risks                                                                                                       

·      Configuration Management                                                                                                       

·      Ongoing Configuration Maintenance                                                                                                       

·      SaaS Shared Change Management                                                                                                       

·      CIS Controls - Configuration Management                                                                                                       

                                                                                                                 

End Point Security / Zero Trust                                                                                                                 

·      Working from Home / WFH                                                                                                       

·      Cloud Remote Access Options                                                                                                       

·      Endpoint Security / Zero Trust                                                                                                       

·      End Point Security – Shared Responsibilities                                                                                                       

                                                                                                                 

Encryption Key Management                                                                                                                 

·      NIST 800-57 - Recommendations for Key Management                                                                                                        

·      Key Management - Shared Responsibilities                                                                                                       

                                                                                                                 


 

API - Application Programming Interface                                                                                                                 

·      Defining API                                                                                                       

·      API Risks                                                                                                       

·      API Vulnerability Example                                                                                                       

·      OWASP API Security Report                                                                                                       

·      API Management - Vendor Examples                                                                                                       

                                                                                                                 

Incident Response Management                                                                                                                 

·      Asset Management                                                                                                       

·      Incident Response Management                                                                                                       

·      Incident Response - Shared Responsibilities                                                                                                       

                                                                                                                  

SaaS Business Continuity                                                                                                                 

·      SaaS Business Continuity Risks                                                                                                       

·      Recovery Planning                                                                                                       

·      BCP/DRP Planning - Shared Responsibilities                                                                                                       

·      BCP/DRP Planning - CSP Responsibilities                                                                                                       

                                                                                                                 

Cloud Security Awareness Training                                                                                                                 

·      Key Components of Awareness Training                                                                                                       

·      NIST 800-50 - Building Security Awareness Training                                                                                                       

                                                                                                                 

Assessing Cloud Vendor Controls                                                                                                                 

·      Contracts – Right to Audit                                                                                                       

·      Service Organization Controls (SOC) Reports                                                                                                                     

·      SOC2 Reports                                                                                                       

·      Cloud Vendor Governance - Audit Considerations                                                                                                       

      




Course Curriculum


  Introductory Sessions
Available in days
days after you enroll
  SaaS Risks
Available in days
days after you enroll
  Enterprise Resource Planning
Available in days
days after you enroll
  Audit Resources
Available in days
days after you enroll
  Governance
Available in days
days after you enroll
  Access Management
Available in days
days after you enroll
  Configuration and Change Management
Available in days
days after you enroll
  End Point Security
Available in days
days after you enroll
  Encryption
Available in days
days after you enroll
  Application Programming Interface
Available in days
days after you enroll
  Incident Response
Available in days
days after you enroll
  SaaS Business Continuity
Available in days
days after you enroll
  Security Awareness
Available in days
days after you enroll
  Vendor Assessments
Available in days
days after you enroll
  Concluding Sessions
Available in days
days after you enroll