Cloud Audit Academy
Learn skills and best practices to audit for security in the cloud
Cloud Audit Academy (CAA) is an Amazon Web Services (AWS) Security Auditing Learning Path designed for those that are in auditing, risk, and compliance roles and are involved in assessing regulated workloads in the cloud.
The CAA curriculum forms a leveled learning path that starts with a wide scope (cloud and industry agnostic), and narrows as the learner progresses to focus on AWS and industry-specific content. It includes courses in eLearning and instructor-led training formats.
The curriculum dives into cloud-specific audit considerations and AWS best practices for security auditing aligned to global industry security and compliance frameworks.
Security and Compliance Domains
The CAA curriculum focus on the following globally recognized security and compliance domains:
1. Governance, Risk, and Compliance
2. Identity and Access Management
3. Data Security and Privacy
4. Network Management
5. Configuration Management
6. Vulnerability Management
7. User Device Management
8. Logging and Monitoring
9. Incident Response
10. Business Continuity and Contingency Planning
Why Cloud Audit Academy?
Today, control framework language is catered towards on-premises environments, and security IT auditing techniques have not been reshaped for the cloud. At AWS, we believe in empowering our customers to apply cloud-specific verification techniques to their audits in the cloud. Cloud Audit Academy provides auditors with the education and tools to audit for security in the cloud using a risk-based approach.
Free Digital Training
On-demand Cloud Audit Academy courses help you learn and refresh your cloud security auditing skills when and where it’s convenient for you.
Follow this recommended sequence of courses to build your IT security auditing skills in the Security Auditing Learning Path.
Cloud Audit Academy – Cloud agnostic
This course provides a baseline knowledge on the differences in auditing in the cloud versus on-premises. It is cloud agnostic and not specific to any industry. It's a high-level introductory workshop that focuses on security auditing concepts in the cloud.
Continuing education units: 3 or 8 (ISC)², based on delivery format.
Cloud Audit Academy – AWS specific
This course provides security and auditing concepts based on industry-recognized security control domains and standards when operating specifically in AWS. It provides illustrative risk examples and use cases with respective control objectives, activities, and AWS best practices to bring real-world relevance to the content. By the end of the course, attendees should understand approaches for assessing AWS controls implemented and configured by AWS customers to address these illustrative risks and use cases.
This course was built in collaboration with PricewaterhouseCoopers (PwC) and is designed to touch on the following global industry security and compliance frameworks: Cloud Security Alliance Cloud Controls Matrix (CSA CCM); the European General Data Protection Regulation (GDPR); the International Organization for Standardization (ISO) 27001:2013; the National Institute of Standards and Technology (NIST) 800-53; and the Service Organization Controls (SOC) 1 and 2.
Instructor-led for teams | In-person or Virtual Class | 4 Days (28 Hours)
We recommend attendees of this course have hands-on audit experience.
Frequently Asked Questions (FAQs)
Why should I register for this program?
The Cloud Audit Academy program allows attendees to:
- Prepare for auditing security in the cloud by identifying the differences between auditing in the cloud and on-premises.
- Establish common AWS audit knowledge between internal cloud service customers’ (CSC) departments and external IT auditors.
- Understand how to apply AWS security auditing best practices and use AWS services to assess industry-recognized frameworks, standards, and statutory regulations to help reduce time-to-market for regulated AWS workloads.
- Understand potential methods to address cloud-based risk by utilizing AWS services and AWS best practices in order to effectively and confidently audit the security of CSC AWS workloads.
- Learn through a structured curriculum and ask subject matter experts questions during instructor-led training.
- Learn confidentiality, integrity, and availability concepts for auditing in AWS.
- Gain continuing professional education (CPE) credits towards your career development.
Who should attend?
The intended audience for Cloud Audit Academy includes:
- Internal IT Auditors who want to understand how to potentially address cloud-based risk using AWS services and AWS best practices to effectively audit the security of their AWS workloads.
- External IT Auditors who want to learn AWS security and auditing concepts based on industry-recognized standards to successfully perform security auditing on cloud service customers’ (CSC) AWS workloads.
- Regulators who want to understand how CSCs can secure regulated workloads in AWS to develop controls and regulations to better govern workloads in the cloud.
- Security Practitioners who want to understand confidentiality, integrity, and availability auditing concepts in AWS to design and implement controls for securing their AWS workloads.
- Privacy Practitioners who want to understand the security and auditing concepts in AWS to attest and adhere to privacy-related statutory requirements in highly regulated AWS workloads.
- Compliance Practitioners who want to understand how to apply AWS best practices and use AWS services to align with industry-recognized frameworks, standards, and statutory regulations and reduce time-to-market for regulated AWS workloads.
- Cloud Services Customers who want to understand the security and auditing concepts in AWS to adhere to compliance, regulatory, and mandated standards for their AWS workloads.
Who are the instructors?
Subject matter experts and industry standard practitioners from AWS Security Assurance Services, LLC, instruct the Cloud Audit Academy courses. They are AWS-certified Solutions Architects with current audit credentials (such as IIA Certified Internal Auditor (CIA) certification; ISACA Certified Information Systems Auditor (CISA) certification; ISO audit certifications; and/or PCI Qualified Security Assessor) with over five years of cloud audit, compliance, or regulatory experience.
Other Suggested Training
AWS Security Fundamentals (Second Edition)
Security Engineering on AWS
Hear about how AWS customers are using AWS services to provide clarity and transparency into their security and compliance processes.