1 - Cloud Governance

• An Overview of Governance
• Cloud Assurance
• Cloud Governance Frameworks
• Cloud Risk Management
• Cloud Governance Tools

2 - Cloud Compliance Program

• Designing a Cloud Compliance Program
• Building a Cloud Compliance Program
• Legal & Regulatory Requirements
• Standards & Security Frameworks
• Identifying Controls & Measuring Effectiveness
• CSA Certification, Attestation, & Validation

3 - CCM and CAIQ Goals, Objectives & Structure

• CCM
• CAIQ
• Relationship to Standards: Mappings & Gap Analysis
• Transition from CCM V3.0.1 to CCM V4

4 - Threat Analysis Methodology for Cloud using CCM

• Definitions & Purpose
• Attack Details & Impacts
• Mitigating Controls & Metrics
• A Use Case

5 - Evaluating a Cloud Compliance Program

• Evaluation Approach
• A Governance Perspective
• Legal, Regulatory & Standards Perspectives
• Risk Perspectives
• Services Changes Implications
• The Need for Continuous Assurance/Continuous Compliance

6 - Cloud Auditing

• Audit Characteristics, Criteria & Principles
• Auditing Standards for Cloud Computing
• Auditing an On-Premises Environment vs. Cloud
• Differences in Assessing Cloud Services & Cloud Delivery Models
• Cloud Audit Building, Planning & Execution

7 - CCM Auditing Controls

• CCM Audit Scoping Guidance
• CCM Risk Evaluation Guide
• CCM Audit Workbook
• CCM an Auditing Example

8 - Continuous Assurance & Compliance

• DevOps and DevSecOps
• Auditing CI/CD Pipelines
• DevSecOps Automation and Maturity

9 - STAR Program

• Standard for Security and Privacy
• Open Certification Framework
• STAR Registry
• STAR Level 1
• STAR Level 2
• STAR Level 3