- Home
- VMware Training
- AVC01 - Risk Management & Auditing | VMware vSphere & Private Clouds
AVC01 - Risk Management & Auditing | VMware vSphere & Private Clouds
This three day training examines what exactly those risks are for VMware's vSphere environment, evaluates recommended controls that can be deployed to mitigate against them and how to audit virtualized segments of information systems and private clouds.
- Course Outline
-
Course description
As organizations continue to deploy their virtualization programs or maybe even are preparing for Cloud Computing they do recognize inherent risk and compliance implications that are associated. This three day training examines what exactly those risks are for VMware's vSphere environment, evaluates recommended controls that can be deployed to mitigate against them and how to audit virtualized segments of information systems and private clouds. Throughout the course industry standards, available guidelines and emerging initiatives are covered (SAS 70, ENISA, ISO, ISACA, NIST, PCI DSS 2.0, vSphere Hardening Guidelines, Cloud Security Alliance and more)
(a) Approach: Integrated
This course translates Virtual Information Systems Assurance to specific activities within IT- Risk & Compliance, IT- Control & IT- Audit. More importantly it also examines how these domains interconnect! The course stimulates interactive, case- study driven discussions between various disciplines like they would in the real world. They will hear and understand how each role approaches 'Virtual & Cloud- specific' risks and controls: Information security would want to learn about specific risks and how to address them through mitigating controls; IT- architects would be interested in designs that make use of VMware's native controls; and the IT-auditors would be interested in how best to audit for the presence of these controls.
(b) Delivery: In- depth, hands on
This training takes in- depth virtualization expertise and delivers it in the Risk and Audit- language. The training takes a no-nonsense, case study driven and hands on approach; using mock virtualized information systems and their virtual assets. Students walk away from this training with practical skills that they obtained in an environment that is (or soon will be) very much similar to their own.
Intended Audiences & Objectives- IT Auditors will learn: How to create risk- directed audit projects for virtual environments and private clouds. How to correctly audit virtualized segments of VMware vSphere- based Information Systems and Private Cloud- specific controls.
- IT- Risk- , IT- Compliance-, IT- Security- & Information Security Governance- experts will learn: Inherent risk and compliance concerns that are associated with the virtualization of enterprise components and bringing parts of the business into the private cloud. How to assess critical compliance requirements against VMware vSphere- based virtual information systems and private clouds. How to identify specific vulnerabilities and threats. How to mitigate against them through detective, preventive and corrective mitigating controls.
- IT- Architects will learn: What auditors look for and how to design, develop and implement controls that auditors must investigate, see and prove. Typical best practice design configurations that address compliance & risk concerns and that will prevent expensive re-engineering. How to prove that the stated designs are actually are working and are assured.
Module 01: Virtualization de- mystified
01. Virtualization Overview
| Benefits | Reasons to virtualize | Balance between Risk & Business Opportunity
02. What is virtualized?
| Software appliances | Operating Systems | Infrastructure | Desktops | Servers | Storage | Network Devices
03. Virtual Infrastructure Models
| Software-, Infrastructure-, Platform- & Desktop - as-a-service -
04. Virtual Infrastructure Architectures
| Virtual Machines | -Hosts | -Clusters | -Networking | -Storage | -Private/Public/Hybrid Clouds
Examination Objectives Module 01: Understand essential, Risk- & Audit- relevant differences between virtual and traditional (physical) appliances, servers and networks. Know the various virtual infrastructure models & architectures and their basic Risk & Audit- specific considerations
Module 02: Information Systems Risks
01. A 7- Step Risk Management Framework for Virtual Environments
02. Migrating to and Operating Virtual Infrastructures: Identified & emerging Risks for:
| Virtual Machines | -Hosts | -Clusters | -Networking | -Storage | -Private Clouds
Examination Objectives Module 02: Understand the Risk Management Framework for virtual environments. Know specific risks and critical compliance requirements for virtual infrastructure architectures and understand the proper interaction between Risk Management, IT Control and IT- auditing
Module 03 & Module 04: Risk Assessment & Risk Mitigation
01. How to identify specific vulnerabilities | Best practice techniques | Practical tools
02. How to identify specific threats
| Top 10 Threats Facing Virtual Infrastructures | Best practice techniques | Practical tools
03. Detective, preventive and corrective controls to be deployed in virtual environments
04. Typical best practice design configurations
Examination Objectives Module 03 & Module 04: Know how to identify specific vulnerabilities & threats and how to assess virtual environments against critical compliance requirements. Know recommended detective, preventive and corrective controls to be deployed in virtual environments. Know how to design, develop and implement controls that auditors must see, investigate and prove. Know typical best practice design configurations.
Module 05: Auditing VMware vSphere 4.x, 5.x & Private Clouds
01. Governing the Virtual Infrastructure
02. Metrics within the virtual infrastructure
| Designing metrics | Developing metrics | Monitoring Metrics | 3rd Party Tools
03. Auditing VMware vSphere 4.x, 5.x & Private Clouds
Examination Objectives Module 05: Understand IT- Governance for Virtual Infrastructures. Know how to design, develop and monitor metrics and how to confirm their presence and effectiveness via detective, preventive and corrective controls. Know how to audit virtualized segments of information systems & private clouds and how to obtain evidence to prove that the stated designs (Module 03- Risk Mitigation) are actually working and are assured.
- Additional Details
-
Pre-Requisites
This course is aimed at senior Audit, Risk and Technology professionals. Attendees that lack specific VMware - skills must have a solid background in IT - Audit, IT - Security, IT - Risk or IT - Compliance. Technology professionals must have experience in / operate at the Architect level. This training is not aimed at system administrators and does not cover penetration testing.
Certificates offered
CPE Credit Continuing Professional Education refers to obligations that certified professionals have to maintain their credentials. This course builds on and adds value to existing standards and justifies CPE Credit claims. Consult the CPE Policy Statement that applies to the maintenance of your certification, e.g. (-) ISACA CPE Requirements for CISA, CISM, CRISC (-) IIA CPE Statement for Certified Internal Auditor (-) ISC2 Policy on Maintaining Credentials for CISSP (-) NOREA Guidelines for Permanent Education for RE, Register of qualified IT - Auditors
- Cancellation Policy
-
- Map & Reviews
-
CTE Solutions
[ View Provider's Profile ]
Reviews
Here are some reviews of the training vendor.This course has not yet been rated by one of our members.
If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.
This course currently does not have any dates scheduled. Please call 1-877-313-8881 to enquire about future dates.
This page has been viewed 29 times.