This is the third of five courses in the Google Cloud Cybersecurity Certificate. In this course, you’ll explore the principles of identity management and access control within a cloud environment, covering key elements like AAA (Authentication, Authorization, and Auditing), credential handling, and certificate management. You'll also explore essential topics in threat and vulnerability management, cloud-native principles, and data protection measures. Upon completing this course, you will have acquired the skills and knowledge necessary to secure cloud-based resources and safeguard sensitive organizational information. Additionally, you'll continue to engage with career resources and hone your interview techniques, preparing you for the next step in your professional journey.
Overview
Syllabus
- Access control and identity management
- Introduction to Course 3
- Course 3 overview
- Manny: A day in the life of a red team security engineer
- Helpful resources and tips
- Lab technical tips
- Explore your course 3 scenario: Cymbal Bank
- Welcome to module 1
- Core principles of identity management
- Uses for identity management measures
- Authentication, authorization and auditing (AAA)
- Credential handling and service accounts
- Create a role in Google Cloud IAM
- Test your knowledge: Access management
- Access controls in the cloud
- Cloud access control in action
- Test your knowledge: Types of access controls
- Perimeter protection
- Trust boundaries
- Guide to firewall rules
- Access a firewall and create a rule
- Common attack vectors
- Test your knowledge: Perimeter protection
- Zero trust
- Zero trust policies and complementary controls
- Test your knowledge: Zero trust
- Wrap-up
- Glossary terms from module 1
- Module 1 challenge
- Threat and vulnerability management
- Welcome to module 2
- Introduction to threat management
- Threat and vulnerability management assessments
- Eyre: Secure cloud assets
- Test your knowledge: Importance of threat and vulnerability management
- Asset and resource management
- Steps for asset management
- On-the-job asset management applications
- Test your knowledge: Asset management
- Vulnerability remediation and posture management
- Vulnerability remediation and posture management in software development
- Posture management tools and techniques
- IT automation tools for posture management
- IT automation tools for security configuration management
- Guide to web application security scanning
- Identify vulnerabilities and remediation techniques
- Test your knowledge: Vulnerability remediation and posture management
- Patching and rehydration
- Compare and contrast: Patching and rehydration
- Rehydration keeps systems up-to-date
- Test your knowledge: Patching and rehydration for system maintenance
- Trends in vulnerability and threat management
- Trends in security: Artificial Intelligence (AI), machine learning (ML), and Internet of things (IoT)
- Reports and assessments for threat and vulnerability management
- Test your knowledge: Trends in threat management
- Wrap-up
- Glossary terms from module 2
- Module 2 challenge
- Cloud Native Principles of Ephemerality and Immutability
- Welcome to module 3
- Cloud-native design and architecture principles
- Cloud-native architecture for security
- TTL policies and expiration
- Introduction to ephemerality and immutability
- Test your knowledge: Ephemerality and immutability
- Automation in cloud security
- Infrastructure as code, policy as code, and DevSecOps
- Automation to improve cloud security efficiency
- AI and automation in security
- Infrastructure as code and cloud-native security
- Benefits of policy as code
- Terraform for IaC management
- Terraform and cloud security
- Guide to automating deployment with Terraform
- Change firewall rules using Terraform and Cloud Shell
- Test your knowledge: Automation in cloud infrastructure
- Containers vs. virtual machines
- A brief guide to containers
- Containers’ importance in the cloud
- Container benefits and considerations
- Test your knowledge: Containers explained
- Techniques to secure containers
- Container drift
- Security in containers
- Serverless functions and security
- Container orchestration
- Activity: Analyze the security of a container
- Activity Quiz: Analyze the security of a container
- Activity Exemplar: Analyze the security of a container
- Test your knowledge: Orchestrators and security of containers
- Wrap-up
- Glossary terms from module 3
- Module 3 challenge
- Data Protection and Privacy
- Welcome to module 4
- Introduction to the three states of data
- Data encryption
- Data encryption at rest, in transit, and in use
- Asymmetric versus symmetric encryption
- Test your knowledge: Cloud data protection and privacy techniques
- Data classification and tagging
- Protection of personally identifiable information (PII)
- Cryptographic keys for data protection
- Create symmetric and asymmetric keys
- Test your knowledge: Techniques for protection of personal data
- Data governance for security and data quality
- Data sovereignty and data governance
- Data sovereignty challenges and strategies
- Data discovery to support data governance
- Data retention policies
- Test your knowledge: Data sovereignty and data governance
- Plan for business continuity
- Create a business continuity plan
- Business continuity scenario
- Test your knowledge: Business continuity in cloud computing
- Wrap-up
- Lauren: What makes candidates stand out
- Patrick and Brenda: Interview role play
- Interview tip: Explain impact
- Glossary terms from module 4
- Module 4 challenge
- Course wrap-up
- Course 3 resources and citations
- Glossary terms from course 3
- Your Next Steps
- Course Badge
Tags
Related Courses
-
Cloud Security Risks: Identify and Protect Against Threats
-
Strategies for Cloud Security Risk Management
-
Detect, Respond, and Recover from Cloud Cybersecurity Attacks
-
Put It All Together: Prepare for a Cloud Security Analyst Job
-
MS-900 Microsoft 365 Fundamentals: Describe Microsoft 365 security and compliance capabilities
-
MS-102 Implement threat protection by using Microsoft Defender XDR
