This is the second of five courses in the Google Cloud Cybersecurity Certificate. In this course, you’ll explore widely-used cloud risk management frameworks, exploring security domains, compliance lifecycles, and industry standards such as HIPAA, NIST CSF, and SOC. You'll develop skills in risk identification, implementation of security controls, compliance evaluation, and data protection management. Additionally, you'll gain hands-on experience with Google Cloud and multi-cloud tools specific to risk and compliance. This course also incorporates job application and interview preparation techniques, offering a comprehensive foundation to understand and effectively navigate the complex landscape of cloud risk management.
Overview
Syllabus
- Introduction to frameworks within security domains
- Introduction to Course 2
- Course 2 overview
- Preston: Continuous growth in cloud security
- Helpful resources and tips
- Lab technical tips
- Explore your course 2 scenario: Cymbal Bank
- Welcome to module 1
- Introduction to cloud security domains
- Explore compliance and security
- Learn more about security and compliance with Google whitepapers
- Phil: A day in the life of a Chief Information Security Officer
- Test your knowledge: Security domains and compliance
- Security controls and compliance
- Learn more about security controls
- Risk and compliance
- Test your knowledge: Risk, security controls, and compliance
- The three areas of compliance: People, process, and technology
- Use existing frameworks to demonstrate compliance
- Overview of the Google Cloud Security Command Center
- Test your knowledge: Compliance and risk management
- Cloud security controls
- Explore steps to implement security controls
- Control mapping for risk management
- Security control implementation
- Test your knowledge: Security control mapping and implementation
- Wrap-up
- Glossary terms from module 1
- Module 1 challenge
- Risk management and security frameworks, regulations, and standards
- Welcome to module 2
- MK: Risk management in a cloud-first world
- Introduction to risk management frameworks
- Risk management and security frameworks
- Compare and contrast risk management frameworks
- Google’s Secure AI Framework
- Test your knowledge: Risk management frameworks
- Data protection and privacy
- Learn more about data protection and privacy regulations
- Data protection and privacy scenarios
- Test your knowledge: Data protection and privacy regulations
- Industry-specific regulations and standards
- Security frameworks, regulations, laws, and standards
- Apply industry-specific requirements
- Test your knowledge: Differences between and applications of industry regulations
- Risk management industry standards
- What is Google Cloud Risk Manager?
- Test your knowledge: Industry standards
- Wrap-up
- Glossary terms from module 2
- Module 2 challenge
- The compliance lifecycle
- Welcome to module 3
- Bill: Use a security mindset
- Overview of compliance lifecycle
- Cloud security controls
- Control mapping
- Learn more about controls for workloads and services
- Activity: Review a compliance report
- Activity Quiz: Review a compliance report
- Activity Exemplar: Review a compliance report
- Test your knowledge: Control mapping
- Cloud security audits
- Audits and security assessments
- Prepare for an audit
- Test your knowledge: Assessments and auditing
- Cloud security control inheritance
- Cloud resource hierarchy and security controls
- Best practices for Google Cloud resource hierarchy
- Test your knowledge: Control inheritance and resource hierarchy
- Negative organizational impacts of non-compliance
- Policy as code and infrastructure as code
- Key considerations when writing policy as code
- Activity: Review and update a risk management policy
- Activity Quiz: Review and update a risk management policy
- Activity Exemplar: Review and update a risk management policy
- Test your knowledge: Compliance, policy as code, and infrastructure as code
- Wrap-up
- Glossary terms from module 3
- Module 3 challenge
- Cloud tools for risk management and compliance
- Welcome to module 4
- Vulnerability management frameworks
- Vulnerability management
- Test your knowledge: Risk and compliance frameworks
- Introduction to multicloud CSPMs
- Security Command Center
- Cloud security management (CSPM) resources
- Test your knowledge: CSPMs
- Security Command Center, Risk Manager, Policy Analyzer, Assured Workloads
- Cloud tools for risk management
- Guide to risk assessment and compliance management with Security Command Center
- Use reports to remediate findings
- Test your knowledge: Security Command Center
- Understand Google Cloud’s Risk Protection Program
- The value of shared fate in cloud risk protection programs
- Digital sovereignty and sovereign clouds
- Test your knowledge: Risk protection programs
- Organizational policies in the cloud
- Organization Policy Service
- Organizational policy constraints, inheritance and violation
- Test your knowledge: Organizational policies
- Wrap-up
- Patrick and Danielle: Interview role play
- Interview tip: provide examples
- Glossary terms from module 4
- Module 4 challenge
- Course wrap-up
- Course 2 resources and citations
- Glossary terms from course 2
- Your Next Steps
- Course Badge
Tags
Related Courses
-
Strategies for Cloud Security Risk Management
-
Cloud Security Risks: Identify and Protect Against Threats
-
Cybersecurity Compliance and Framework
-
Cybersecurity Compliance Framework & System Administration
3.0 -
Put It All Together: Prepare for a Cloud Security Analyst Job
-
Implementing NIST's Risk Management Framework (RMF)
