Active Outline

General Information

Course ID (CB01A and CB01B)
CIS D105.
Course Title (CB02)
Cloud Security Fundamentals
Course Credit Status
Credit - Degree Applicable
Effective Term
Fall 2023
Course Description
This course explores how to secure a cloud environment and provides the history of cloud computing and how cloud computing is being used today. Various cloud environments such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) and understanding both native and hybrid environments will also be explored. Topics including network security, host security, Identity and Access Management (IAM), cryptography and data protection, access controls, patch management, as well as credential and key management will be examined. Cloud security operations including logging, incident response in the cloud, as well as preventative and self-correcting security controls using labs exercises will be investigated. This hands-on course is designed to prepare students for modern-day infrastructure environments.
Faculty Requirements
Course Family
Not Applicable

Course Justification

This is a course in a CTE program that was developed based on state and national trends needing computer security professionals. This course belongs on the Enterprise Security Professional Certificates and A.A. degree. This course provides students with the foundation skills for computer security and supports professional employment in the Silicon Valley. This course addresses the issue of protecting computer systems in the Cloud.

Foothill Equivalency

Does the course have a Foothill equivalent?
No
Foothill Course ID

Course Philosophy

Formerly Statement

Course Development Options

Basic Skill Status (CB08)
Course is not a basic skills course.
Grade Options
  • Letter Grade
  • Pass/No Pass
Repeat Limit
0

Transferability & Gen. Ed. Options

Transferability
Not transferable

Units and Hours

Summary

Minimum Credit Units
4.5
Maximum Credit Units
4.5

Weekly Student Hours

TypeIn ClassOut of Class
Lecture Hours4.08.0
Laboratory Hours1.50.0

Course Student Hours

Course Duration (Weeks)
12.0
Hours per unit divisor
36.0
Course In-Class (Contact) Hours
Lecture
48.0
Laboratory
18.0
Total
66.0
Course Out-of-Class Hours
Lecture
96.0
Laboratory
0.0
NA
0.0
Total
96.0

Prerequisite(s)

Corequisite(s)

Advisory(ies)

ESL D261. and ESL D265., or ESL D461. and ESL D465., or eligibility for EWRT D001A or EWRT D01AH or ESL D005.

CIS D046.

Limitation(s) on Enrollment

Entrance Skill(s)

General Course Statement(s)

Methods of Instruction

Lecture and visual aids

Discussion of assigned reading

Discussion and problem solving performed in class

Quiz and examination review performed in class

Homework and extended projects

Collaborative projects

Collaborative learning and small group exercises

Laboratory discussion sessions and quizzes that evaluate the proceedings weekly laboratory exercises

Individual projects

Assignments

  1. Reading assignments
  2. Lab assignments

Methods of Evaluation

  1. Quizzes and/or midterm and a final exam to evaluate comprehension and mastery of key terms and concepts as well as application of skills related to analysis and synthesis of computer concepts.
  2. Participation in lab skills exercises that demonstrate ability to critically evaluate and implement security and minimize risk in a cloud environment.

Essential Student Materials/Essential College Facilities

Essential Student Materials: 
  • AWS Free Tier Account
Essential College Facilities:
  • Computer laboratory

Examples of Primary Texts and References

AuthorTitlePublisherDate/EditionISBN
AWS Online Documentation https://aws.amazon.com/documentation/
Azure Online Documentation https://docs.microsoft.com/en-us/azure/
AWS Cloud Security Resources https://aws.amazon.com/security/security-resources/
Samani, Raj; Reavis, Jim; Honan, Brian. "CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security." Syngress; 1 edition (October 8, 2014)

Examples of Supporting Texts and References

AuthorTitlePublisher
Netsec subreddit: https://www.reddit.com/r/netsec/
SANS Daily Stormcast: https://isc.sans.edu/podcast.html
Schneier on Security: https://www.schneier.com/
http://www.irongeek.com/

Learning Outcomes and Objectives

Course Objectives

  • Investigate cloud environments
  • Explore security fundamentals
  • Explore Identity and Access Management
  • Explore cloud security architectures
  • Investigate resiliency and availability in the cloud
  • Utilize data security and protection
  • Explore utilizing and securing SAAS technologies
  • Explore cloud incident response process

CSLOs

  • Identify the risks in utilizing cloud services.

  • Identify the steps required to secure a cloud environment.

Outline

  1. Investigate cloud environments
    1. History of cloud computing
    2. Types of cloud computing
      1. Infrastructure as a Service (IaaS)
      2. Platform as a service (PaaS)
      3. Software as a service (SaaS)
    3. Legacy security controls
    4. Benefits of cloud computing vs traditional infrastructure
    5. Limitations of cloud computing
    6. Mapping traditional infrastructure to cloud infrastructure
    7. Cloud computing in organizations
      1. Infrastructure as code
      2. DevOps
      3. Tooling
  2. Explore security fundamentals
    1. CIA triad
    2. Detective, Corrective, and Preventative Controls
    3. Policy, governance, risk, and compliance
    4. Network security
    5. Disaster recovery and availability
    6. Security operations
  3. Explore Identity and Access Management
    1. Key management
    2. Users, Groups, Roles
    3. Federation
    4. Access controls and permission
    5. Policies
  4. Explore cloud security architectures
    1. Detective controls
    2. Corrective controls
    3. Preventative controls
    4. Load balancing
    5. Logging
    6. 3rd party tools and integration
    7. DIY tool development
  5. Investigate resiliency and availability in the cloud
    1. Disaster recovery
    2. Infrastructure availability
    3. Application resilience and availability
    4. Monitoring
  6. Utilize data security and protection
    1. Cryptography
    2. Key and credential management
    3. HSMs
    4. PKI
    5. Cloud vs DIY
  7. Explore utilizing and securing SAAS technologies
    1. Access controls
    2. Authorization controls
    3. 3rd party data access and authorization
    4. Logging
    5. APIs
  8. Explore cloud incident response process
    1. Incident response policy
    2. Incident response planning
    3. Incident response procedures

Lab Topics

  1. Setup your cloud environment
  2. Create users, groups, roles, and policies
  3. Create networks, subnets, and instances
  4. Implement network security
  5. Implement logging and auditing
  6. Choose and setup a monitoring and alerting platform
  7. Setup load balancing and resiliency
  8. Conduct forensics in the cloud
  9. Implement corrective controls
  10. Create SAAS environment
  11. Setup SSO for your environment
  12. Utilize the API
  13. Create a simple script for automation
  14. Using tools to assess cloud environments
Back to Top