- Date
2023/2/1-3 (WED-FRI)
- Time
09:30 – 17:30
(Total 24 training hours)
- Location
2/F, The Whitney, 183 Wai Yip Street, Kwun Tong (Online class available)
- Language
Cantonese, Supplemented with English terminology
- Fee
HK$30,000
Course Information
Course Name: Security in Google Cloud
Certificate: A minimum of 70% attendance rate is required for awarding of a completion certificate
Remark: Please Bring your own laptop (BYOD) to classes.
What Will You Achieve
- Understand Google’s approach to security.
- Manage administration identities using Cloud Identity.
- Implement least privilege administration using Resource Manager and IAM.
- Implement Identity-Aware Proxy.
- Implement IP traffic controls using VPC firewalls and Google Cloud Armor.
- Remediate security vulnerabilities, especially public access to data and virtual machines.
- Scan for and redact sensitive data using the Cloud Data Loss Prevention API.
- Analyze changes to resource metadata configuration using audit logs.
- Scan a Google Cloud deployment with Forseti, to remediate important types of vulnerabilities, especially in public access to data and VMs.
Who Is This Course For?
- Cloud information security analysts, architects, and engineers
- Information security/cybersecurity specialists
- Cloud infrastructure architects
Requirement
- Prior completion of Google Cloud Fundamentals: Core Infrastructure or equivalent experience
- Prior completion of Networking in Google Cloud or equivalent experience
- Basic understanding of Kubernetes terminology (preferred but not required)
- Knowledge of foundational concepts in information security, through experience or through online training such as SANS’s SEC301: Introduction to Cyber Security
- Basic proficiency with command-line tools and Linux operating system
environments - Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
- Reading comprehension of code in Python or Javascript
Course Outline
- Google Cloud’s Approach to Security
- The Shared Security Responsibility Model
- Threats Mitigated by Google and Google Cloud
- Access Transparency
- Cloud Identity
- Google Cloud Directory Sync
- Google Authentication Versus SAML-based SSO
- Authentication Best Practices
- Resource Manager
- IAM Roles
- IAM Policies
- IAM Recommender
- IAM Troubleshooter
- IAM Audit Logs
- IAM Best Practices
- VPC Firewalls
- Load Balancing and SSL Policies
- Interconnect and Peering Policies
- Best Practices for VPC Networks
- VPC Flow Logs
- Service Accounts, IAM Roles and API Scopes
- Managing VM Logins
- Organization Policy Controls
- Compute Engine Best Practices
- Encrypting Disks with CSEK
- Cloud Storage IAM permissions and ACLs
- Auditing Cloud Data
- Signed URLs and Policy Documents
- Encrypting with CMEK and CSEK
- Cloud HSM
- BigQuery IAM Roles and Authorized Views
- Storage Best Practices
- Types of Application Security Vulnerabilities
- Web Security Scanner
- Threat: Identity and Oauth Phishing
- Identity-Aware Proxy
- Secret Manager
- Introduction to Kubernetes/GKE
- Authentication and Authorization
- Hardening Your Clusters
- Securing Your Workloads
- Monitoring and Logging
- How DDoS Attacks Work
- Google Cloud Mitigations
- Types of Complementary Partner Products
- Threat Ransomware
- Ransomware Mitigations
- Threats: Data Misuse, Privacy Violations, Sensitive Content
- Content-Related Mitigations
- Cloud Audit Logs
- Deploying and Using Forseti