Cloud Security Analyst

Download as pdf or txt
Download as pdf or txt
You are on page 1of 126

Participant Handbook

Sector
IT-ITeS

Sub-Sector
Future Skills
Occupation
Cloud Computing

Reference ID: SSC/Q8309, Version 3.0


NSQF Level 5

Cloud Security
Analyst
Published by
IT – ITeS Sector Skill Council NASSCOM
Sector Skill Council Contact Details:
Address: Plot No. – 7, 8, 9 & 10 Sector – 126, Noida, Uttar Pradesh – 201303
Website: www.sscnasscom.com
Phone: 0120 4990111 – 0120 4990172

All Rights Reserved © 2024


First Edition, 2024
Copyright © 2024
IT – ITeS Sector Skill Council NASSCOM
Sector Skill Council Contact Details:
Address: Plot No. – 7, 8, 9 & 10 Sector – 126, Noida, Uttar Pradesh – 201303
Website: www.sscnasscom.com
Phone: 0120 4990111 – 0120 4990172

This book is sponsored by IT – ITeS Sector Skill Council NASSCOM


Under Creative Commons License: CC BY-SA

This license lets others remix, tweak, and build upon your work even for commercial purposes, as long as they
credit you and license their new creations under the identical terms. This license is often compared to
“copyleft” free and open-source software licenses. All new works based on yours will carry the same license, so
any derivatives will also allow commercial use. This is the license used by Wikipedia and is recommended for
materials that would benefit from incorporating content from Wikipedia and similarly licensed projects.
Disclaimer
The information contained herein has been obtained from sources reliable to IT – ITES Sector Skill Council
NASSCOM. NASSCOM disclaims all warranties to the accuracy, completeness or adequacy of such information.
NASSCOM shall have no liability for errors, omissions, or inadequacies, in the information contained herein, or
for interpretations thereof. Every effort has been made to trace the owners of the copyright material included in
the book. The publishers would be grateful for any omissions brought to their notice for acknowledgements in
future editions of the book. No entity in NASSCOM shall be responsible for any loss whatsoever, sustained by
any person who relies on this material. The material in this publication is copyrighted. No parts of this
publication may be reproduced, stored or distributed in any form or by any means either on paper or electronic
media, unless authorized by the NASSCOM.

ii
Skilling is building a be er India.
If we have to move India towards
development then Skill Development
should be our mission.

Shri Narendra Modi


Prime Minister of India

iii
IT-ITeS Sector Skills Council NASSCOM

Complying to National Occupational Standards of


Job Role/ Qualification Pack: ‘ Cloud Security Analyst’
QP No. ‘SSC/Q8309 NSQF Level 5’

Date of Issuance: March 15th, 2024


Valid up to: March 14th, 2029
Authorised Signatory
(IT-ITeS Sector Skills Council NASSCOM)

iv
Acknowledgements
This participant's handbook meant for Cloud Security Analyst is a sincere attempt to ensure the
availability of all the relevant information to the existing and prospective job holders in this job
role. We have compiled the content with inputs from the relevant Subject Matter Experts
(SMEs) and industry members to ensure it is the latest and authentic. We express our sincere
gratitude to all the SMEs and industry members who have made invaluable contributions to the
completion of this participant's handbook.

This handbook will help deliver skill-based training in the Cloud Security Analyst. We hope that it
will benefit all the stakeholders, such as participants, trainers, and evaluators. We have made all
efforts to ensure the publication meets the current quality standards for the successful delivery
of QP/NOS-based training programs. We welcome and appreciate any suggestions for future
improvements to this handbook.

v
Par cipant Handbook

About this book


This participant handbook has been designed to serve as a guide for participants who aim to
obtain the required knowledge and skills to undertake various activities in the role of a Cloud
Security Analyst. Its content has been aligned with the latest Qualification Pack (QP) prepared
for the job role. With a qualified trainer's guidance, the participants will be equipped with the
following for working efficiently in the job role:
Ÿ Knowledge and Understanding: The relevant operational knowledge and understanding
to perform the required tasks.
Ÿ Performance Criteria: The essential skills through hands-on training to perform the
required operations to the applicable quality standards.
Ÿ Professional Skills: The Ability to make appropriate operational decisions about the field
of work.
The handbook details the relevant activities to be carried out by a Cloud Security Analyst. After
studying this handbook, job holders will be adequately skilled in carrying out their duties
according to the applicable quality standards. The handbook is aligned with the following
National Occupational Standards (NOS) detailed in the latest and approved version of Cloud
Security Analyst QP:
Ÿ SSC/N8334: Detect, monitor and audit occurrences of information security threats and
risks
Ÿ SSC/N8335: Respond to security threats and restore affected capabilities
Ÿ SSC/N8337: Monitor and maintain compliance of regulatory standards across the
organization
Ÿ SSC/N9014: Maintain an inclusive, environmentally sustainable workplace
Ÿ DGT/VSQ/N0102: Employability Skills (60 Hours)

Symbols Used

Key Learning Exercise Notes Unit Activity


Outcomes Objec ves

vi
Cloud Security Analyst

Table of Contents

S.No Modules and Units Page No

1. IT-ITeS/BPM Industry – an Introduc on (Bridge Module) 1

Unit 1.1 - Understanding the IT-ITeS Sector 3

Unit 1.2 – Dynamics and Evolu on of the IT-ITeS Sector 13

Unit 1.3 – Roles & Responsibili es of a Cloud Security Analyst 20

2. Future Skills – an Introduc on (Bridge Module) 29

Unit 2.1 – Overview of the Future Skills Sub-Sector 31

3. Basics of Cloud Compu ng and Regulatory Standards (Bridge Module) 39

Unit 3.1 – Basics of Cloud Compu ng 41

Unit 3.2 – Regulatory Standards of Cloud Compu ng 50

4. Developmental Tools and Usage (Bridge Module) 57

Unit 4.1 – Cloud Development Tools and Usage 58

5. Cloud Compu ng: Incident Detec on (SSC/N8334) 63

Unit 5.1 – Incident Detec on in Cloud Compu ng 65

6. Cloud Compu ng: Incident Response (SSC/N8335) 73

Unit 6.1 – Incident Response in Cloud compu ng 75

7. Cloud Compu ng: Con nuous Monitoring (SSC/N8337) 81

Unit 7.1 - Con nuous Monitoring in Cloud Compu ng 83

8. Inclusive and Environmentally Sustainable Workplaces (SSC/N9014) 89

Unit 8.1 Sustainable Prac ces in the Workplace 91

Unit 8.2 Diversity and Equity Promo on Strategies in the Workplace 99

9. Employability Skills (60 Hours) – DGT/VSQ/N0102 111

It is recommended that all the trainings include the appropriate


Employability Skills Module.
Content for the same is available here:
h ps://www.skillindiadigital.gov.in/content/list

19. Annexure 113

Annexure 1- Unit-wise QR Code details 114

vii
Par cipant Handbook

viii
1. IT-ITeS/BPM/SPD
Industry an
Introduc on
Unit 1.1 – Understanding the IT-ITeS Sector
Unit 1.2 – Dynamics and Evolu on of the IT-ITeS Sector
Unit 1.3 – Roles & Responsibili es of Cloud Security
Analyst

Bridge Module
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Explain the relevance of the IT-ITeS sector
2. State the various sub- sectors in the IT-ITeS sector
3. Detail the nature of work performed across the sub- sectors
4. List organizations in the sector
5. Discuss the evolution of the sub sectors and the way forward
6. Explain the disruptions happening across the IT- ITeS sector

2
Cloud Security Analyst

UNIT 1.1: Understanding the IT-ITeS Sector

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Explain the relevance of the IT-ITeS sector
2. State the various sub- sectors in the IT-ITeS sector
3. Detail the nature of work performed across the sub- sectors

1.1.1 IT-ITeS Sector


The Informa on Technology (IT) and Informa on Technology Enabled Services (ITeS) sector have played
a pivotal role in propelling India's economic growth.
IT, which stands for Informa on Technology, encompasses ac vi es related to crea ng, managing,
storing, and exchanging informa on through technology. On the other hand, ITeS, or Informa on
Technology Enabled Services, focuses on leveraging technology to enhance the efficiency of
organiza onal processes.
Ÿ IT is the study of the design, management, development, implementa on, and support of computer-
based informa on systems, typically about computer hardware and applica on so ware.
Ÿ ITES is part of IT. ITES Self means IT with enabled services. ITES is the study of outsourced service
which has arisen due to involvement in various fields of IT such as banking and finance, BPO, call
centers, etc.
IT has evolved as a major contributor to India's GDP and plays a vital role in driving growth of the
economy in terms of employment, export promo on, and revenue genera on.

Fig. 1.1.1. IT Sector

In FY22, the IT sector contributed 7.4% of India's GDP, and by 2025, it is an cipated to make up 10% of
India's GDP.
According to Na onal Associa on of So ware and Service Companies (NASSCOM), the Indian IT
industry's revenue touched US$ 227 billion in FY22, a 15.5% YoY growth.

3
Par cipant Handbook

Difference between IT and ITeS in terms of their func ons, output, skills, and impact:

Aspect IT (Informa on Technology) ITeS (Informa on Technology


Enabled Services)

Defini on Develops so ware and manages Uses IT to enhance business


tech systems. processes and services.

Core Func ons Focuses on so ware, systems, Leverages IT for customer


and networks. support and non-core func ons.

Nature of Work Creates and maintains so ware Outsources business processes


and apps. for efficiency.

Output Tangibility Produces tangible tech Provides intangible services like


solu ons. improved processes.

Skill Requirements Technical skills in programming Mix of tech, domain,


and systems. communica on skills for
services.

Examples So ware development, tech Customer support outsourcing,


consul ng. BPO, data entry services.

Global Compe veness Enhances through tech Drives efficiency, cost reduc on,
innova on. and specialized services.

Rela onship Overlaps as IT o en enables ITeS.

Economic Impact Contributes to growth, tech Enhances efficiency, reduces


export, jobs. costs, provides employment.

Services offered by the ITES


ITeS offers various services such as medical transac on and coding, e-CRM (Customer Rela onship
Management), data mining and edi ng, electronic publishing, and more.

Fig. 1.1.2. ITeS sector

4
Cloud Security Analyst

Some other ITES services are listed below


Ÿ KPO (Knowledge Process Outsourcing)
Ÿ BPO (Business Process Outsourcing)
Ÿ LPO (Legal Process Outsourcing)
Ÿ GPO (Game Process Outsourcing)
Ÿ Call Centres
Ÿ Opera ons at Back Office
Ÿ Logis cs Management.

Famous Indian IT-ITES companies


Ÿ CMC Limited
Ÿ HCL Technologies Limited
Ÿ Infosys Technologies Limited
Ÿ TCS (Tata Consultancy Services Ltd)
Ÿ Tech Mahindra Limited
Fig. 1.1.3. IT-ITES Companies
Ÿ NIIT Technologies

Advantages of ITES
Ÿ Through Business Process Outsourcing (BPO), organiza ons can broaden their capabili es, fostering
increased versa lity. BPO is a significant component of ITES.
Ÿ The improved organiza onal versa lity in ITES is achieved by accelera ng company processes,
events, and assignments.
Ÿ Efficient and advantageous use of chain partners and outsourcing of company processes enhance the
pace of specific company du es and func ons, par cularly in Supply Chain Management (SCM).

Fig. 1.1.4. Applica on of IT Services

1.1.2 BPM Sector


The BPM sector in India has emerged as a key player in the global outsourcing landscape, providing a
range of services like customer support, finance, and HR outsourcing to businesses worldwide.
India's appeal lies in its skilled workforce, cost-effec veness, and robust technological infrastructure.
Major players include TCS, Infosys BPO, Wipro BPM, and Genpact, opera ng globally.

5
Par cipant Handbook

Fig. 1.1.5. BPM Sector

Ÿ Employment and Talent: Significant contributor to Indian employment, drawing on the country's
english-proficient and skilled workforce.
Ÿ Technological Landscape: Embracing technologies like RPA, AI, and machine learning to enhance
opera onal capabili es.
Indian government ini a ves support the growth of the IT-ITeS and BPM sectors through policies and
infrastructure development.

Difference between IT-ITeS Sector and BPM Sector:

Aspect IT-ITeS Sector BPM Sector

Focus Diverse IT services and Uses IT to enhance business


technology solu ons. processes and services.

Core Ac vi es So ware development, IT Outsourcing non-core business


infrastructure. processes.

Output Tangible IT solu ons, so ware. Intangible process op miza on


services.

Client Interac on Tech solu ons, system Collabora on for process


development. improvement.

Skill Requirements Technical, programming. Mix of technical and process-


oriented skills.

Examples IT services, so ware BPO, customer support


development. outsourcing.

Global Compe veness Tech innova on, global Business efficiency, cost
solu ons. reduc on globally.

Economic Impact Economic growth, tech Opera onal efficiency, job


innova on. crea on in processes.

6
Cloud Security Analyst

1.1.3 Mobile App versus Web Development


Mobile app development and web development are two dis nct but interconnected domains within the
broader field of so ware development.
Ÿ Mobile app development involves crea ng applica ons designed to run on mobile devices powered
by iOS or Android.

Fig. 1.1.6. Mobile App Development

Ÿ On the other hand, web development is the process of building websites and web applica ons that
operate within web browsers. Both of these domains undergo con nuous evolu on.

Fig. 1.1.7. Web App Development

7
Par cipant Handbook

Difference between Mobile App Development and Web Development:

Basis Mobile App Development Web Development

Defini on Mobile applica ons are so ware Web applica ons, on the other hand,
programs designed to operate on can be accessed through a web
smartphones and tablets. browser and are highly adaptable to
various devices.

Build process Companies o en hire developers to HTML5, CSS, and JavaScript can be
create na ve or hybrid mobile apps. combined to create web applica ons.

Func onality Compared to full-fledged website Web apps offer a broader range of
visitors, mobile app users o en func ons compared to mobile apps.
experience limited func onality, with
many of these applica ons focusing
on specific goals.

Pla orm These apps fall into the category of Web apps can provide extensive
dependency na ve applica ons, specifically func onali es, as seen with Adobe
cra ed to seamlessly integrate with Photoshop offering both a mobile app
a mobile device's opera ng system and a web version for users.
(OS).

Educa on A bachelor's degree in so ware Web apps can provide extensive


engineering, mobile compu ng, func onali es, as seen with Adobe
computer science, mobile Photoshop offering both a mobile
applica on development, or a app and a web version for users.
related programming field is
commonly required.

Connec vity and The key dis nc on is that mobile apps Online apps require an ac ve Internet
Updates may frequently func on even when connec on for proper func onality.
disconnected.

Salary The average annual income for a The na onal average compensa on
Mobile Applica on Developer in the for a Web Developer in the US is
US is $91,245. $66,593 per year.

Skills iOS developers may use the Swi Web developers have access to a
programming language, Objec ve-C, variety of languages and frameworks,
and the XCode IDE, while Android including HTML, JavaScript, Python,
developers can choose Java or Kotlin PHP, and Ruby. Popular frameworks
with the Eclipse IDE. For hybrid apps, include Laravel and Rails.
HTML, JavaScript, and CSS are
frequently employed languages.

1.1.4 Relevance of the IT-ITeS Sector


The IT-ITeS sector holds cr cal relevance for IT Professionals.

8
Cloud Security Analyst

Fig. 1.1.8. Applica on Developer - Web and Mobile

This significance is closely ed to the nature of work and the dynamic requirements within the
applica on development domain:
Ÿ Technology Advancements: The IT-ITeS sector is at the forefront of technological advancements. As
an Applica on Developer working in web and mobile applica ons, staying updated with the latest
technologies and trends is crucial for crea ng innova ve and compe ve solu ons.
Ÿ Infrastructure and Support: The sector provides the necessary infrastructure and support for
developing robust web and mobile applica ons. This includes access to frameworks, tools, and
pla orms that streamline the development process.
Ÿ Global Collabora on: With the IT-ITeS sector facilita ng global collabora on, Applica on Developers
can work seamlessly with diverse teams and clients worldwide. This interconnectedness enhances
the exposure to different markets and user preferences.
Ÿ Job Opportuni es and Skill Development: The sector offers abundant job opportuni es for
Applica on Developers, allowing them to con nually enhance their skills. Professionals can
specialize in various aspects of web and mobile development, ensuring a dynamic and evolving
career path.
Ÿ Innova on Ecosystem: Within the IT-ITeS sector, there's a thriving innova on ecosystem. Developers
have access to cu ng-edge technologies, collabora ve pla orms, and a community that encourages
experimenta on and the crea on of novel solu ons.
Ÿ Digital Transforma on Focus: As businesses undergo digital transforma on, the demand for skilled
Applica on Developers is on the rise. The IT-ITeS sector plays a pivotal role in driving this
transforma on, offering developers the opportunity to be at the forefront of organiza onal change.
Ÿ Quality Assurance and Con nuous Improvement: The sector emphasizes quality assurance
processes and methodologies. Applica on Developers benefit from industry standards, best
prac ces, and a culture of con nuous improvement, ensuring the delivery of high-quality web and
mobile applica ons.
Ÿ Adaptability to Market Needs: The dynamic nature of the IT-ITeS sector enables Applica on
Developers to adapt quickly to evolving market needs. Whether it's incorpora ng new features or
addressing security concerns, developers can respond effec vely to changes in the industry.
Ÿ Global Compe veness in Applica ons: Through the IT-ITeS sector, Applica on Developers
contribute to the global compe veness of businesses. They create applica ons that not only meet
user expecta ons but also align with interna onal standards, posi oning companies on a global
stage.

1.1.5 Sub-Sectors in the IT-ITeS Sector


The IT-ITeS sector holds cri cal relevance for professionals pursuing a career as an "Cloud Security
Analyst."

9
Par cipant Handbook

This significance is closely ed to the nature of work and the dynamic requirements within the
applica on development domain:

Sub-Sectors in the Descrip on Descrip on


ITITeS Sector

So ware Involves crea ng, maintaining, and


Development upda ng so ware applica ons.

Web Development Focuses on building and maintaining


websites, covering both front-end
and back-end development.

Mobile App Specialized sub-sector dedicated to


Development crea ng mobile applica ons.

IT Consul ng Provides expert advice on technology


solu ons, offering strategic guidance
for development projects.

System Integra on Encompasses integra ng different IT


Services systems and so ware applica ons.

Cloud Compu ng Provides scalable and flexible


Services compu ng resources for hos ng and
accessing applica ons.

10
Cloud Security Analyst

Digital Marke ng Involves strategies and tools for


Services promo ng web and mobile
applica ons.

Cybersecurity Focuses on protec ng digital assets,


Services i n c l u d i n g s e c u re d e v e l o p m e n t
prac ces for applica ons.

Data Analy cs and Extracts insights from applica on-


Business generated data for informed decision-
Intelligence making.

IT Infrastructure Involves the maintenance and


Management op miza on of IT infrastructure
suppor ng applica ons.

1.1.6 Nature of Work Performed Across the Sub-Sectors


The IT-ITeS sector holds cri cal relevance for professionals pursuing a career as an IT Professional.

Ÿ So ware Development: Crea ng, maintaining, and upda ng so ware applica ons, coding, tes ng,
and debugging.

Ÿ Web Development: Building and maintaining websites, involving frontend development for user
interfaces and backend development for server-side func onali es.

Ÿ Mobile App Development: Designing and developing applica ons for mobile devices, including iOS
and Android pla orms.

Ÿ IT Consul ng: Providing expert advice on technology solu ons, conduc ng assessments, and
offering strategic guidance for technology implementa ons.

11
Par cipant Handbook

Ÿ System Integra on Services: Integra ng different IT systems and so ware applica ons to ensure
seamless communica on and func onality.

Ÿ Cloud Compu ng Services: Offering scalable and flexible compu ng resources, including
infrastructure as a service (IaaS) and pla orm as a service (PaaS).

Ÿ Digital Marke ng Services: Developing strategies and using tools to promote web and mobile
applica ons, enhancing online visibility.

Ÿ Cybersecurity Services: Protec ng digital assets, securing applica ons through measures like
encryp on, authen ca on, and vulnerability assessments.

Ÿ Data Analy cs and Business Intelligence: Extrac ng, analyzing, and interpre ng data generated by
applica ons for informed decision-making and business insights.

Ÿ IT Infrastructure Management: Maintaining and op mizing IT infrastructure, ensuring the smooth


opera on of servers, networks, and other components suppor ng applica ons.

Fig. 1.1.9. Applica on Development for Web & Mobile

Scan this QR Code to watch the related videos or click on the given link

h ps://youtu.be/cOtKswmP2NY
About IT-ITeS Sector

12
Cloud Security Analyst

UNIT 1.2: Dynamics and Evolu on of the IT-ITeS Sector

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. List organiza ons in the sector
2. Discuss the evolu on of the sub-sectors and the way forward
3. Explain the disrup ons happening across the IT-ITeS sector

1.2.1 Organiza ons in the IT-ITeS Sector


In the dynamic realm of Informa on Technology and IT-enabled Services (IT-ITeS), a myriad of
organiza ons spearheads innova ons, drive technological advancements, and offer comprehensive
solu ons.

Fig. 1.2.1. IT-ITeS Sector

Here are some well-known organiza ons in the IT-ITeS sector:

Organiza on Type of Work in IT-ITeS Sector

Tata Consultancy Services (TCS) So ware development, IT consul ng, business solu ons.

Infosys Limited IT services, consul ng, business process outsourcing (BPO).

Wipro Limited IT services, consul ng, technology solu ons.

HCL Technologies IT services, so ware development, infrastructure


management.

Cognizant Technology Solu ons IT consul ng, technology services, business process
outsourcing.

Tech Mahindra IT services, telecommunica ons, business process


outsourcing.

13
Par cipant Handbook

Accenture IT consul ng, technology services, outsourcing.

Capgemini IT services, consul ng, technology solu ons.

IBM (Interna onal Business IT services, so ware, hardware, cogni ve solu ons.
Machines)

Oracle Corpora on Database management, cloud services, enterprise


so ware.

Microso Corpora on So ware development, cloud services, hardware.

Amazon Web Services (AWS) Cloud compu ng services, infrastructure as a service


(IaaS).

Google LLC Internet services, cloud compu ng, so ware development.

Intel Corpora on Semiconductor manufacturing, hardware, technology


solu ons.

Cisco Systems, Inc. Networking hardware, so ware, telecommunica ons.

1.2.2 Evolu on of Sub-Sectors and Related Innova ons


As the IT-ITeS sector evolves, a proac ve approach towards adop ng emerging technologies, ensuring
cybersecurity, and enhancing user experiences will be cri cal for sustained growth and relevance in the
digital era. The sector is poised to play a pivotal role in shaping the technological landscape, driving
innova on across industries and contribu ng to the global digital transforma on journey.

Fig. 1.2.2. IT-ITeS Sub-Sectors

14
Cloud Security Analyst

Sub-Sector Evolu on Innova on

So ware From tradi onal methodologies to Embracing micro-services,


Development agile and DevOps prac ces. containeriza on, and con nuous
integra on for efficient and scalable
applica ons.

Web Development Transi on from sta c websites to Integra on of progressive web app
dynamic, responsive web (PWA) technologies, emphasizing user
applica ons. experience and cross-pla orm
compa bility.

Mobile App Advancements from na ve app Embracing Flu er, React Na ve, and
Development development to cross-pla orm Swi UI for efficient and unified mobile
frameworks. app development.

IT Consul ng Shi from tradi onal consul ng to Integra on of emerging technologies


strategic digital transforma on like AI, blockchain, and IoT into
consul ng. consul ng services.

System Integra on Evolving from manual integra on to Adop on of API-first approaches and
Services automated and cloud-based hybrid cloud solu ons for seamless
integra ons. system integra on.

Cloud Compu ng Transi on from on-premise Advancements in serverless


Services infrastructure to scalable cloud compu ng, edge compu ng, and AI
solu ons. driven cloud services.

Digital Marke ng From tradi onal marke ng to data- U liza on of AI, machine learning,
Services driven, targeted digital marke ng and analy cs for personalized
strategies. marke ng campaigns.

Cybersecurity Responding to evolving cyber threats Integra on of AI and machine


Services with advanced threat detec on and learning for proac ve threat
preven on. intelligence and automated security
responses.

Data Analy cs and Intelligence from basic repor ng to Leveraging big data technologies,
Business advanced analy cs and real- me Aidriven analy cs, and predic ve
insights. modeling for ac onable intelligence.

The Way Forward:

Key Focus Areas Future Outlook

Integra on of Emerging Con nued integra on of AI, machine learning, blockchain,


Technologies and IoT to enhance the capabili es of IT-ITeS solu ons.

Focus on Cybersecurity Heightened emphasis on cybersecurity measures to address


evolving threats and safeguard digital assets.

15
Par cipant Handbook

Enhanced User Experience Con nuous efforts to improve user experience through
innova ve UI/UX design, accessibility, and personalized
interac ons.

Remote Work Enablement Further development of technologies suppor ng remote


work, emphasizing collabora on tools, security, and
virtualiza on.

Green IT Ini a ves Growing commitment to sustainability with eco-friendly


prac ces, energy-efficient technologies, and green data
center ini a ves.

Data Privacy and Compliance Heightened focus on data privacy, compliance with
regula ons (such as GDPR), and ethical handling of user
data.

Edge Compu ng Expansion Increased adop on of edge compu ng for faster processing
and reduced latency, especially in applica ons like IoT and
real- me analy cs.

Con nuous Innova on in Cloud Ongoing evolu on of cloud services, including


Services advancements in serverless compu ng, edge compu ng,
and mul -cloud strategies.

1.2.3 Disrup ons in the IT-ITeS Sector


Naviga ng these disrup ons requires adaptability, con nuous learning, and strategic planning. The
ITITeS sector's future hinges on effec vely leveraging these changes to drive innova on, deliver value,
and contribute to the evolving digital landscape.

Fig. 1.2.3. AI in Automa on

Emergence of AI and Automa on:


Ÿ Disrup on: Increasing adop on of Ar ficial Intelligence (AI) and automa on technologies
transforming tradi onal processes.
Ÿ Impact: Redefining job roles, enhancing efficiency, and enabling intelligent decision-making.

16
Cloud Security Analyst

Shi to Cloud Compu ng:


Ÿ Disrup on: Widespread adop on of cloud compu ng, replacing tradi onal on-premise
infrastructure.
Ÿ Impact: Increased scalability, flexibility, and cost-effec veness, transforming how IT services are
delivered.

Remote Work Revolu on:


Ÿ Disrup on: Accelerated shi towards remote work driven by technological advancements and global
events.
Ÿ Impact: Redefining workplace dynamics, emphasizing digital collabora on tools, and reshaping
talent acquisi on strategies.

Cybersecurity Challenges:
Ÿ Disrup on: Escala on of cyber threats and a acks, demanding advanced cybersecurity measures.
Ÿ Impact: Increased focus on robust security prac ces, threat intelligence, and the development of
resilient cybersecurity frameworks.

Evolu on of DevOps and Con nuous Integra on:


Ÿ Disrup on: Integra on of DevOps prac ces and con nuous integra on, changing so ware
development lifecycles.
Ÿ Impact: Accelerated development cycles, improved collabora on, and enhanced so ware quality.

Blockchain Integra on:


Ÿ Disrup on: Growing adop on of blockchain technology for secure and transparent transac ons.
Ÿ Impact: Transforming industries like finance, supply chain, and healthcare with decentralized and
tamper-resistant systems.

Fig. 1.2.4. Blockchain Integra on

Data Privacy and Compliance:


Ÿ Disrup on: Heightened focus on data privacy regula ons (e.g., GDPR) and compliance requirements.
Ÿ Impact: Increased emphasis on ethical data handling, transparency, and the need for robust
compliance frameworks.

Rise of Low-Code and No-Code Pla orms:


Ÿ Disrup on: Emergence of low-code and no-code development pla orms empowering non-
developers to create applica ons.

17
Par cipant Handbook

Ÿ Impact: Accelera ng applica on development, reducing dependence on coding exper se, and
democra zing so ware crea on.

Growth of Edge Compu ng:


Ÿ Disrup on: Expansion of edge compu ng for decentralized processing and reduced latency.
Ÿ Impact: Improved real- me data processing, par cularly beneficial for IoT applica ons.

Digital Transforma on Impera ve:


Ÿ Disrup on: Increasing need for organiza ons to undergo digital transforma on to stay compe ve.
Ÿ Impact: Accelerated adop on of advanced technologies, redefined business models, and emphasis
on customer-centric strategies.

Focus on Sustainability:
Ÿ Disrup on: Growing awareness and commitment to sustainable and eco-friendly IT prac ces.
Ÿ Impact: Green IT ini a ves, energy-efficient data centers, and sustainable technology solu ons.

Evolving Business Models:


Ÿ Disrup on: Shi ing from tradi onal outsourcing models to outcome-based, collabora ve
partnerships.
Ÿ Impact: Enhanced value delivery, increased client engagement, and a focus on co-innova on.

1.2.4 Dynamics and Evolu on in Web and Mobile App


Development
These dynamics and evolu onary trends reflect the con nuous adapta on and innova on within the
IT-ITeS sector, shaping the landscape of web and mobile app development. Staying abreast of these
changes is essen al for professionals to deliver cu ng-edge solu ons in this dynamic industry.

Fig. 1.2.5. Web and Mobile App Development

Aspect Dynamics Evolu on

Agile Rapid adop on of agile Shi from sequen al development to


Development methodologies. itera ve, flexible processes for
quicker and adap ve project delivery.

18
Cloud Security Analyst

User-Centric Design Increasing emphasis on user Transi on from feature-driven to


experience (UX) design. user-centered design, priori zing user
needs and feedback.

Cross-Pla orm Growing demand for apps across Rise of cross-pla orm frameworks
Development various pla orms. (e.g., React Na ve, Flu er) for unified
development across mul ple devices.

Progressive Web Surge in popularity of Progressive Integra on of PWA features, like


Apps (PWAs) Web Apps. offline func onality and push
no fica ons, into web-based
applica ons.

Micro-services Adop on of micro-services for Transi on from monolithic to micro-


Architecture modular applica on development. services architecture, enabling
scalability and easier maintenance.

DevOps Integra on Increased integra on of DevOps Con nuous integra on and delivery
prac ces. (CI/CD) pipelines for automated
tes ng, deployment, and
collabora on.

Low-Code and No- Rise in the use of low-code and no- Empowering non-developers for
Code Development code pla orms. applica on crea on, accelera ng
development cycles.

AI Integra on Incorpora on of AI for intelligent Use of AI for personaliza on,


features. predic ve analy cs, and enhanced
user interac ons.

Security-First Growing concerns about Implementa on of robust security


Approach cybersecurity. measures, including encryp on and
secure coding prac ces.

Cloud-Na ve Shi towards cloud-na ve Designing applica ons op mized for


Development architecture. cloud environments, promo ng
scalability and flexibility.

Con nuous Ongoing need for skill development. Emphasis on con nuous learning to
Learning keep up with emerging technologies
and industry trends.

Sustainability in Increasing focus on ecofriendly Integra on of sustainable coding and


Development prac ces. development prac ces to minimize
environmental impact.

19
Par cipant Handbook

UNIT 1.3: Roles & Responsibili es of a Cloud Security Analyst

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Explain the roles and responsibili es of a “roles & responsibili es of a cloud security analyst”.
2. Describe the personal a ributes of a Cloud Security Analyst.
3. Iden fy the career opportuni es available for a Cloud Security Analyst.

1.3.1 Roles & Responsibili es of a Cloud Security Analyst


'A Cloud Security Analyst is responsible for ensuring the security of cloud-based systems, services, and
data within an organiza on. Their primary focus is to iden fy poten al security risks, implement security
measures, and respond to security incidents in cloud environments. Here are some of the key roles and
responsibili es of a Cloud Security Analyst:

Fig. 1.3.1. Cloud Security Analyst

Risk Assessment: Assessing the security risks associated with cloud services, including infrastructure,
pla orms, and applica ons. This involves iden fying vulnerabili es and poten al threats to cloud-based
systems.
Security Policy Development: Developing and implemen ng security policies, procedures, and best
prac ces specific to cloud environments. This includes defining access controls, encryp on standards,
and data protec on protocols.
Security Architecture Design: Designing and implemen ng secure cloud architectures that meet the
organiza on's requirements for scalability, performance, and compliance. This involves selec ng
appropriate cloud security services and technologies.
Security Monitoring and Incident Response: Monitoring cloud environments for security incidents,
anomalies, and unauthorized ac vi es. Responding to security incidents in a mely manner, conduc ng
forensic analysis, and implemen ng correc ve ac ons to mi gate risks.
Compliance Management: Ensuring compliance with relevant industry regula ons and standards (e.g.,
GDPR, HIPAA, PCI DSS) in cloud environments. This includes conduc ng audits, risk assessments, and
security assessments to maintain compliance.
Security Awareness and Training: Providing security awareness training to employees and stakeholders
on cloud security best prac ces, policies, and procedures. This helps promote a security-conscious
culture within the organiza on.

20
Cloud Security Analyst

Security Automa on and Orchestra on: Implemen ng security automa on and orchestra on tools to
streamline security processes, improve efficiency, and reduce manual interven on in cloud security
opera ons.
Threat Intelligence Analysis: Monitoring and analyzing emerging threats, vulnerabili es, and security
trends in cloud compu ng. This involves staying updated on the latest security threats and proac vely
implemen ng countermeasures to protect cloud-based assets.
Vendor Risk Management: Assessing the security posture of cloud service providers and third-party
vendors to ensure they meet the organiza on's security requirements and standards. This includes
conduc ng due diligence assessments and monitoring vendor compliance.
Incident Repor ng and Documenta on: Documen ng security incidents, inves ga ons, and
remedia on efforts in accordance with organiza onal policies and regulatory requirements. This helps
maintain a record of security incidents and lessons learned for future reference.

1.3.2 Do’s and Don’ts for a Cloud Security Analyst


‘Cloud Security Analyst' needs to adhere the below:

Fig. 1.3.2. Do’s and Don’ts for Cloud Security Analyst

Do’s
Stay Updated: Keep abreast of the latest trends, technologies, and threats in cloud security through
con nuous learning, industry conferences, and professional cer fica ons.
Implement Mul -Factor Authen ca on (MFA): Enforce MFA for accessing cloud services and accounts
to add an extra layer of security and mi gate the risk of unauthorized access.
Encrypt Data: Encrypt sensi ve data both at rest and in transit using robust encryp on algorithms to
prevent unauthorized access and protect data confiden ality.
Regularly Audit and Monitor: Conduct regular audits and monitoring of cloud environments to detect
security vulnerabili es, suspicious ac vi es, and unauthorized access a empts.
Follow the Principle of Least Privilege: Grant the minimum level of access necessary for users and
services to perform their tasks effec vely, reducing the risk of privilege escala on and unauthorized
access.
Implement Security Automa on: U lize security automa on tools and scripts to streamline security
opera ons, enforce security policies, and respond to security incidents promptly.
Backup Data Regularly: Implement regular data backups and disaster recovery plans to ensure business
con nuity in the event of data breaches, ransomware a acks, or system failures.

21
Par cipant Handbook

Conduct Security Awareness Training: Educate employees and stakeholders about cloud security best
prac ces, data handling policies, and procedures to foster a security-conscious culture within the
organiza on.
Establish Incident Response Procedures: Develop and document incident response procedures to
facilitate prompt detec on, inves ga on, and remedia on of security incidents in cloud environments.
Stay Compliant: Ensure compliance with relevant industry regula ons, standards, and compliance
frameworks (e.g., GDPR, HIPAA, SOC 2) applicable to cloud-based systems and services.

Don'ts:
Don't Neglect Security Updates: Avoid neglec ng security patches and updates for cloud services,
opera ng systems, and applica ons, as unpatched vulnerabili es can be exploited by a ackers.
Don't Store Creden als in Plain Text: Avoid storing sensi ve creden als, such as passwords and API keys,
in plain text or hardcoding them into scripts and configura ons. U lize secure creden al management
solu ons.
Don't Rely Solely on Default Security Se ngs: Avoid relying solely on default security se ngs provided
by cloud service providers. Customize security configura ons based on the organiza on's security
requirements and best prac ces.
Don't Ignore Security Alerts: Avoid ignoring security alerts, warnings, and anomalies detected in cloud
environments. Inves gate and respond to security incidents promptly to prevent poten al data
breaches or system compromises.
Don't Overlook Insider Threats: Avoid overlooking insider threats posed by employees, contractors, or
third-party vendors with privileged access to cloud resources. Implement access controls and
monitoring mechanisms to detect and mi gate insider threats.
Don't Share Access Creden als: Avoid sharing access creden als, keys, or tokens with unauthorized
individuals or third-party services. Implement secure authen ca on mechanisms and access controls to
protect sensi ve creden als.
Don't Store Sensi ve Data Without Encryp on: Avoid storing sensi ve data, such as personally
iden fiable informa on (PII) or financial data, without encryp on in cloud storage or databases.
Implement encryp on-at-rest and encryp on-in-transit to protect sensi ve data from unauthorized
access.
Don't Neglect Cloud Security Configura ons: Avoid neglec ng security configura ons for cloud
services, network se ngs, and firewall rules. Regularly review and update security configura ons to
align with industry best prac ces and security requirements.
Don't Assume Cloud Providers Ensure Full Security: Avoid assuming that cloud service providers ensure
full security of cloud environments. Shared responsibility models dictate that both the organiza on and
the cloud provider are responsible for different aspects of security.
Don't Panic During Security Incidents: Avoid panicking during security incidents or breaches. Follow
established incident response procedures, coordinate with relevant stakeholders, and priori ze
containment and remedia on efforts to minimize the impact of security incidents.

1.3.3 Personal A ributes of a Cloud Security Analyst


Being a Cloud Security Analyst requires a combina on of technical exper se, analy cal skills, and
personal a ributes to effec vely mi gate risks and safeguard cloud environments. Here are some
essen al personal a ributes for a Cloud Security Analyst:

22
Cloud Security Analyst

Fig. 1.3.3. Personal A ributes required for the occupa on

A en on to Detail: Cloud security involves dealing with intricate systems and configura ons. A en on
to detail is crucial for iden fying vulnerabili es, anomalies, and poten al security risks within cloud
environments.
Cri cal Thinking: Cloud Security Analysts must be able to analyze complex systems and security
incidents cri cally. They should iden fy poten al threats, assess the severity of security risks, and
develop effec ve mi ga on strategies.
Problem-Solving Skills: The ability to solve problems efficiently is essen al for addressing security
challenges in cloud environments. Cloud Security Analysts must be adept at troubleshoo ng security
issues, iden fying root causes, and implemen ng appropriate solu ons.
Adaptability: Cloud technologies and security threats evolve rapidly. Cloud Security Analysts must be
adaptable and willing to learn new tools, techniques, and best prac ces to stay abreast of emerging
trends and technologies in cloud security.
Communica on Skills: Effec ve communica on is paramount for Cloud Security Analysts to convey
complex security concepts, risks, and mi ga on strategies to technical and non-technical stakeholders.
They must communicate clearly and concisely to facilitate understanding and collabora on.
Teamwork and Collabora on: Cloud Security Analysts o en work with cross-func onal teams, including
IT administrators, developers, and business stakeholders. They must collaborate effec vely with team
members, share knowledge, and work towards common security goals.
Ethical Integrity: Cloud Security Analysts handle sensi ve informa on and have access to cri cal systems
and data. Ethical integrity is essen al for maintaining confiden ality, integrity, and trustworthiness in
handling sensi ve informa on and performing security du es.
Curiosity and Con nuous Learning: The field of cloud security is dynamic and constantly evolving. Cloud
Security Analysts must possess a curious mindset and a commitment to con nuous learning. They
should explore new technologies, security trends, and best prac ces to enhance their skills and
knowledge.
Resilience and Resourcefulness: Cloud Security Analysts may encounter complex security challenges
and incidents. They must demonstrate resilience and resourcefulness in responding to security
incidents, adap ng to changing circumstances, and finding innova ve solu ons to security problems.
Risk Management Skills: Understanding risk management principles is essen al for Cloud Security
Analysts to assess, priori ze, and mi gate security risks effec vely. They should be able to balance
security requirements with business objec ves and regulatory compliance.

23
Par cipant Handbook

1.3.4 Career Opportuni es of a Cloud Security Analyst


‘Cloud Security Analyst' may have these op ons for pursuing their career:

Fig. 1.3.4. Career opportunity

A career as a Cloud Security Analyst offers numerous opportuni es for growth and advancement in the
field of cybersecurity, par cularly in cloud compu ng. Here are some poten al career opportuni es for
Cloud Security Analysts:
Senior Cloud Security Analyst: Experienced Cloud Security Analysts can advance to senior roles where
they lead and oversee cloud security ini a ves within organiza ons. Senior Cloud Security Analysts
typically have broader responsibili es, including strategic planning, policy development, and mentoring
junior staff.
Cloud Security Engineer: Cloud Security Analysts with strong technical skills may transi on into roles as
Cloud Security Engineers. In this role, professionals design, implement, and maintain security solu ons
specifically tailored for cloud environments. Cloud Security Engineers focus on building robust security
architectures, automa ng security processes, and ensuring compliance with industry standards.
Cloud Security Architect: Cloud Security Architects design and develop secure cloud architectures and
solu ons to meet the unique security requirements of organiza ons. They collaborate with stakeholders
to define security policies, select appropriate cloud services, and implement security controls across
cloud environments. Cloud Security Architects play a pivotal role in designing scalable and resilient cloud
infrastructures while mi ga ng security risks.
Cloud Security Consultant: Cloud Security Analysts with exper se in cloud security best prac ces and
regulatory compliance may pursue careers as Cloud Security Consultants. Consultants provide advisory
services to organiza ons, assess their cloud security posture, and recommend remedia on measures to
address security gaps. Cloud Security Consultants o en work with clients across various industries and
assist in the implementa on of security solu ons tailored to their specific needs.
Security Opera ons Center (SOC) Analyst: Some Cloud Security Analysts transi on into roles as SOC
Analysts, where they monitor and analyze security events and incidents across cloud and on-premises
environments. SOC Analysts inves gate security alerts, perform threat hun ng ac vi es, and respond to
security incidents in real- me to mi gate poten al risks. SOC Analysts play a cri cal role in maintaining
the security posture of organiza ons and protec ng against cyber threats.

24
Cloud Security Analyst

Cloud Security Manager/Director: Experienced Cloud Security professionals may advance into
managerial or leadership posi ons as Cloud Security Managers or Directors. In these roles, they are
responsible for overseeing the overall security strategy, governance, and compliance of cloud
environments. Cloud Security Managers/Directors collaborate with execu ve leadership to align
security ini a ves with business objec ves and ensure the effec ve implementa on of security policies
and procedures.
Cybersecurity Risk Analyst: Cloud Security Analysts with exper se in risk management may pursue roles
as Cybersecurity Risk Analysts. These professionals assess the impact and likelihood of security risks
associated with cloud deployments, conduct risk assessments, and develop risk mi ga on strategies.
Cybersecurity Risk Analysts help organiza ons make informed decisions regarding risk tolerance and
investment in security controls to protect their cloud assets.
Cloud Security Trainer/Evangelist: Experienced Cloud Security professionals may transi on into roles as
trainers or evangelists, where they educate others about cloud security best prac ces, emerging threats,
and technologies. They may work for training organiza ons, industry associa ons, or vendors, delivering
workshops, webinars, and presenta ons to raise awareness and enhance the skills of cybersecurity
professionals and IT stakeholders.

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

25
Par cipant Handbook

Exercise
Answer the following ques ons:
Short Ques ons:
1. Why is the relevance of the IT-ITeS sector crucial in the contemporary business landscape?
2. Can you iden fy two sub-sectors within the broader IT-ITeS industry?
3. Briefly describe the nature of work performed across different sub-sectors in the IT-ITeS domain.
4. Name one organiza on opera ng in the IT-ITeS sector that has gained prominence.
5. How does the evolu on of sub-sectors contribute to the sector's adaptability and growth?
Fill-in-the-Blanks:
1. The IT-ITeS sector plays a vital role in ____________, powering various industries with
technological solu ons.
a) Isola on
b) Digital Transforma on
2. _________ and _________ are two prominent sub-sectors within the expansive IT-ITeS industry.
a) Healthcare, Agriculture
b) So ware Development, Business Process Management
3. The nature of work in IT-ITeS sub-sectors ranges from so ware development to __________.
a) Fashion Design
b) Data Analy cs
4. _________ and _________ are organiza ons that have made significant contribu ons to the ITITeS
sector.
a) ABC Corpora on, XYZ Innova ons
b) Tech Solu ons Ltd, Global Services Inc.
5. The evolu on of IT-ITeS sub-sectors involves adap ng to emerging technologies and __________.
a) Stagna on
b) Industry Trends
True/False Ques ons:
1. The IT-ITeS sector is isolated from the advancements in other industries.
2. So ware Development and Business Process Management are not sub-sectors within the IT-ITeS
industry.
3. The nature of work in IT-ITeS sub-sectors is limited to so ware development only.
4. Organiza ons like Tech Solu ons Ltd and Global Services Inc. are not associated with the IT-ITeS
sector.
5. The evolu on of sub-sectors in the IT-ITeS industry is not influenced by industry trends and
technological advancements.

26
Cloud Security Analyst

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

27
Par cipant Handbook

28
2. Future Skills – an
Introduc on
Unit 2.1 – Overview of the Future Skills Sub-Sector

Bridge Module
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Provide an overview of the Future Skills sub-sector
2. Explain the various occupations under this sub- sector
3. List key trends across the occupations in this sub- sector
4. List various roles in the Future Skills sub-sector

30
Cloud Security Analyst

UNIT 2.1: Overview of the Future Skills Sub-Sector

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Describe the Future Skills sub-sector.
2. Explain diverse occupa ons within the sub-sector.
3. Iden fy and categorize trends across sub-sector occupa ons.
4. Enlist roles in the Future Skills sub-sector.

2.1.1 Future Skills Sub-Sector


Future skills encompass the array of competencies, capabili es, and knowledge projected to be highly
sought-a er in the forthcoming job market. These skills are an cipated to assist individuals in naviga ng
the swi ly changing technological, economic, and social landscape of the future.

Fig. 2.1.1. Future Skills

NASSCOM (Na onal Associa on of So ware and Service Companies) is an industry associa on in India
with a focus on the IT-BPM (Informa on Technology-Business Process Management) sector.

Opera ng under NASSCOM, a Skills of the Future Workgroup


was established, featuring industry representa ves, to
comprehend the repercussions of technological disrup ons.
Led by BCG (Boston Consul ng Group), a study was
conducted to delineate future skilling and reskilling
ini a ves capable of addressing the digital disrup on wave.
The research iden fied technologies poised for substan al
growth, associated job roles, and the requisite skills for those
technologies.
Future Skills is dedicated to 155+ skills across 70+ job roles
spanning 10 emerging technologies, including Ar ficial
Intelligence, Blockchain, Big Data Analy cs, Cloud
Compu ng, Cyber Security, Internet of Things, Mobile Tech,
Robo c Process Automa on, Virtual Reality, and 3D Prin ng. Fig. 2.1.2. NASSCOM

Future Skills Prime, India's Technology Skilling Hub, is a collabora ve effort by NASSCOM and MeitY,
aiming to transform India into a Digital Talent Na on.
FutureSkills Prime serves as an innova ve and progressive ecosystem, equipping learners with
cu ngedge skills crucial in today's rapidly evolving digital landscape.

31
Par cipant Handbook

With NASSCOM as the driving force, the IT-ITeS industry has risen to the occasion through the Future
Skills Ini a ve – an industry-driven learning ecosystem.

Fig. 2.1.3. Future Skills Prime

2.1.2 Diverse Occupa ons within Future Skills Sub-Sector


The diverse occupa ons within the Future Skills sub-sector encompass a wide range of roles that are
essen al for addressing the evolving demands of the digital landscape. These occupa ons reflect the
need for a mul dimensional skill set that goes beyond tradi onal job roles.
Some examples of diverse occupa ons within the Future Skills sub-sector may include:
Ÿ Data Analysts: Responsible for analyzing and interpre ng complex data sets to derive meaningful
insights, suppor ng informed decision-making.
Ÿ Cybersecurity Specialists: Focus on safeguarding digital systems, networks, and data from cyber
threats, ensuring the security and integrity of informa on.
Ÿ User Experience (UX) Designers: Design and enhance the overall user experience of digital products,
ensuring they are intui ve, user-friendly, and align with user expecta ons.
Ÿ Ar ficial Intelligence (AI) Engineers: Develop and implement AI algorithms and solu ons, leveraging
machine learning and data science to create intelligent applica ons.
Ÿ Cloud Architects: Design and manage cloud infrastructure, enabling organiza ons to leverage cloud
services for scalability, flexibility, and efficiency.
Ÿ Digital Marke ng Specialists: Employ digital channels and strategies to promote products or
services, u lizing analy cs to op mize marke ng campaigns.
Ÿ Augmented Reality (AR) and Virtual Reality (VR) Developers: Create immersive digital experiences
using AR and VR technologies, applicable in diverse fields such as gaming, educa on, and healthcare.
Ÿ Blockchain Developers: Work on developing secure and transparent blockchain-based solu ons for
applica ons like secure transac ons and smart contracts.
Ÿ DevOps Engineers: Bridge the gap between development and opera ons, focusing on collabora on,
automa on, and con nuous improvement in the so ware development lifecycle.
Ÿ Content Creators and Managers: Develop and manage digital content for various pla orms,
including websites, social media, and other online channels.
Ÿ Robo c Process Automa on (RPA) Specialists: Implement automa on solu ons using RPA
technologies to streamline and op mize repe ve business processes.
Ÿ IoT (Internet of Things) Specialists: Design and implement solu ons involving interconnected
devices, contribu ng to the development of smart and interconnected systems.

32
Cloud Security Analyst

Fig. 2.1.4. Diverse Occupa ons in Future Skills

These occupa ons highlight the interdisciplinary nature of the Future Skills sub-sector, where
professionals need a combina on of technical, analy cal, crea ve, and collabora ve skills to excel in
their roles. The diversity of occupa ons underscores the need for a versa le workforce capable of
addressing the mul faceted challenges of the digital era.

2.1.3 Iden fying and Categorizing Trends across Sub-Sector


Occupa ons in Future Skills Domain
Iden fying and categorizing trends across sub-sector occupa ons in the Future Skills domain involves
recognizing pa erns and shi s that influence the nature of work and skill requirements.
Here are some overarching trends:

Fig. 2.1.5. Occupa ons in Sub-Sector

Trend Descrip on Impact on Occupa ons

Automa on and AI Increasing integra on of automa on Evolving roles to incorporate


Integra on and AI technologies across collabora on with intelligent
occupa ons. technologies, requiring skills in AI,
machine learning, and algorithm
development.

33
Par cipant Handbook

Remote Work and Accelerated adop on of remote Demand for digital communica on,
Digital Collabora on work and digital collabora on tools. virtual collabora on, and project
management skills, reshaping the
way professionals work and
collaborate.

Data-Driven Growing emphasis on data-driven Increased demand for data analy cs


Decision-Making decision making. and interpreta on skills across
occupa ons, enabling informed and
strategic decision making.

Cybersecurity Heightened focus on cybersecurity Rising demand for cybersecurity


Emphasis measures. specialists across occupa ons to
ensure the security and protec on of
digital assets and informa on.

Con nual Learning Con nuous need for upskilling and Professionals expected to engage in
and Upskilling learning. ongoing learning to adapt to
emerging technologies, promo ng a
culture of lifelong learning.

Human-Centric Emphasis on human centric design Increased importance of UX/UI


Design principles. design skills across occupa ons to
enhance user experiences and ensure
user-centric product development.

Sustainable Prac ces Growing focus on sustainability in Integra on of eco-friendly prac ces,
technology and business prac ces. leading to demand for professionals
with skills in sustainable development
and green technologies.

Rise of Gig Economy Increasing par cipa on in the gig Crea on of flexible work
economy. opportuni es, requiring individuals to
possess entrepreneurial skills, self-
management, and adaptability.

Augmented and Growing adop on of augmented and Demand for specialists in AR and VR
Virtual Reality virtual reality technologies. development across various
Adop on industries, influencing how products
and services are experienced.

Blockchain Expanding applica ons of blockchain Increased demand for blockchain


Applica ons technology. developers and specialists in areas
such as secure transac ons, supply
chain management, and smart
contracts.

Globaliza on and Enhanced globaliza on and cross- Increased importance of global


Cross-Cultural cultural collabora on. awareness, communica on, and
Collabora on cultural intelligence skills across
occupa ons for effec ve
collabora on.

34
Cloud Security Analyst

Categorizing these trends provides a framework for understanding the evolving landscape of Future
Skills sub-sector occupa ons, guiding individuals and organiza ons in preparing for the demands of the
digital era.

2.1.4 Roles in the Future Skills Sub-Sector


Roles in the Future Skills sub-sector highlight the diverse skill set required, ranging from technical
exper se in emerging technologies to crea ve and strategic capabili es essen al for success in the
digital era.

Fig. 2.1.6. Future Skills Sub-Sector

Role Descrip on

Data Analysts Analyze and interpret complex data sets to derive


meaningful insights, suppor ng informed decisionmaking.

Cybersecurity Specialists Focus on safeguarding digital systems, networks, and data


from cyber threats, ensuring the security and integrity of
informa on.

User Experience (UX) Designers Design and enhance the overall user experience of digital
products, ensuring they are intui ve, user-friendly, and align
with user expecta ons.

Ar ficial Intelligence (AI) Develop and implement AI algorithms and solu ons,
Engineers leveraging machine learning and data science to create
intelligent applica ons.

Cloud Architects Design and manage cloud infrastructure, enabling


organiza ons to leverage cloud services for scalability,
flexibility, and efficiency.

Digital Marke ng Specialists Employ digital channels and strategies to promote products
or services, u lizing analy cs to op mize marke ng
campaigns.

AR and VR Developers Create immersive digital experiences using AR and VR


technologies, applicable in diverse fields such as gaming,
educa on, and healthcare.

35
Par cipant Handbook

Blockchain Developers Work on developing secure and transparent blockchain


based solu ons for applica ons like secure transac ons and
smart contracts.

DevOps Engineers Bridge the gap between development and opera ons,
focusing on collabora on, automa on, and con nuous
improvement in the so ware development lifecycle.

Content Creators and Managers Develop and manage digital content for various pla orms,
including websites, social media, and other online channels.

RPA Specialists Implement automa on solu ons using RPA technologies to


streamline and op mize repe ve business processes.

IoT Specialists Design and implement solu ons involving interconnected


devices, contribu ng to the development of smart and
interconnected systems.

Exercise
Answer the following ques ons:
Short Ques ons:
1. What is the primary focus of the Future Skills sub-sector?
2. Can you name one occupa on under the Future Skills sub-sector that involves interpre ng
complex data sets?
3. Why is understanding key trends crucial in the Future Skills sub-sector?
4. How does the Future Skills sub-sector contribute to adap ng to an evolving technological
landscape?
5. Briefly describe the role of User Experience (UX) Designers in the Future Skills sub-sector. the
sector's adaptability and growth?
Fill-in-the-Blanks:
1. The Future Skills sub-sector is dedicated to preparing individuals for success in the __________
era.
a) Tradi onal
b) Digital
2. _________ and _________ are examples of occupa ons within the Future Skills sub-sector.
a) Ar sans, Farmers
b) Data Analysts, Cyber security Specialists
3. Understanding key trends is crucial in the Future Skills sub-sector to stay ahead of __________.
a) Past Prac ces
b) Industry Developments

36
Cloud Security Analyst

4. Various roles in the Future Skills sub-sector include Data Analysts, Cyber security Specialists, and
__________.
a) Architects
b) User Experience (UX) Designers
5. User Experience (UX) Designers play a pivotal role in ensuring that digital products are
__________ and align with user expections.
a) Complex
b) Intui ve
True/False Ques ons:
1. The Future Skills sub-sector is focused solely on tradi onal skill sets.
2. Data Analysts and Cyber security Specialists are not occupa ons within the Future Skills sub-sector.
3. Understanding key trends is not important in staying compe ve in the Future Skills sub-sector.
4. User Experience (UX) Designers are not involved in shaping the overall user experience of digital
products in the Future Skills sub-sector.
5. The Future Skills sub-sector is not influenced by the need for adaptability in an ever-changing
technological landscape.

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Scan this QR Code to watch the related videos or click on the given link

h ps://youtu.be/dXpsS3V7HXg
Overview of Future Skills And Cyber Security

37
Par cipant Handbook

38
3. Basics of Cloud
Compu ng and
Regulatory Standards
Unit 3.1 – Basics of Cloud Compu ng
Unit 3.2 – Regulatory Standards of Cloud Compu ng

Bridge Module
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Explain cloud computing and its basic concepts
2. Describe various use cases of cloud computing.
3. Describe the regulations, standards and compliance mechanisms associated with cloud
computing.

40
Cloud Security Analyst

UNIT 3.1: Basics of Cloud Compu ng

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Explain basic concepts of cloud compu ng.
2. Discuss the evolu on of cloud compu ng
3. Describe various use cases of cloud compu ng.

3.1.1 Concept of Cloud Compu ng

Cloud compu ng refers to the delivery of


compu ng services—including servers,
storage, databases, networking, so ware,
and more—over the internet, also known
as "the cloud." Rather than storing and
accessing data and programs on local
computers or servers, cloud compu ng
a l l ows u s e rs to a c c e s s co m p u n g
resources on-demand from a remote
loca on via the internet.

Fig. 3.1.1. Cloud Compu ng

3.1.2 Essen al Characteris cs of Cloud Compu ng


On-Demand Self-Service: Users can provision compu ng resources, such as server me and storage, as
needed without requiring human interven on from the service provider.
Broad Network Access: Cloud services are accessible over the internet from various devices with
standard protocols, such as laptops, smart phones, and tablets.
Resource Pooling: Cloud compu ng providers pool compu ng resources to serve mul ple users
dynamically. Resources are assigned and reassigned according to demand. Users typically have no
control or knowledge over the exact loca on of the resources provided but may be able to specify
loca on at a higher level of abstrac on (e.g., country, region).
Rapid Elas city: Cloud services can rapidly scale up or down to accommodate changes in demand. Users
can quickly access addi onal resources as needed without significant delays.
Measured Service: Cloud compu ng resources are monitored, controlled, and reported, providing
transparency for both the provider and the consumer. Users typically pay for the resources they consume
on a pay-per-use basis, allowing for cost op miza on and resource efficiency.
Mul -tenancy: Cloud compu ng services o en support mul ple users or "tenants" on a shared
infrastructure. Despite sharing physical resources, the logical separa on ensures that each user's data
and applica ons remain isolated and secure.
Service Models: Cloud compu ng offers different service models, including Infrastructure as a Service
(IaaS), Pla orm as a Service (PaaS), and So ware as a Service (SaaS). These models vary in the level of
abstrac on and control they offer to users over the underlying infrastructure and applica ons.

41
Par cipant Handbook

3.1.3 Evolu on of Cloud Compu ng


The evolu on of cloud compu ng has been a fascina ng journey marked by significant technological
advancements and paradigm shi s in how we store, access, and manage data and applica ons. Here's a
brief overview of its evolu on:
Early Conceptualiza on (1950s-1990s): The seeds of cloud compu ng were sown with the development
of mainframe compu ng in the 1950s. During this me, large corpora ons and research ins tu ons
u lized centralized compu ng resources accessed via dumb terminals. However, it wasn't un l the
1990s that the term "cloud compu ng" began to gain trac on.
Dot-Com Bubble and Web Hos ng (late 1990s-early 2000s): As the internet became more widely
adopted, companies started offering web hos ng services, enabling individuals and businesses to host
their websites and applica ons on remote servers. This marked the ini al phase of cloud compu ng,
albeit in a more rudimentary form.
U lity Compu ng and Virtualiza on (mid-2000s): The mid-2000s saw the emergence of u lity
compu ng, where compu ng resources were provided on-demand and billed based on usage, similar to
other u lity services. This period also witnessed significant advancements in virtualiza on technology,
which allowed for the crea on of virtual machines (VMs) running mul ple opera ng systems on a single
physical server.
Amazon Web Services (AWS) and Infrastructure as a Service (IaaS) (late 2000s): Amazon Web Services
(AWS) launched in 2006, pioneering the concept of Infrastructure as a Service (IaaS). AWS allowed
businesses to rent compu ng resources such as servers and storage on a pay-as-you-go basis,
revolu onizing the way companies provision and manage IT infrastructure.
Pla orm as a Service (PaaS) and So ware as a Service (SaaS) (late 2000s-early 2010s): The late 2000s
and early 2010s saw the rise of Pla orm as a Service (PaaS) and So ware as a Service (SaaS) offerings.
PaaS provided developers with pla orms and tools to build, deploy, and manage applica ons without
worrying about underlying infrastructure, while SaaS delivered so ware applica ons over the internet
on a subscrip on basis.
Hybrid and Mul -Cloud (2010s): As cloud adop on surged, organiza ons began exploring hybrid and
mul -cloud strategies to leverage the benefits of both public and private cloud environments. Hybrid
cloud combines on-premises infrastructure with public or private cloud services, while mul -cloud
involves using mul ple cloud providers for different workloads or applica ons.
Serverless Compu ng and Edge Compu ng (2010s-2020s): Serverless compu ng, also known as
Func on as a Service (FaaS), gained prominence in the late 2010s, allowing developers to run code
without managing servers. Edge compu ng, meanwhile, involves processing data closer to the source of
genera on, enabling low-latency applica ons and services.
AI and Machine Learning in the Cloud (2020s): In recent years, cloud providers have heavily invested in
AI and machine learning capabili es, offering a wide range of services for tasks such as natural language
processing, image recogni on, and predic ve analy cs.

3.1.4 Significance of Cloud Compu ng in the IT Landscape


Cloud compu ng holds profound significance in the modern IT landscape due to its transforma ve
impact across various aspects of technology infrastructure, opera ons, and business strategy. Here are
some key points illustra ng its significance:
Agility and Flexibility: Cloud compu ng enables businesses to rapidly provision and scale IT resources
according to demand. This agility allows organiza ons to respond quickly to changing market condi ons,
customer needs, and internal requirements, facilita ng innova on and compe veness.
Cost Efficiency: Cloud compu ng follows a pay-as-you-go model, elimina ng the need for large upfront
investments in hardware and infrastructure. This cost-effec ve approach enables organiza ons to
op mize IT spending, reduce opera onal expenses, and allocate resources more efficiently, especially
for small and medium-sized businesses.

42
Cloud Security Analyst

Global Reach: Cloud services are accessible from anywhere with an internet connec on, enabling
seamless collabora on among geographically dispersed teams and reaching global markets more
effec vely. This global reach enhances produc vity, accelerates me-to-market, and supports business
expansion strategies.
Scalability: Cloud compu ng pla orms offer virtually limitless scalability, allowing organiza ons to
effortlessly scale resources up or down based on demand. This scalability is par cularly beneficial for
handling fluctua ng workloads, seasonal peaks, or sudden spikes in traffic without disrup ng opera ons
or performance.
Innova on Accelera on: Cloud compu ng democra zes access to cu ng-edge technologies such as
ar ficial intelligence (AI), machine learning (ML), Internet of Things (IoT), and big data analy cs. By
leveraging cloud-based services and pla orms, organiza ons can accelerate innova on, experiment
with new ideas, and develop disrup ve solu ons more rapidly.
Enhanced Security: Leading cloud providers invest heavily in security measures, compliance
cer fica ons, and data protec on mechanisms to safeguard customer data and infrastructure. Cloud
pla orms o en offer advanced security features, including encryp on, iden ty and access management
(IAM), threat detec on, and automated compliance tools, helping organiza ons mi gate security risks
more effec vely than tradi onal on-premises solu ons.
Business Con nuity and Disaster Recovery: Cloud compu ng offers built-in redundancy, backup, and
disaster recovery capabili es, ensuring high availability and data resilience. By replica ng data across
mul ple geographic regions and employing failover mechanisms, cloud providers minimize down me
and mi gate the impact of unforeseen events, such as hardware failures, natural disasters, or cyber
a acks.
Sustainability: Cloud compu ng promotes environmental sustainability by op mizing resource
u liza on, energy efficiency, and carbon footprint reduc on. By consolida ng workloads onto shared
infrastructure and leveraging energy-efficient data centers, cloud providers can achieve economies of
scale and reduce overall environmental impact compared to tradi onal on-premises deployments.

3.1.5 Key Business Drivers for the Adop on of Cloud


Technologies
Here are some key business drivers for the adop on of cloud technologies:
Cost Efficiency: One of the primary drivers for cloud adop on is the poten al for cost savings. Cloud
compu ng eliminates the need for upfront capital investments in hardware, so ware, and
infrastructure. Instead, businesses pay for cloud services on a pay-as-you-go or subscrip on basis,
allowing them to scale resources according to demand and avoid over-provisioning.
Scalability and Flexibility: Cloud pla orms offer unparalleled scalability and flexibility, allowing
businesses to rapidly scale resources up or down based on fluctua ng workloads, seasonal peaks, or
business growth. This scalability ensures that organiza ons can meet changing demands without the
need for significant upfront investment or infrastructure provisioning.
Agility and Speed to Market: Cloud compu ng enables organiza ons to accelerate innova on and speed
up me-to-market for new products, services, and features. By providing on-demand access to
compu ng resources, development tools, and pre-built services, cloud pla orms empower businesses
to iterate quickly, experiment with new ideas, and respond faster to market opportuni es.
Global Reach and Accessibility: Cloud services are accessible from anywhere with an internet
connec on, enabling businesses to reach global markets more effec vely. Cloud pla orms support
remote collabora on, enable distributed teams to work seamlessly across geographic loca ons, and
facilitate interna onal expansion without the need for extensive physical infrastructure.
Enhanced Collabora on and Produc vity: Cloud-based collabora on tools and produc vity suites
enable seamless communica on, file sharing, and project collabora on among employees, partners,
and customers.

43
Par cipant Handbook

By centralizing data and applica ons in the cloud, businesses can improve collabora on, streamline
workflows, and enhance produc vity across the organiza on.
Business Con nuity and Disaster Recovery: Cloud compu ng offers built-in redundancy, backup, and
disaster recovery capabili es, ensuring high availability and data resilience. By leveraging cloud-based
backup and recovery solu ons, businesses can minimize down me, mi gate the impact of unforeseen
events, and maintain business con nuity in the face of disasters or disrup ons.
Security and Compliance: Leading cloud providers invest heavily in security measures, compliance
cer fica ons, and data protec on mechanisms to safeguard customer data and infrastructure. Cloud
pla orms offer advanced security features, including encryp on, iden ty and access management
(IAM), threat detec on, and automated compliance tools, helping businesses mi gate security risks and
meet regulatory requirements more effec vely than tradi onal on-premises solu ons.
Innova on and Compe ve Advantage: Cloud compu ng democra zes access to cu ng-edge
technologies such as ar ficial intelligence (AI), machine learning (ML), Internet of Things (IoT), and big
data analy cs. By leveraging cloud-based services and pla orms, businesses can accelerate innova on,
experiment with new ideas, and develop disrup ve solu ons that drive compe ve differen a on and
market leadership.

3.1.6 Use Cases and Applica ons of Cloud Technologies Across


Various Industry Ver cals.
Cloud technologies are widely applicable across various industry ver cals, enabling organiza ons to
streamline opera ons, enhance efficiency, and drive innova on. Here are some use cases and
applica ons of cloud technologies across different industries:
1. Healthcare
Ÿ Electronic Health Records (EHR) systems hosted on cloud pla orms for efficient pa ent data
management and secure access by healthcare providers.
Ÿ Telemedicine and remote pa ent monitoring solu ons leveraging cloud infrastructure to facilitate
virtual consulta ons and remote health monitoring.
Ÿ Health data analy cs for popula on health management, personalized medicine, and predic ve
analy cs to improve pa ent outcomes and reduce healthcare costs.

2. Finance and Banking:


Ÿ Core banking systems hosted on cloud pla orms for processing transac ons, managing accounts,
and delivering financial services to customers.
Ÿ Fraud detec on and preven on solu ons powered by cloud-based machine learning algorithms to
iden fy suspicious ac vi es and mi gate financial risks.
Ÿ Regulatory compliance and risk management applica ons u lizing cloud-based tools for data
governance, audit trails, and repor ng requirements.

3. Retail and E-commerce:


Ÿ E-commerce pla orms hosted on cloud infrastructure for online storefronts, product catalog
management, order processing, and payment transac ons.
Ÿ Customer rela onship management (CRM) systems deployed in the cloud for managing customer
interac ons, sales pipelines, and marke ng campaigns.
Ÿ Inventory management and supply chain op miza on solu ons leveraging cloud-based analy cs to
forecast demand, op mize inventory levels, and streamline logis cs opera ons.

4. Manufacturing and Supply Chain:


Ÿ Cloud-based Manufacturing Execu on Systems (MES) for real- me monitoring, control, and
op miza on of produc on processes, equipment, and resources.

44
Cloud Security Analyst

Ÿ Supply chain visibility and collabora on tools hosted on cloud pla orms to track inventory levels,
monitor supplier performance, and coordinate logis cs across the supply chain network.
Ÿ Predic ve maintenance solu ons u lizing cloud-based IoT sensors and analy cs to monitor
equipment health, iden fy maintenance issues in advance, and minimize unplanned down me.

5. Educa on:
Ÿ Learning Management Systems (LMS) hosted on cloud pla orms for delivering online courses,
managing student enrollment, and facilita ng collabora on among educators and learners.
Ÿ Virtual classrooms and distance learning solu ons powered by cloud-based video conferencing,
interac ve whiteboards, and content sharing tools.
Ÿ Data analy cs and learning insights leveraging cloud-based analy cs to track student progress,
assess learning outcomes, and personalize learning experiences.

6. Hospitality and Travel:


Ÿ Cloud-based Property Management Systems (PMS) for hotel reserva ons, guest bookings, room
assignments, and front desk opera ons.
Ÿ Online travel booking pla orms hosted on cloud infrastructure for airline cket reserva ons, hotel
bookings, car rentals, and vaca on packages.
Ÿ Revenue management and dynamic pricing applica ons u lizing cloud-based analy cs to op mize
pricing strategies, maximize occupancy rates, and enhance revenue per available room (RevPAR).

7. Media and Entertainment:


Ÿ Content crea on and collabora on tools hosted on cloud pla orms for video edi ng, graphic design,
audio produc on, and project collabora on among crea ve teams.
Ÿ Media asset management (MAM) systems deployed in the cloud for organizing, cataloging, and
distribu ng digital content such as videos, images, and documents.
Ÿ Over-the-top (OTT) streaming services leveraging cloud-based video encoding, transcoding, and
content delivery networks (CDNs) for scalable and reliable video streaming to global audiences.

8. Government and Public Sector:


Ÿ Cloud-based ci zen services portals for online tax filing, permit applica ons, license renewals, and
government document submissions.
Ÿ Emergency response and disaster management systems hosted on cloud infrastructure for
coordina ng response efforts, sharing cri cal informa on, and mobilizing resources during
emergencies.
Ÿ Open data ini a ves leveraging cloud pla orms to publish and share government datasets, promote
transparency, and support data-driven decision-making by ci zens and policymakers.

3.1.7 Types of Cloud Deployment Models


Cloud deployment models refer to different ways of deploying cloud compu ng resources,
infrastructure, and services. These models define where and how cloud resources are hosted, managed,
and accessed. There are primarily three types of cloud deployment models:
1. Public Cloud:
Ÿ In a public cloud deployment model, cloud resources and services are owned and operated by third-
party cloud service providers (CSPs) and made available to the general public over the internet.
Ÿ These resources are shared among mul ple customers, allowing organiza ons to access compu ng
power, storage, and applica ons on a pay-as-you-go basis without the need for upfront capital
investment in infrastructure.

45
Par cipant Handbook

Ÿ Public cloud services are highly scalable, cost-effec ve, and accessible from anywhere with an
internet connec on. Examples of public cloud providers include Amazon Web Services (AWS),
Microso Azure, and Google Cloud Pla orm (GCP).

2. Private Cloud:
Ÿ In a private cloud deployment model, cloud resources and infrastructure are dedicated exclusively to
a single organiza on or en ty, either hosted on-premises or by a third-party service provider.
Ÿ Private clouds offer greater control, customiza on, and security compared to public clouds, making
them suitable for organiza ons with specific compliance, security, or performance requirements.
Ÿ Private cloud deployments can be managed internally by the organiza on's IT department or
outsourced to a managed service provider (MSP) specializing in private cloud hos ng and
management.

3. Hybrid Cloud:
Ÿ A hybrid cloud deployment model combines elements of both public and private clouds, allowing
organiza ons to leverage the benefits of each approach while addressing specific use case
requirements.
Ÿ In a hybrid cloud setup, organiza ons can dynamically move workloads and data between public and
private cloud environments based on factors such as cost, performance, security, and compliance.
Ÿ Hybrid clouds provide flexibility, scalability, and interoperability, enabling organiza ons to maintain
sensi ve or mission-cri cal workloads on-premises or in a private cloud while u lizing the scalability
and agility of public cloud services for other workloads.
Ÿ Hybrid cloud deployments o en require seamless integra on, management, and orchestra on of
resources across mul ple cloud environments, typically facilitated by cloud management pla orms,
automa on tools, and hybrid cloud management solu ons.
Each cloud deployment model has its advantages, considera ons, and use cases, and organiza ons may
choose to adopt one or a combina on of these models based on their specific business needs, regulatory
requirements, budget constraints, and strategic objec ves.

3.1.8 Types of Cloud Service Models


Cloud service models define the types of services offered by cloud providers and the level of abstrac on
at which these services are delivered. There are primarily three types of cloud service models:
1. Infrastructure as a Service (IaaS):
Ÿ Infrastructure as a Service (IaaS) provides virtualized compu ng resources over the internet, allowing
users to provision and manage virtual machines, storage, and networking infrastructure on-demand.
Ÿ With IaaS, users have full control over the opera ng system, applica ons, and development
frameworks deployed on the virtualized infrastructure.
Ÿ IaaS offers scalability, flexibility, and cost-efficiency, enabling users to scale resources up or down
based on demand and pay for only the resources consumed.
Ÿ Examples of IaaS providers include Amazon Web Services (AWS) EC2, Microso Azure Virtual
Machines, Google Compute Engine, and IBM Cloud Virtual Servers.

2. Pla orm as a Service (PaaS):


Ÿ Pla orm as a Service (PaaS) provides a pla orm for developing, deploying, and managing
applica ons without the complexity of managing underlying infrastructure.
Ÿ PaaS offerings include development tools, middleware, run me environments, and database
services that enable developers to build, test, and deploy applica ons more efficiently.
Ÿ PaaS abstracts away the underlying infrastructure, allowing developers to focus on applica on
development and innova on rather than infrastructure management.

46
Cloud Security Analyst

Ÿ PaaS offerings typically support mul ple programming languages, frameworks, and development
methodologies.
Ÿ Examples of PaaS providers include Google App Engine, Microso Azure App Service, Heroku, and
Red Hat OpenShi .

3. So ware as a Service (SaaS):


Ÿ So ware as a Service (SaaS) delivers so ware applica ons over the internet as a service, elimina ng
the need for users to install, manage, or maintain so ware locally.
Ÿ SaaS applica ons are accessed through web browsers or APIs, and users pay a subscrip on fee based
on usage or number of users.
Ÿ SaaS offerings cover a wide range of applica ons and services, including produc vity tools,
collabora on so ware, customer rela onship management (CRM) systems, enterprise resource
planning (ERP) so ware, and more.
Ÿ SaaS providers handle so ware maintenance, updates, security, and infrastructure management,
allowing users to focus on using the so ware rather than managing it.
Ÿ Examples of SaaS applica ons include Salesforce, Microso Office 365, Google Workspace (formerly
G Suite), Dropbox, and Slack.
These cloud service models offer different levels of abstrac on and manageability, catering to diverse
requirements and use cases across industries and organiza ons of all sizes. By leveraging cloud service
models, businesses can achieve greater agility, scalability, and cost-efficiency while focusing on
innova on and driving business value.

3.1.9 Basic Concepts of Cloud Compu ng


Here are explana ons of some basic concepts of cloud compu ng:
Virtualiza on: Virtualiza on is the founda onal technology behind cloud compu ng that allows
physical hardware resources, such as servers, storage, and networking, to be abstracted into virtualized
instances or virtual machines (Vms). These VMs can run mul ple opera ng systems and applica ons
simultaneously on a single physical server, enabling efficient resource u liza on, hardware
consolida on, and workload isola on. Virtualiza on enables cloud providers to offer scalable and
flexible cloud services, allowing users to provision and manage virtualized resources dynamically.
Scalability: Scalability refers to the ability of a cloud compu ng system to handle increasing workloads or
user demands by dynamically alloca ng and provisioning addi onal compu ng resources, such as
processing power, memory, and storage, as needed. Cloud environments offer both ver cal scalability
(scaling resources up or down within a single virtualized instance) and horizontal scalability (scaling
resources out across mul ple instances or servers). Scalability ensures that cloud services can
accommodate growing or fluctua ng workloads while maintaining performance, availability, and
responsiveness.
Data Separa on: Data separa on involves isola ng and segrega ng data belonging to different users or
tenants within a shared cloud infrastructure to ensure privacy, security, and regulatory compliance.
Cloud providers implement data separa on mechanisms through logical and physical controls, such as
mul -tenancy isola on, virtual private networks (VPNs), access controls, encryp on, and data
segrega on policies. Data separa on helps prevent unauthorized access, data leakage, and conflicts
between users sharing the same cloud resources.
Cloud Security Controls: Cloud security controls encompass a range of measures, prac ces, and
technologies designed to protect cloud compu ng environments, infrastructure, applica ons, and data
from security threats, vulnerabili es, and unauthorized access. Key cloud security controls include:
Ÿ Iden ty and Access Management (IAM): Managing user iden es, roles, permissions, and access
privileges to ensure secure authen ca on and authoriza on.

47
Par cipant Handbook

Ÿ Encryp on: Encryp ng data at rest and in transit to protect sensi ve informa on from unauthorized
disclosure or intercep on.
Ÿ Network Security: Implemen ng firewalls, Intrusion Detec on/Preven on Systems (IDS/IPS), and
network segmenta on to safeguard cloud networks from cyber threats and a acks.
Ÿ Security Monitoring and Logging: Monitoring cloud environments for security incidents, anomalies,
and unauthorized ac vi es, and logging security events for audi ng and forensic analysis.
Ÿ Compliance and Governance: Enforcing regulatory compliance requirements, industry standards,
and organiza onal policies through security controls, audits, and governance frameworks.
Ÿ Threat Detec on and Incident Response: Detec ng and responding to security threats, breaches,
and incidents in real- me, and implemen ng incident response plans to mi gate risks and minimize
impact.

3.1.10 Popular Cloud Compu ng Tools/Pla orms


There are several popular cloud compu ng pla orms and tools that offer a wide range of services and
capabili es to meet various business needs. Here are some of the most widely used cloud compu ng
pla orms and tools:
Amazon Web Services (AWS)
AWS is one of the leading cloud compu ng pla orms offering a comprehensive suite of infrastructure
services, including compu ng power (Amazon Ec2), storage (Amazon S3), databases (Amazon RDS),
networking (Amazon VPC), and developer tools (AWS Lambda, AWS CloudForma on). AWS also
provides a wide range of higher-level services such as AI/ML (Amazon SageMaker), analy cs (Amazon
Redshi ), and IoT (Amazon IoT Core).

Microso Azure
Microso Azure is a cloud compu ng pla orm and services provided by Microso . Azure offers a wide
range of services including virtual machines (Azure Vms), storage (Azure Blob Storage), databases (Azure
SQL Database), networking (Azure Virtual Network), and developer tools (Azure DevOps, Visual Studio).
Azure also provides services for AI/ML (Azure Machine Learning), analy cs (Azure Synapse Analy cs),
and IoT (Azure IoT Hub).

Google Cloud Pla orm (GCP)


Google Cloud Pla orm is a suite of cloud compu ng services provided by Google. GCP offers services
such as compu ng (Google Compute Engine), storage (Google Cloud Storage), databases (Google Cloud
SQL, BigQuery), networking (Google Virtual Private Cloud), and developer tools (Google Cloud
Func ons, Google Cloud Build). GCP also provides services for AI/ML (Google AI Pla orm), analy cs
(BigQuery), and IoT (Google Cloud IoT Core).

IBM Cloud
IBM Cloud is a cloud compu ng pla orm and services offered by IBM. IBM Cloud provides services such
as virtual servers (IBM Virtual Servers), storage (IBM Cloud Object Storage), databases (IBM Db2 on
Cloud), networking (IBM Cloud Virtual Private Cloud), and developer tools (IBM Cloud Func ons, IBM
Cloud Pak for Applica ons). IBM Cloud also offers services for AI/ML (Watson AI) and analy cs (IBM
Watson Analy cs).

Alibaba Cloud
Alibaba Cloud is a cloud compu ng pla orm provided by Alibaba Group. Alibaba Cloud offers services
such as compu ng (Elas c Compute Service), storage (Object Storage Service), databases (ApsaraDB for
RDS), networking (Virtual Private Cloud), and developer tools (Func on Compute, Alibaba Cloud CLI).

48
Cloud Security Analyst

Alibaba Cloud also provides services for AI/ML (Machine Learning Pla orm for AI) and analy cs
(MaxCompute).

Oracle Cloud Infrastructure (OCI)


Oracle Cloud Infrastructure is a cloud compu ng pla orm provided by Oracle Corpora on. OCI offers
services such as compu ng (Compute Instances), storage (Object Storage), databases (Autonomous
Database), networking (Virtual Cloud Network), and developer tools (Func ons, Developer Studio). OCI
also provides services for AI/ML (Oracle AI Pla orm) and analy cs (Oracle Analy cs Cloud).

Salesforce
Salesforce is a cloud-based Customer Rela onship Management (CRM) pla orm that provides a range of
services for sales, marke ng, customer service, and analy cs. Salesforce offers solu ons such as Sales
Cloud, Service Cloud, Marke ng Cloud, and Commerce Cloud, as well as developer tools and pla orm
services for building custom applica ons and integra ons.

Exercise
Q.1. List essen al characteris cs of cloud compu ng:

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.2. Write a short note on Pla orm as a Service (PaaS):

__________________________________________________________________________________

__________________________________________________________________________________

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

49
Par cipant Handbook

UNIT 3.2: Regulatory Standards of Cloud Compu ng

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Explain the laws and regula ons governing the cloud compu ng environment.
2. Outline the general principles and basic concepts of data management standards.
3. Evaluate various compliance mechanisms associated with cloud compu ng.

3.2.1 Laws and Regula ons Governing the Cloud Compu ng


Environment in an Organiza on

Fig. 3.2.1. Regulatory Standards for Cloud Compu ng

Laws governing the cloud compu ng environment in an organiza on can vary depending on factors such
as the industry, geographic loca on, and type of data being stored or processed in the cloud. Here are
some key laws and regula ons that may impact cloud compu ng environments:
General Data Protec on Regula on (GDPR)
GDPR is a comprehensive data protec on regula on applicable to organiza ons opera ng within the
European Union (EU) or handling personal data of EU ci zens. It imposes strict requirements for data
protec on, privacy, consent, data subject rights, and cross-border data transfers.

California Consumer Privacy Act (CCPA)


CCPA is a data privacy law that applies to businesses that collect personal informa on of California
residents. It grants California consumers rights regarding their personal informa on, including the right
to access, delete, and opt-out of the sale of their data.

Health Insurance Portability and Accountability Act (HIPAA)


HIPAA is a U.S. federal law that regulates the use and disclosure of protected health informa on (PHI) by
healthcare organiza ons and their business associates. It mandates security and privacy safeguards to
protect PHI and imposes penal es for non-compliance.

50
Cloud Security Analyst

Payment Card Industry Data Security Standard (PCI DSS)


PCI DSS is a set of security standards designed to protect payment card data and prevent credit card
fraud. It applies to organiza ons that handle payment card informa on and outlines requirements for
securing cardholder data, network security, and compliance valida on.

Federal Risk and Authoriza on Management Program (FedRAMP)


FedRAMP is a U.S. government program that standardizes the security assessment, authoriza on, and
con nuous monitoring of cloud products and services used by federal agencies. It requires cloud service
providers to meet stringent security and compliance standards.

Sarbanes-Oxley Act (SOX)


SOX is a U.S. federal law that sets requirements for financial repor ng and corporate governance to
prevent accoun ng fraud and enhance transparency. It mandates controls and procedures for ensuring
the accuracy and integrity of financial data, which may include considera ons for cloud-based financial
systems.

Children's Online Privacy Protec on Act (COPPA)


COPPA is a U.S. federal law that regulates the online collec on of personal informa on from children
under the age of 13. It imposes requirements for obtaining parental consent, providing no ce, and
implemen ng data security measures to protect children's privacy.

Data Residency and Sovereignty Laws


Some countries have data residency and sovereignty laws that require certain data to be stored and
processed within the country's borders. Organiza ons must comply with these laws when storing and
processing data in the cloud.
It's important for organiza ons to understand and comply with relevant laws and regula ons to ensure
legal compliance, protect sensi ve data, and mi gate legal and regulatory risks associated with cloud
compu ng. This may involve implemen ng appropriate security controls, conduc ng risk assessments,
performing audits, and regularly monitoring and reviewing compliance requirements. Addi onally,
organiza ons should stay informed about regulatory updates and changes to ensure ongoing
compliance in the evolving cloud compu ng landscape.

3.2.2 Standards of Cloud Compu ng Environment in an


Organiza on
Standards play a crucial role in ensuring interoperability, security, and reliability in cloud compu ng
environments within organiza ons. Here are some key standards relevant to the cloud compu ng
environment:
ISO/IEC 27001
ISO/IEC 27001 is an interna onal standard for informa on security management systems (ISMS). It
provides a framework for establishing, implemen ng, maintaining, and con nually improving an
organiza on's informa on security management system. Compliance with ISO/IEC 27001 demonstrates
that an organiza on has implemented a comprehensive approach to managing informa on security
risks.

ISO/IEC 27017
ISO/IEC 27017 is a supplementary standard that provides guidelines for implemen ng informa on
security controls specific to cloud compu ng environments. It offers addi onal guidance on addressing
cloud-specific security risks, such as data protec on, iden ty and access management, virtualiza on,
and incident management.

51
Par cipant Handbook

ISO/IEC 27018
ISO/IEC 27018 is a standard that provides guidelines for protec ng personally iden fiable informa on
(PII) in cloud compu ng environments. It outlines requirements for cloud service providers to
implement controls for data protec on, privacy, transparency, and compliance with applicable data
protec on laws and regula ons.

NIST SP 800-53
NIST Special Publica on 800-53 provides a comprehensive catalog of security and privacy controls for
federal informa on systems and organiza ons. It offers guidance on selec ng and implemen ng security
controls to protect the confiden ality, integrity, and availability of informa on systems and data,
including those deployed in cloud compu ng environments.

NIST SP 800-144
NIST Special Publica on 800-144 provides guidelines for managing the security and privacy
considera ons associated with cloud compu ng. It offers a risk-based approach to assessing and
mi ga ng security risks in cloud deployments, including considera ons for cloud architecture, data
protec on, iden ty management, and incident response.

Cloud Security Alliance (CSA) Guidelines


The Cloud Security Alliance (CSA) offers a set of best prac ces, guidelines, and frameworks for securing
cloud compu ng environments. This includes the Cloud Controls Matrix (CCM), a comprehensive catalog
of security controls mapped to leading compliance frameworks, and the Security, Trust & Assurance
Registry (STAR) program, which provides a registry of cloud security controls and cer fica ons.

FIPS 140-2
Federal Informa on Processing Standard (FIPS) 140-2 is a U.S. government standard that specifies
requirements for cryptographic modules used to protect sensi ve informa on in computer and
telecommunica on systems. Compliance with FIPS 140-2 ensures that cryptographic algorithms and
implementa ons meet rigorous security standards.

ITIL (Informa on Technology Infrastructure Library)


ITIL is a set of best prac ces for IT service management (ITSM) that provides guidance on aligning IT
services with business needs, improving service delivery, and op mizing IT processes. ITIL includes
prac ces for managing cloud services, such as service strategy, service design, service transi on, service
opera on, and con nual service improvement.

3.2.3 Basic Concepts of Data Management Standards Across


the Globe
Basic concepts of data management standards across the globe encompass fundamental principles and
best prac ces for effec vely managing data assets within organiza ons. These concepts are
founda onal to ensuring data quality, security, privacy, compliance, and usability. Here are some key
basic concepts:
Data Governance
Data governance involves defining the policies, procedures, roles, and responsibili es for managing data
throughout its lifecycle. It ensures that data assets are aligned with business objec ves, comply with
regula ons, and meet quality standards. Data governance establishes accountability and transparency
in decision-making processes related to data management.
.

52
Cloud Security Analyst

Data Quality Management


Data quality management focuses on ensuring that data is accurate, reliable, complete, consistent, and
relevant for its intended use. It involves processes for data profiling, cleansing, valida on, enrichment,
and monitoring to maintain high-quality data. Data quality management aims to improve data integrity,
credibility, and usability for decision-making and business opera ons.

Data Security
Data security encompasses measures to protect data from unauthorized access, disclosure, altera on,
or destruc on. It includes implemen ng security controls such as encryp on, access controls,
authen ca on, authoriza on, audi ng, and security monitoring to safeguard sensi ve informa on from
security threats and breaches. Data security ensures confiden ality, integrity, and availability of data
assets.

Data Privacy
Data privacy involves protec ng individuals' privacy rights and ensuring compliance with data protec on
laws and regula ons. It encompasses obtaining consent for data collec on and processing, providing
transparency about data prac ces, and implemen ng measures to protect personal informa on from
misuse or unauthorized disclosure. Data privacy aims to respect individuals' privacy preferences and
safeguard their sensi ve data.

Data Lifecycle Management


Data lifecycle management governs the management of data throughout its lifecycle, from crea on and
acquisi on to archival or disposal. It involves defining reten on policies, classifying data based on its
sensi vity and value, and implemen ng processes for data reten on, archiving, and disposal in
compliance with legal and regulatory requirements. Data lifecycle management ensures efficient and
compliant handling of data assets.

Data Integra on and Interoperability


Data integra on and interoperability enable seamless data exchange, analysis, and decision-making
across disparate sources and systems. It involves harmonizing data formats, schemas, and seman cs to
ensure consistency, coherence, and interoperability. Data integra on facilitates data-driven insights and
enhances organiza onal agility and responsiveness.

Data Accessibility
Data accessibility ensures that authorized users have mely and efficient access to the data they need to
perform their roles and responsibili es. It involves providing appropriate tools, technologies, and
interfaces for accessing, querying, analyzing, and visualizing data while maintaining security and privacy
controls. Data accessibility enhances collabora on, produc vity, and decision-making within
organiza ons.

Data Compliance
Data compliance involves ensuring compliance with relevant laws, regula ons, standards, and
contractual obliga ons governing data management, privacy, security, and confiden ality. It includes
staying informed about legal and regulatory requirements, conduc ng risk assessments, and
implemen ng controls to mi gate compliance risks. Data compliance minimizes legal and reputa onal
risks associated with non-compliance.

Data Ethics
Data ethics involves considering the ethical implica ons of data collec on, use, and analysis. It includes
promo ng transparency, fairness, accountability, and non-discrimina on in data prac ces, and ensuring
that data is used responsibly and ethically.

53
Par cipant Handbook

Exercise
Q.1. Write a note on General Data Protec on Regula on (GDPR):

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.2. What is FIPS 140-2?

__________________________________________________________________________________

__________________________________________________________________________________

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

54
Cloud Security Analyst

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

55
Par cipant Handbook

56
4. Development Tools
and Usage
Unit 4.1 – Cloud Development Tools and Usage

Bridge Module
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:

1. Outline all the important tools and pla orms required to perform programming in cloud
environment.

2. Use development tools, frameworks, pla orms, libraries, and packages for programming on the
cloud.

58
Cloud Security Analyst

Unit 4.1: Cloud Development Tools and Usage

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Describe programming concepts applicable to cloud compu ng.
2. List popular tools and pla orms for programming in the cloud environment.
3. Assess so ware development needs and changes.

4.1.1 Programming Concepts Applicable to Cloud Compu ng

Fig. 4.1.1. Cloud Compu ng

Scalability: Wri ng code that can scale horizontally or ver cally to handle varying workloads efficiently,
leveraging cloud resources dynamically.

Resilience: Implemen ng fault-tolerant and resilient applica ons by designing for failure and using
techniques such as redundancy and graceful degrada on.

Distributed Systems: Understanding and u lizing distributed compu ng principles to develop


applica ons that can run across mul ple cloud instances or data centers.

Microservices Architecture: Building applica ons as a collec on of small, loosely coupled services that
can be independently deployed, managed, and scaled in the cloud environment.

Serverless Compu ng: Developing event-driven applica ons without managing infrastructure, u lizing
serverless pla orms like AWS Lambda or Azure Func ons to execute code in response to events.

Security: Implemen ng robust security prac ces and encryp on mechanisms to protect data and
applica ons in the cloud from unauthorized access and a acks.

59
Par cipant Handbook

4.1.2 Popular Tools and Pla orms for Programming in the


Cloud Environment
Amazon Web Services (AWS): AWS offers a wide range of services and tools such as AWS Lambda for
serverless compu ng, EC2 for virtual servers, and S3 for storage.
Microso Azure: Azure provides tools like Azure Func ons for serverless compu ng, Azure App Service
for web and mobile apps, and Azure Kubernetes Service (AKS) for containerized applica ons.
Google Cloud Pla orm (GCP): GCP offers services like Google Cloud Func ons for serverless compu ng,
Google App Engine for building and deploying applica ons, and Google Kubernetes Engine (GKE) for
container orchestra on.
Docker and Kubernetes: Docker for containeriza on and Kubernetes for container orchestra on are
widely used for deploying and managing applica ons in cloud environments, offering scalability and
flexibility.
Serverless Framework: An open-source framework for building serverless applica ons across various
cloud providers, simplifying deployment and management tasks.

4.1.3 How to Assess So ware Development Needs and


Changes
Assessing so ware development needs and changes involves several steps:
Iden fy Requirements: Gather requirements from stakeholders to understand their needs, pain points,
and desired outcomes.
Perform Gap Analysis: Evaluate the exis ng so ware against iden fied requirements to iden fy gaps
and areas for improvement.
Priori ze Needs: Priori ze so ware development needs based on their impact on business objec ves,
urgency, and feasibility.
Define Changes: Clearly define the scope and objec ves of the required changes, including func onal
and non-func onal requirements.
Develop a Plan: Develop a detailed plan outlining the meline, resources, and budget required to
implement the changes effec vely.
Communicate and Collaborate: Communicate the proposed changes with stakeholders, solicit
feedback, and collaborate with relevant teams to ensure alignment and support.

4.1.4 Coding Principles and Best Prac ces for Cloud


Development
Coding principles and best prac ces for cloud development are crucial for building scalable, resilient, and
maintainable applica ons. Here are some key principles and prac ces:
Scalability: Design applica ons to scale horizontally by distribu ng workload across mul ple instances or
containers. Use services like AWS Auto Scaling or Kubernetes for dynamic scaling based on demand.
Resilience: Implement fault-tolerant designs by using redundancy, retries, and circuit breakers to handle
failures gracefully. Leverage services like AWS Elas c Load Balancing and Azure Traffic Manager for high
availability.
Security: Follow security best prac ces by encryp ng data in transit and at rest, implemen ng least
privilege access controls, and regularly upda ng dependencies to address vulnerabili es.
Microservices Architecture: Decompose applica ons into small, loosely coupled services to promote
agility, scalability, and easier maintenance.
Infrastructure as Code (IaC): Use tools like Terraform or AWS CloudForma on to provision and manage
infrastructure programma cally, ensuring consistency and repeatability.

60
Cloud Security Analyst

Con nuous Integra on/Con nuous Deployment (CI/CD): Automate the build, test, and deployment
processes to streamline development cycles and deliver updates quickly and reliably.
Monitoring and Logging: Implement comprehensive monitoring and logging to track performance,
detect anomalies, and troubleshoot issues effec vely. Use tools like AWS CloudWatch or Azure Monitor
for centralized logging and monitoring.
Cost Op miza on: Op mize resource usage and costs by rightsizing instances, leveraging spot
instances, and implemen ng cost-aware architectures.

Exercise
Q.1. What are the popular tools and pla orms available for programming in the cloud environment?

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.2. How to assess so ware development needs and changes?

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Scan this QR Code to watch the related videos or click on the given link

h ps://www.youtube.com/watch?v=1ERdeg8Sfv4&t=28s
Cloud Development Tools

61
Par cipant Handbook

62
5. Cloud Compu ng:
Incident Detec on
Unit 5.1 – Incident Detec on in Cloud Compu ng

SSC/N8334
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Describe incident management for cloud compu ng arising due to the deviated behaviour in
cloud systems.
2. Develop secure pla orms for a stable environment for an organiza on to work on.

64
Cloud Security Analyst

UNIT 5.1: Incident Detec on in Cloud compu ng

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Define the security incident
2. Differen ate between categories of incidents
3. Explain the principles of security audits.

5.1.1 What is Security Incident?

Fig. 5.1.1. Security Incident in cloud system

A security incident refers to any adverse event or occurrence that compromises the confiden ality,
integrity, or availability of an organiza on's informa on systems, data, or resources. It can encompass a
wide range of events, including:
Unauthorized Access: A empted or successful unauthorized access to systems, networks, or data by
internal or external par es.
Malware Infec ons: Installa on or execu on of malicious so ware (e.g., viruses, ransomware, Trojans)
that compromises system func onality or steals sensi ve informa on.
Data Breaches: Unauthorized disclosure, altera on, or destruc on of sensi ve or confiden al data, such
as customer informa on, financial records, or intellectual property.
Denial of Service (DoS) A acks: Deliberate a empts to disrupt or overload network services or
resources, rendering them inaccessible to legi mate users.
Insider Threats: Malicious or inadvertent ac ons by employees, contractors, or partners that undermine
system security or violate organiza onal policies.
Physical Security Breaches: Unauthorized access to physical facili es, equipment, or assets, leading to
the , vandalism, or sabotage.
Social Engineering A acks: Decep ve techniques used to manipulate individuals into disclosing
sensi ve informa on, such as phishing, pretex ng, or impersona on.

65
Par cipant Handbook

5.1.2 How to differen ate between Categories of Incidents


Incidents are o en categorized based on severity, impact, and nature of the event. Common categories
include:
Low-Impact Incidents: Minor events that have minimal impact on opera ons or data integrity, such as
spam emails or unsuccessful login a empts.
Medium-Impact Incidents: Events that disrupt normal opera ons or compromise confiden ality,
integrity, or availability to some extent, requiring inves ga on and remedia on.
High-Impact Incidents: Significant events that cause severe disrup on, financial loss, or reputa onal
damage, such as data breaches, ransomware a acks, or prolonged system outages.

5.1.3 Principles of Security Audits


Security audits adhere to several principles to ensure effec veness and thoroughness:
Independence: Auditors must be independent of the systems or processes they are audi ng to maintain
objec vity and impar ality.
Relevance: Audits focus on per nent security controls, risks, and compliance requirements tailored to
the organiza on's objec ves and industry standards.
Comprehensiveness: Audits cover all relevant aspects of security, including policies, procedures,
technical controls, and opera onal prac ces.
Accuracy: Audit findings and assessments must be accurate, reliable, and based on factual evidence
rather than assump ons or biases.
Timeliness: Audits are conducted in a mely manner to provide ac onable insights and
recommenda ons promptly.

5.1.4 Importance of helping Auditors Gain the required


Informa on
Helping auditors gain the required informa on is vital as it ensures:
Transparency: Providing access to necessary informa on fosters transparency and trust between
auditors and the organiza on.
Efficiency: Access to relevant data and documenta on streamlines the audit process, enabling auditors
to conduct thorough assessments effec vely.
Compliance: Facilita ng auditors' access to informa on ensures compliance with regulatory
requirements and industry standards.
Effec ve Risk Management: Auditors can iden fy and address security vulnerabili es, weaknesses, and
non-compliance issues more effec vely with access to comprehensive informa on.

5.1.5 Technologies available to Detect Security Incidents


Various technologies are available to detect security incidents and threats within an organiza on's IT
infrastructure:

66
Cloud Security Analyst

Intrusion Detec on Systems (IDS): IDS monitor network traffic for suspicious pa erns and anomalies,
aler ng administrators to poten al security breaches.
Security Informa on and Event Management (SIEM): SIEM solu ons collect and analyze log data from
various sources to detect security incidents, correlate events, and provide real- me threat intelligence.
Endpoint Detec on and Response (EDR): EDR tools monitor endpoints for malicious ac vi es and
unusual behavior, enabling rapid detec on and response to security incidents.
Network Traffic Analysis (NTA): NTA solu ons analyze network traffic to iden fy abnormal behavior,
unauthorized access a empts, and malware infec ons.
User and En ty Behavior Analy cs (UEBA): UEBA tools use machine learning algorithms to analyze user
behavior and detect anomalous ac vi es indica ve of insider threats or compromised accounts.
Threat Intelligence Pla orms (TIP): TIPs aggregate and analyze threat data from various sources to
iden fy emerging threats and provide context for security incidents.

5.1.6 Methods to predict and Extrapolate a acks ahead of


their Occurrence
Predic ng and extrapola ng a acks ahead of their occurrence involve leveraging various methods and
techniques:
Threat Intelligence Analysis: Monitor threat intelligence feeds and sources to iden fy emerging threats,
tac cs, techniques, and procedures (TTPs) used by cyber adversaries.
Behavioral Analy cs: Analyze historical data and pa erns of past a acks to predict future trends and
an cipate poten al a ack vectors and methods.
Machine Learning and AI: U lize machine learning algorithms to analyze vast amounts of data, detect
anomalies, and predict poten al a ack pa erns based on historical and real- me data.
Vulnerability Assessments and Penetra on Tes ng: Conduct regular assessments and penetra on tests
to iden fy weaknesses and vulnerabili es in systems, networks, and applica ons, allowing organiza ons
to proac vely address security gaps before they are exploited by a ackers.
Threat Modeling: Develop threat models to iden fy poten al a ack scenarios, assess their likelihood
and impact, and priori ze mi ga on strategies accordingly.
Cybersecurity Drills and Red Teaming: Simulate a ack scenarios through cybersecurity drills and red
team exercises to assess the organiza on's readiness, detect weaknesses, and validate incident response
capabili es.
User Behavior Monitoring: Monitor user behavior and ac vity logs to detect suspicious or anomalous
behavior indica ve of poten al insider threats or compromised accounts.
Collabora on and Informa on Sharing: Engage in informa on sharing and collabora on with industry
peers, government agencies, and cybersecurity communi es to stay informed about emerging threats
and a ack trends.

5.1.7 How to examine the Levels of Risk that Threaten the


Security of Cloud Solu ons
Various vulnerability tests can help assess the levels of risk that threaten the security of cloud solu ons:

67
Par cipant Handbook

Penetra on Tes ng (Pen Tes ng): Simulates real-world a acks to iden fy vulnerabili es and
weaknesses in cloud infrastructure, applica ons, and networks. It provides insights into poten al
security risks and helps priori ze remedia on efforts.
Vulnerability Scanning: Automated tools scan cloud environments for known vulnerabili es in so ware,
configura ons, and systems. Vulnerability scanning helps iden fy weaknesses that could be exploited by
a ackers and enables proac ve patching and mi ga on.
Configura on Audits: Assess the configura ons of cloud services and infrastructure against security best
prac ces, industry standards, and regulatory requirements. Configura on audits help iden fy
misconfigura ons, insecure se ngs, and compliance viola ons that could pose security risks.
Web Applica on Security Tes ng: Focuses on assessing the security of web applica ons hosted in the
cloud, including tes ng for common vulnerabili es such as injec on flaws, broken authen ca on, and
sensi ve data exposure.
Network Security Tes ng: Evaluates the security of cloud network architectures, including firewall
configura ons, network segmenta on, and traffic monitoring. Network security tes ng helps iden fy
vulnerabili es and weaknesses in network defenses that could be exploited by a ackers.
Code Review and Sta c Analysis: Analyzes applica on code and scripts for security vulnerabili es,
coding errors, and poten al weaknesses. Code review and sta c analysis help iden fy vulnerabili es
early in the development lifecycle and reduce the risk of introducing security flaws into cloud-based
applica ons.
Threat Modeling: Systema cally iden fies poten al threats, vulnerabili es, and a ack vectors in cloud
solu ons by analyzing system components, data flows, and trust boundaries. Threat modeling helps
priori ze security controls and mi ga on strategies based on the likelihood and impact of poten al
threats.
Red Team Exercises: Simulates real-world a ack scenarios by deploying skilled professionals to emulate
the tac cs, techniques, and procedures (TTPs) of threat actors. Red team exercises help assess the
effec veness of security controls, incident response capabili es, and overall resilience of cloud solu ons
against sophis cated a acks.

5.1.8 Signature-based and Anomaly-based Intrusions


Signature-based intrusion detec on relies on predefined pa erns or signatures of known a acks to
iden fy malicious ac vity. It compares network traffic, system logs, or file signatures against a database
of known a ack signatures.
Anomaly-based intrusion detec on monitors system or network ac vity for devia ons from normal
behavior. It establishes a baseline of typical ac vity and triggers alerts when anomalies, such as
unusual traffic pa erns or abnormal user behavior, are detected, even if the specific a ack is
unknown or does not match a predefined signature.

5.1.9 How to Assess and Improve Threat Detec on Processes


Assessing and improving threat detec on processes involves several key steps:
Evalua on: Assess the effec veness of exis ng threat detec on tools, techniques, and processes
through audits, reviews, and performance metrics analysis.

68
Cloud Security Analyst

Gap Analysis: Iden fy gaps and weaknesses in threat detec on capabili es by comparing current
prac ces against industry standards, best prac ces, and regulatory requirements.
Technology Adop on: Invest in advanced threat detec on technologies such as machine learning,
ar ficial intelligence, and behavioral analy cs to enhance detec on capabili es and adapt to evolving
threats.
Training and Awareness: Provide training and awareness programs to security personnel to improve
their skills in threat detec on, incident response, and analysis.
Con nuous Improvement: Establish a culture of con nuous improvement by regularly reviewing and
upda ng threat detec on processes based on lessons learned, emerging threats, and organiza onal
changes.

5.1.10 KPIs to keep a check on Security Threats and Incidents


Key Performance Indicators (KPIs) for monitoring security threats and incidents include:
Incident Response Time: Measure the me taken to detect, analyze, and respond to security incidents.
Incident Resolu on Rate: Track the percentage of security incidents successfully resolved within
predefined meframes.
Incident Resolu on Rate: Track the percentage of security incidents successfully resolved within
predefined meframes.
Incident Resolu on Rate: Track the percentage of security incidents successfully resolved within
predefined meframes.
Mean Time to Detect (MTTD): Evaluate the average me taken to detect security threats or incidents
from the moment they occur.
Mean Time to Recover (MTTR): Measure the average me taken to recover from security incidents and
restore normal opera ons.

5.1.11 Importance of Predic ve Analy cs Solu ons to detect


Incidents even before they take place
Predic ve analy cs solu ons analyze historical data, pa erns, and trends to iden fy poten al security
threats before they occur. By leveraging advanced algorithms and machine learning techniques,
organiza ons can proac vely detect and mi gate risks, prevent breaches, and strengthen their overall
security posture, enhancing resilience against cyber threats.

5.1.12 Methods to Monitor Con nuously for any Incidents or


Threats
Con nuous monitoring for incidents or threats involves:
Real- me Alerts: Set up automated alerts for suspicious ac vi es, unusual behavior, or security events
across systems and networks.
Log Analysis: Regularly review and analyze logs from various sources, including network devices, servers,
and applica ons, to detect anomalies or poten al security incidents.

69
Par cipant Handbook

Network Traffic Analysis: Monitor network traffic pa erns and anomalies using intrusion detec on
systems (IDS) or network traffic analysis (NTA) tools..
Endpoint Detec on and Response (EDR): Deploy EDR solu ons to monitor and analyze endpoint ac vity
for signs of compromise or malicious behavior.
Threat Intelligence Feeds: Integrate threat intelligence feeds to stay updated on emerging threats and
indicators of compromise (IOCs).

5.1.13 Data to be Accumulated to Support Audit Reviews


Data accumulated to support audit reviews typically include:
User Access Logs: Records of user logins, ac vi es, and access
System Configura on Records: Details of system configura ons, se ngs, privileges. and changes.
Network Traffic Logs: Logs of network traffic, connec ons, and data transfers.
Security Incident Reports: Documenta on of past security incidents, their impact, and resolu on.
Policy and Procedure Documents: Copies of security policies, procedures, and guidelines.
Vulnerability Assessment Reports: Reports from vulnerability scans and assessments.
Compliance Documenta on: Evidence of compliance with regulatory standards and industry best
prac ces.
Training Records: Records of security training and awareness programs a ended by employees.
Asset Inventory: Inventory of hardware, so ware, and other assets.
Third-Party Assessments: Reports from third-party security assessments and audits.

5.1.14 Importance of various Stakeholders in Iden fying


Threats and Vulnerabili es
Various stakeholders, including IT personnel, security professionals, execu ves, and end-users, play
crucial roles in iden fying threats and vulnerabili es. Their collec ve exper se, perspec ves, and
insights enable comprehensive threat assessment, proac ve vulnerability iden fica on, and effec ve
risk mi ga on strategies, enhancing overall cybersecurity resilience and protec ng organiza onal
assets.

5.1.15 Best Prac ces and Guidelines Associated with


Incident Detec on
Best prac ces for incident detec on include:
Ÿ Implemen ng robust monitoring tools to track system and network ac vi es.
Ÿ Establishing clear incident detec on criteria and thresholds.
Ÿ Regularly reviewing logs and security alerts for anomalies.
Ÿ Conduc ng regular security assessments and vulnerability scans.
Ÿ U lizing threat intelligence feeds to stay informed about emerging threats.
Ÿ Implemen ng user behavior analy cs to detect abnormal user ac vi es.

70
Cloud Security Analyst

Ÿ Developing incident response plans with defined roles, responsibili es, and escala on procedures.
Ÿ Providing regular training to staff on incident detec on and response procedures.

Exercise
Q.1. Write a short note on various types of security incident:

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.2. How to differen ate between categories of incidents?

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.3. What are the technologies available to detect security incidents?

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Scan this QR Code to watch the related videos or click on the given link

h ps://www.youtube.com/watch?v=VNp35Uw_bSM
Incident detec on in Cloud compu ng

71
Par cipant Handbook

72
6. Cloud Compu ng:
Incident Response
Unit 6.1 – Incident Response in Cloud Compu ng

SSC/N8335
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Explain the tools and techniques to detect and neutralize security incidents.
2. Describe the standard procedure to handle security incidents.
3. Determine a suitable response plan based on the incident category.

74
Cloud Security Analyst

UNIT 6.1: Incident Response in Cloud Compu ng

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. List the tools, techniques, and procedures to track and mi gate security intrusions.
2. Outline the methods to iden fy compromised and affected systems.
3. Explain the methods to prevent further expansion of the security incident.

6.1.1 Key Tools, Techniques, and Procedures to Track and


Mi gate Security Intrusions

Fig. 6.1.1. Network Intrusion Detec on System

Key tools, techniques, and procedures to track and mi gate security intrusions include:
Ÿ Intrusion Detec on Systems (IDS): Monitors network traffic for suspicious ac vi es or pa erns.
Ÿ Intrusion Preven on Systems (IPS): Iden fies and blocks poten al security threats in real- me.
Ÿ Security Informa on and Event Management (SIEM): Collects and analyzes security event data from
various sources.
Ÿ Firewalls: Controls and filters network traffic based on predefined security rules.
Ÿ Endpoint Detec on and Response (EDR): Monitors and responds to suspicious ac vi es on
endpoints.
Ÿ Vulnerability Scanning: Iden fies and priori zes security vulnerabili es in systems and networks.
Ÿ Penetra on Tes ng: Simulates real-world a acks to iden fy weaknesses and security flaws.
Ÿ User Educa on and Awareness Training: Educates users about security best prac ces and how to
iden fy poten al threats.
Ÿ Incident Response Plans: Establishes procedures for responding to security incidents in a mely and
effec ve manner.
Ÿ Threat Intelligence Feeds: Provides informa on about emerging threats and a ack trends.
Ÿ Patch Management: Ensures that systems and so ware are up-to-date with the latest security
patches and updates.

75
Par cipant Handbook

Ÿ Encryp on: Protects sensi ve data by conver ng it into unreadable ciphertext.


Ÿ Access Control and Authen ca on Mechanisms: Controls access to systems and resources based on
user creden als and permissions.
Ÿ Security Policies and Procedures: Establishes guidelines and protocols for maintaining security
standards and responding to incidents.

6.1.2 Methods to Iden fy Compromised and Affected


Systems
Methods to iden fy compromised and affected systems include:
Anomaly Detec on: Monitor system and network ac vi es for unusual or suspicious behavior, such as
unauthorized access a empts or abnormal resource usage.
Endpoint Detec on and Response (EDR): Deploy EDR solu ons to con nuously monitor and analyze
endpoint ac vity for signs of compromise, such as malware infec ons or unusual file modifica ons.
Network Traffic Analysis: Analyze network traffic pa erns and anomalies using intrusion detec on
systems (IDS) or network traffic analysis (NTA) tools to iden fy poten ally compromised systems or
malicious ac vi es.
Security Informa on and Event Management (SIEM): Aggregate and correlate security event data from
various sources, such as logs, alerts, and sensors, to detect indicators of compromise (IOCs) and
anomalous behavior across systems and networks.
Vulnerability Scanning: Conduct regular vulnerability scans to iden fy security weaknesses and
poten al entry points for a ackers on systems and networks.
User Behavior Analy cs (UBA): Monitor user behavior and ac vity logs to detect abnormal or suspicious
ac ons that may indicate compromised creden als or insider threats.
Forensic Analysis: Conduct forensic analysis of systems and logs to inves gate security incidents,
iden fy the scope of compromise, and determine the extent of damage or data exfiltra on.

6.1.3 How to Determine what was Stolen or Changed


during Breach
Damage assessments aim to determine the extent of harm caused by a security breach, including what
was stolen or changed. This process involves:
Data Examina on: Analyzing affected systems, databases, and logs to iden fy unauthorized access, data
exfiltra on, or altera ons.
Forensic Analysis: Conduc ng in-depth forensic inves ga ons to trace the a acker's ac vi es, iden fy
compromised data, and understand the a ack vector.
Compara ve Analysis: Comparing current data and system states with previous records or backups to
iden fy discrepancies or unauthorized changes.
Data Classifica on: Priori zing the assessment based on the sensi vity and cri cality of the
compromised data or systems.
Documenta on: Documen ng findings, including the nature and extent of stolen or altered data, for
repor ng, legal proceedings, and remedia on efforts.

76
Cloud Security Analyst

6.1.4 Scenarios where it is necessary to Report to Law


Enforcement Agencies
Repor ng to law enforcement agencies is necessary in various scenarios involving criminal ac vi es or
security breaches:
Data Breaches: When sensi ve informa on, such as personal data or financial records, is compromised
through unauthorized access or cybera acks.
Cybercrime: In cases of ransomware a acks, phishing scams, iden ty the , or hacking incidents that
target individuals, businesses, or cri cal infrastructure.
Fraudulent Ac vi es: Instances of online fraud, payment scams, or financial crimes that involve
fraudulent transac ons or unauthorized access to accounts.
Threats to Na onal Security: Suspected terrorist ac vi es, cyber espionage, or threats to cri cal
government infrastructure that pose risks to na onal security.
Child Exploita on: Cases involving child pornography, online grooming, or exploita on of minors that
violate child protec on laws.

6.1.5 Methods to Prevent further Expansion of the


Security Incident
.Preven ng further expansion of a security incident involves swi and decisive ac ons to contain the
threat and mi gate its impact. Key methods include:
Isola on: Immediately isolate affected systems or networks from the rest of the infrastructure to
prevent the spread of malware or unauthorized access.
Patch and Update: Apply security patches and updates to vulnerable systems and so ware to address
known vulnerabili es exploited by a ackers.
Change Creden als: Reset compromised passwords and creden als to prevent unauthorized access and
limit the a acker's ability to move laterally within the network.
Network Segmenta on: Implement network segmenta on to compartmentalize sensi ve assets and
limit the a acker's ability to move freely across the network.
Incident Response: Ac vate incident response procedures to coordinate efforts, gather evidence, and
contain the incident effec vely.
Con nuous Monitoring: Maintain con nuous monitoring of systems and networks to detect any further
unauthorized ac vi es or anomalies.
User Educa on: Provide ongoing cybersecurity awareness training to employees to recognize and report
suspicious ac vi es, minimizing the risk of further exploita on.

6.1.6 Methods to Neutralize the Effects of a Security Incident


and Restore Fully Opera onal System Capability a er it
Neutralizing the effects of a security incident and restoring fully opera onal system capability involves a
systema c approach to recovery and remedia on. Key methods include:
Backup Restora on: Restore data and system configura ons from backups to recover lost or
compromised informa on and ensure data integrity.

77
Par cipant Handbook

Patch and Update: Apply security patches and updates to remediate vulnerabili es exploited during the
incident and prevent future a acks.
System Hardening: Implement security best prac ces, such as disabling unnecessary services,
configuring firewalls, and implemen ng access controls, to strengthen system defenses.
Incident Review and Lessons Learned: Conduct a thorough post-incident analysis to iden fy root
causes, vulnerabili es, and gaps in security controls. Use this informa on to improve incident response
procedures and strengthen defenses against future incidents.
Communica on and Transparency: Keep stakeholders informed about the incident, its impact, and the
remedia on efforts. Provide mely updates on progress and ac ons taken to restore normal opera ons.
User Training: Reinforce cybersecurity awareness and best prac ces among employees to prevent
similar incidents in the future.

6.1.7 Key Sources of Threat Intelligence


Security Vendors: Security companies and vendors offer threat intelligence feeds based on research,
monitoring, and analysis of global cyber threats.
Government Agencies: Na onal and interna onal government agencies provide threat intelligence
reports, alerts, and advisories based on their monitoring of cyber threats and a acks.
Open-source Intelligence (OSINT): Publicly available informa on from forums, social media, and hacker
communi es can provide valuable insights into emerging threats and a ack techniques.
Informa on Sharing Communi es: Industry-specific informa on sharing and analysis centers (ISACs)
and threat intelligence sharing pla orms facilitate collabora on and sharing of threat intelligence
among organiza ons within the same sector.
Malware Analysis: Analyzing malware samples and reverse-engineering techniques can uncover
insights into malware capabili es, origins, and poten al threat actors.

6.1.8 Importance of Various Stakeholders in Ensuring


Compliance with Standards/SLAs for Security
Incident Resolu on
Various stakeholders, including IT security teams, incident response teams, legal departments, and
execu ve leadership, play crucial roles in ensuring compliance with standards and SLAs for security
incident resolu on. Their collabora on and coordina on ensure mely and effec ve response,
adherence to regulatory requirements, and protec on of organiza onal assets and reputa on.

78
Cloud Security Analyst

Exercise
Q.1. List 5 main tools, techniques, and procedures to track and mi gate security intrusions:

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.2. Describe in short the methods to iden fy compromised and affected systems:

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.3. How to determine what was stolen or changed during breach?

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Scan this QR Code to watch the related videos or click on the given link

h ps://www.youtube.com/watch?v=E9pHJRRfAhw
Tools, techniques, and procedures to track and mi gate security intrusions

79
Par cipant Handbook

80
7. Cloud Compu ng:
Con nuous Monitoring
Unit 7.1 – Con nuous Monitoring in Cloud Compu ng

SSC/N8337
Par cipant Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Explain the frameworks and tools to monitor the security of cloud systems.
2. Develop escala on matrix and frameworks for prompt ac on against security threats.

82
Cloud Security Analyst

UNIT 7.1: Con nuous Monitoring in Cloud Compu ng

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Outline the importance of Threat Hun ng and Intelligence-Driven Incident Response
2. List the tools and methodologies to iden fy, track, and con nuously monitor incidents.
3. Iden fy low-risk and high-confidence threat containment processes

7.1.1 Importance of Threat Hun ng and Intelligence-Driven


Incident Response versus Reac ve Response

Fig. 7.1.1. Threat Hun ng Loop

Threat hun ng and intelligence-driven incident response represent proac ve approaches to


cybersecurity, contras ng with reac ve responses. while reac ve responses are necessary, the proac ve
nature of threat hun ng and intelligence-driven incident response empowers organiza ons to stay
ahead of threats, minimize damage, and strengthen overall cybersecurity posture.
Threat Hun ng and Intelligence-Driven Incident Response:
Ÿ Proac vity: It involves ac vely searching for signs of compromise and threats within the
environment.
Ÿ Early Detec on: Iden fies poten al threats and vulnerabili es before they escalate into full-fledged
incidents.
Ÿ Contextual Understanding: Leverages threat intelligence to understand the adversary's tac cs,
techniques, and procedures.
Ÿ Con nuous Improvement: Enables organiza ons to evolve their defenses based on emerging threats
and trends.

Reac ve Response:
Ÿ A er-the-Fact: Reacts to incidents a er they have occurred, o en leading to delayed detec on and
response.

83
Par cipant Handbook

Ÿ Damage Control: Focuses on containing and mi ga ng the immediate impact of the incident.
Ÿ Limited Insights: Provides limited insights into the root causes and broader threat landscape.
Ÿ Ad Hoc: Responses may lack cohesion and consistency, increasing the risk of recurrence.

7.1.2 Latest Tools and Methodologies to Iden fy, Track, and


Con nuously Monitor Incidents
The latest tools and methodologies for iden fying, tracking, and con nuously monitoring incidents
include:
Ÿ Security Informa on and Event Management (SIEM): SIEM pla orms aggregate and correlate
security event data from various sources to detect and respond to threats in real- me.
Ÿ User and En ty Behavior Analy cs (UEBA): UEBA solu ons analyze user and en ty behaviors to
iden fy anomalies and poten al security incidents.
Ÿ Endpoint Detec on and Response (EDR): EDR tools monitor and analyze endpoint ac vi es for signs
of compromise and malicious behavior.
Ÿ Network Traffic Analysis (NTA): NTA solu ons monitor network traffic pa erns to detect suspicious
ac vi es and poten al threats.
Ÿ Threat Intelligence Pla orms (TIP): TIPs collect and analyze threat intelligence data to iden fy and
mi gate poten al threats.
Ÿ Decep on Technologies: Decep on tools deploy decoy systems and data to lure a ackers and detect
their presence within the network.
Ÿ Con nuous Monitoring and Automated Aler ng: Implemen ng automated monitoring and aler ng
mechanisms to detect and respond to incidents in real- me.

7.1.3 How to Iden fy Low-Risk and High-confidence Threat


Containment Processes
Iden fying low-risk and high-confidence threat containment processes for automa on involves several
steps:
Risk Assessment: Evaluate the poten al impact and likelihood of threats based on their nature, context,
and historical data.
Incident Priori za on: Priori ze incidents based on their severity, cri cality, and poten al impact on the
organiza on.
Automatable Processes: Iden fy containment processes with low risk and high confidence levels, such
as isola ng a compromised endpoint or blocking known malicious domains.
Automa on Criteria: Establish criteria for automa ng containment processes, considering factors like
repeatable workflows, minimal human interven on, and clear decision-making criteria.
Tes ng and Valida on: Validate automated processes through tes ng and simula on to ensure
effec veness, accuracy, and minimal false posi ves.

84
Cloud Security Analyst

7.1.4 Common Security Threats in Cloud Systems across


various Industry Ver cals
Common security threats in cloud systems across various industry ver cals include:
Data Breaches: Unauthorized access to sensi ve data stored in the cloud.
Account Hijacking: Compromised creden als leading to unauthorized access to cloud accounts.
Insider Threats: Malicious or negligent ac ons by employees or contractors.
Malware Infec ons: Malicious so ware infec ng cloud environments.
DDoS A acks: Disrup ng cloud services by overwhelming them with traffic.
Misconfigura on: Incorrectly configured cloud resources leading to vulnerabili es.
Insecure APIs: Weaknesses in applica on programming interfaces (APIs) used to access cloud services.
Lack of Visibility: Limited visibility into cloud environments, making it challenging to detect and respond
to threats effec vely.

7.1.5 Security needs of Sample Organiza ons


Security needs for sample organiza ons vary based on the threats they face. For instance:
Financial Ins tu ons: Require robust measures against data breaches, account hijacking, and DDoS
a acks to protect sensi ve financial data and maintain customer trust.
Healthcare Providers: Priori ze safeguarding pa ent informa on from data breaches, insider threats,
and ransomware a acks to ensure compliance with HIPAA regula ons and protect pa ent privacy.
E-commerce Pla orms: Need defenses against account hijacking, malware infec ons, and payment
fraud to secure customer transac ons and maintain business credibility.
Government Agencies: Focus on defending against insider threats, DDoS a acks, and cyber espionage to
safeguard sensi ve government data, cri cal infrastructure, and na onal security interests.

7.1.6 Methods that Drive and Increase Organiza onal


Awareness of Security Threats
Security Training Programs: Regular training sessions to educate employees about various threats,
phishing a acks, and best prac ces.
Security Awareness Campaigns: Launching campaigns to highlight current threats, recent breaches, and
ways to stay vigilant.
Simulated Phishing Exercises: Conduc ng mock phishing campaigns to test employee response and
reinforce security awareness.
Regular Communica ons: Providing mely updates and reminders about security policies, procedures,
and emerging threats.

85
Par cipant Handbook

Exercise
Q.1. Write a short note on importance of Threat Hun ng and Intelligence-Driven Incident Response:

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.2. List the latest tools and methodologies available to iden fy, track, and con nuously monitor
incidents:

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Q.3. How to iden fy low-risk and high-confidence threat containment processes?

__________________________________________________________________________________

__________________________________________________________________________________

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Scan this QR Code to watch the related videos or click on the given link

h ps://www.youtube.com/watch?v=o96RjqNp2wQ
Con nuous Monitoring in Cloud Compu ng

86
Cloud Security Analyst

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

87
Par cipant Handbook

88
8. Inclusive and
Environmentally
Sustainable
Workplaces
Unit 8.1 – Sustainable Practices in the Workplace
Unit 8.2 – Diversity and Equity Promotion Strategies in the
Workplace

SSC/N9014
ParParcipant
cipant Guide
Handbook

Key Learning Outcomes


At the end of this module, par cipant will be able to:
1. Discuss the sustainable prac ces in the workplace.
2. Explain strategies for respec ng diversity and strengthening prac ces to promote equity and
inclusivity.
3. Demonstrate methods for improving diversity, equality, and inclusion in an environmentally
sustainable workplace.

90
Cloud Security Analyst

UNIT 8.1: Sustainable Prac ces in the Workplace

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Describe different approaches for efficient energy resource u lisa on and waste management.
2. Prac ce the segrega on of recyclable, non-recyclable and hazardous waste generated.
3. Demonstrate different methods of energy resource use op miza on and conserva on.

8.1.1 Sustainability
Sustainability is the equilibrium among the environment, equity, and economy. In 1987, the Brundtl and
Commission of the United Na ons characterized sustainability as "addressing the requirements of the
current genera on without jeopardizing the capacity of succeeding genera ons to fulfill their own
necessi es.”
Sustainability is a concept comprised of three interconnected pillars, each playing a vital role in achieving
a harmonious and balanced system. These three pillars collec vely form the founda on for sustainable
development, ensuring that ac ons and decisions consider the broader impact on our planet and future
genera ons.

Fig. 8.1.1. Three Pillars of Sustainability

The pillars of sustainability are:


Ÿ Economy: This pillar emphasizes the importance of economic ac vi es that promote long-term
prosperity without compromising the well-being of current and future genera ons.
Ÿ Society: The social pillar focuses on fostering equity, inclusivity, and social well-being. Sustainable
prac ces in this realm priori ze fair and just socie es, where all individuals have equal access to
resources, opportuni es, and basic needs.
Ÿ Environment: The environmental pillar underscores the necessity of preserving and protec ng the
natural world. Sustainable environmental prac ces aim to minimize nega ve impacts on ecosystems,
biodiversity, and natural resources.

8.1.2 Sustainable Prac ces


Sustainable pra ces at the workplace refer to the adop on of environmentally and socially responsible
strategies and behaviours by organiz ons to ensure long-term viability, minimize neg ve impacts, and
contribute pos vely to the well-being of the environment, society, and the economy.

91
ParParcipant
cipant Guide
Handbook

Components of Sustainable Pra ces at Workplace

Energy Efficiency: Ÿ Adop on of energy-efficient technologies.


Ÿ Implementa on of prac ces to reduce energy
consump on.
Ÿ Integra on of renewable energy sources.

Waste Reduc on and Recycling: Ÿ Establishment of waste reduc on ini a ves.


Ÿ Implementa on of recycling programs for various
materials.
Ÿ Proper disposal of hazardous waste.

Sustainable Procurement: Ÿ Selec on of suppliers based on sustainable prac ces.


Ÿ Considera on of the environmental and social impact of
products and materials.
Ÿ Integra on of ethical sourcing in procurement processes

Environmental Conserva on: Ÿ Conserva on of water resources through responsible


usage.
Ÿ Preserva on of natural habitats and biodiversity.
Ÿ Implementa on of landscaping prac ces that promote
ecological health.

Social Responsibility: Ÿ Fair and ethical treatment of employees.


Ÿ Promo on of diversity and inclusion in the workplace.
Ÿ Community engagement and support for local
ini a ves.
Ÿ Ensuring health and safety standards for employees.

Green Building and Infrastructure: Ÿ Design and construc on of environmentally friendly


buildings.
Ÿ Integra on of energy-efficient systems in infrastructure.
Ÿ Implementa on of sustainable landscaping and outdoor
spaces.

Sustainable Transporta on: Ÿ Promo on of eco-friendly commu ng op ons for


employees.
Ÿ Adop on of green transporta on prac ces.
Ÿ Provision of facili es for bicycle commu ng or electric
vehicle charging.

Sustainable Supply Chain Ÿ Assessment and selec on of suppliers based on


Management: sustainability criteria.
Ÿ Implementa on of traceability and transparency in the
supply chain.
Ÿ Efforts to minimize the carbon footprint in logis cs and
transporta on.

Employee Engagement and Ÿ Training programs on sustainable prac ces and


Educa on: corporate sustainability goals.
Ÿ Encouragement of employee par cipa on in
sustainability ini a ves.

92
Cloud Security Analyst

Regulatory Compliance: Ÿ Adherence to environmental and social regula ons.


Ÿ Monitoring and repor ng on sustainability
performance.
Ÿ Con nuous adjustment of prac ces to meet evolving
regulatory standards.

Fig. 8.1.2. Sustainable Prac ces at Workplace

8.1.3 Efficient Energy Resource U lisa on


Energy resource u liza on and conserva on refers to the prac ce of efficiently u lizing and preserving
energy sources to minimize waste, reduce environmental impact, and promote sustainability. This
involves adop ng measures and strategies to op mize energy use across various sectors.

Fig. 8.1.3. Efficient Energy Resource U lisa on

The different approaches for efficient energy resource u liza on and conserva on are:
1. Advanced Metering Infrastructure (AMI): Advanced Metering Infrastructure (AMI) is a sophis cated
system of smart meters, communica on networks, and data management systems designed to
modernize and enhance the func onality of tradi onal u lity metering. AMI enables the collec on,
analysis, and communica on of detailed energy consump on data in real- me, offering numerous
advantages over conven onal metering systems.
2. Energy Management Systems (EMS): Energy Management Systems (EMS) are comprehensive
so ware and hardware solu ons designed to monitor, control, and op mize energy consump on
within various environments. EMS plays a crucial role in enhancing energy efficiency, reducing costs,
and suppor ng sustainability ini a ves.
3. Energy Audits: Energy audits are systema c assessments of energy usage and efficiency within a
facility, building, or industrial process. The primary goal is to iden fy opportuni es for energy
conserva on, cost savings, and overall improvement in energy performance.

93
ParParcipant
cipant Guide
Handbook

4. Energy-Efficient Ligh ng: Energy-efficient ligh ng refers to the use of ligh ng technologies and
strategies that minimize energy consump on while maintaining or improving the quality of
illumina on. This approach is crucial for reducing electricity costs, enhancing sustainability, and
mi ga ng environmental impacts.
5. Green Building Cer fica ons: Green Building Cer fica ons offer a comprehensive framework to
advocate for environmentally responsible and sustainable prac ces in both the construc on and
opera on of buildings. One prominent cer fica on is LEED (Leadership in Energy and Environmental
Design), se ng the standard for environmentally friendly building design.
6. Combined Heat and Power (CHP) Systems: Combined Heat and Power (CHP) systems, also denoted to
as cogenera on, represent integrated energy systems that produce electricity and valuable thermal
energy from a single fuel source. This approach significantly enhances overall energy efficiency
equated to the separate produc on of electricity and thermal energy.
7. Energy-Efficient HVAC Systems: Energy-efficient Hea ng, Ven la on, and Air Condi oning (HVAC)
systems play a essen al role in eleva ng building sustainability and promo ng energy conserva on.
These systems incorporate advanced technologies and features priori zing energy efficiency,
resul ng in decreased energy consump on and opera onal costs.

8.1.4 Waste Management


Waste management denotes to the collec on, transporta on, treatment, and disposal of waste
materials in a way that protects human health and the environment. In the workplace context, it
encompasses everything from recycling paper to compos ng food scraps to responsibly disposing of
electronic equipment.

Fig. 8.1.4. Waste Disposal

Importance of Waste Management


1. Environmental Conserva on:
Ÿ Reducing waste genera on and promo ng recycling contribute to the conserva on of precious
resources.
Ÿ Minimizing landfill usage helps mi gate environmental degrada on and combat climate change.

94
Cloud Security Analyst

2. Employee Health and Well-being:


Ÿ A clean and organized work environment, facilitated by effec ve waste management, fosters a sense
of well-being among employees.
Ÿ Proper waste disposal reduces health hazards associated with unmanaged waste, contribu ng to a
healthier workplace.

3. Cost Savings:
Ÿ Implementa on of efficient waste management systems results in significant reduc ons in waste
disposal costs.
Ÿ Recycling programs can poten ally unlock revenue streams, offering financial benefits to
organiza ons.

4. Brand Reputa on:


Ÿ Demonstra ng a commitment to sustainability, including effec ve waste management, enhances a
company's image.
Ÿ A posi ve corporate image a racts eco-conscious clients and employees, bolstering the brand's
reputa on in the market.

8.1.5 Steps to Manage Waste


Waste management denotes to the collec on, transporta on, treatment, and disposal of waste
materials in a way that protects human health and the environment. In the workplace context, it
encompasses everything from recycling paper to compos ng food scraps to responsibly disposing of
electronic equipment.

Fig. 8.1.5. Waste Disposal Process

1. Iden fy Wastes:
The ini al step in effec ve waste management involves a comprehensive iden fica on of the various
types of wastes generated within a given system or organiza on. This process necessitates a thorough
understanding of the waste stream, encompassing both solid and poten ally hazardous materials. By
categorizing and cataloging the different types of wastes produced, organiza ons can establish a
founda onal understanding of the scope and nature of their waste genera on.
Iden fica on also involves iden fying sources, pa erns, and poten al environmental impacts. This step
is cri cal in laying the groundwork for subsequent waste management ac ons, enabling organiza ons to
tailor strategies that address the specific composi on and characteris cs of their generated wastes.

2. Evaluate Waste:
Once wastes are iden fied, the next step involves a detailed evalua on of their proper es, risks, and
poten al for resource recovery. This evalua on encompasses assessing the composi on of the waste
stream, dis nguishing between recyclable, non-recyclable, and hazardous materials.
Evalua on also involves considering the environmental impact of various waste management methods.

95
ParParcipant
cipant Guide
Handbook

For instance, determining whether incinera on, recycling, or landfill disposal is the most
environmentally sustainable op on involves a comprehensive evalua on of factors such as energy
consump on, emissions, and long-term ecological effects.
Risk assessments associated with hazardous wastes are crucial during this step. Understanding the
poten al harm posed by certain materials guides the implementa on of safe handling and disposal
prac ces.

3. Manage Wastes:
Armed with a thorough understanding of iden fied wastes and their evalua ons, organiza ons can then
implement tailored waste management strategies. This involves the development and implementa on
of systems for waste reduc on, recycling, proper disposal, and, where applicable, resource recovery.
Waste management strategies may include the establishment of recycling programs, the adop on of
sustainable packaging prac ces, and the implementa on of efficient disposal methods that minimize
environmental impact. Regulatory compliance, adherence to best prac ces, and ongoing monitoring are
integral components of effec ve waste management.

8.1.6 Waste Segrega on


The prac ce of segrega on in waste management is a fundamental and proac ve approach to handling
the diverse array of materials generated in various se ngs. Segrega on involves the systema c
separa on of waste into dis nct categories, primarily focusing on recyclable, non-recyclable, and
hazardous materials.

Fig. 8.1.6. Waste Segrega on

1. Recyclable Waste:
Ÿ Recyclable materials, like paper, cardboard, plas cs, glass, and certain metals, are iden fied and
separated at the source of genera on. This requires awareness and educa on among individuals or
within organiza ons to recognize materials that can be recycled.
Ÿ Segrega ng recyclable waste at the point of origin enhances the efficiency of recycling processes. It
streamlines the collec on and processing of materials, facilita ng the recovery of valuable resources
and reducing the environmental effect associated with manufacturing new products.

2. Non-Recyclable Waste:
Ÿ Materials that do not fall into the recyclable category, such as certain types of plas cs, contaminated
items, or non-reusable goods, are iden fied during the segrega on process. These materials are then
appropriately disposed of, o en through landfill or incinera on methods.

96
Cloud Security Analyst

Ÿ Segrega ng non-recyclable waste helps prevent contamina on of recyclable streams.


Contamina on can compromise the quality of recyclables and hinder the effec veness of recycling
processes.

3. Hazardous Waste:
Ÿ Recogni on and Special Handling: Hazardous waste, encompassing materials with poten al risks to
human health or the environment, requires special a en on. Segrega on involves recognizing items
such as ba eries, electronic waste, chemicals, and medical waste that fall into this category.
Ÿ Safe Disposal Protocols: Proper segrega on ensures that hazardous waste is handled and disposed of
according to regulatory guidelines. This mi gates the poten al for environmental pollu on and
minimizes health risks associated with improper disposal of hazardous materials.

8.1.7 Types of Recyclable Waste


1. Dry Waste
Ÿ Dry waste includes items that are not wet or soiled, making them suitable for recycling. Examples of
Dry Waste are: Paper, cardboard, plas cs, glass, and metals.
Ÿ Dry waste is collected, sorted, and sent to recycling facili es where materials like paper, plas cs,
glass, and metals undergo processing for reuse in manufacturing.

2. Wet Waste
Ÿ Wet waste consists of organic materials that can decompose, such as food scraps and soiled items.
Examples of Wet Waste are Food waste, soiled paper, and yard waste fall.
Ÿ Wet waste is typically processed through compos ng, conver ng organic ma er into nutrientrich
compost for agricultural use.

Fig. 8.1.7. Types of Recyclable Waste

3. Sanitary Waste:
Ÿ Sanitary waste includes items origina ng solely from humans and human ac vi es, poten ally
including medical waste. Examples of sanitary waste are Diapers, sanitary napkins, and certain
medical waste items.
Ÿ Due to poten al health risks, sanitary waste may require specialized disposal methods, especially
when medical waste is involved.

4. E-Waste (Electronic Waste):


Ÿ E-Waste comprises discarded electronic devices and equipment. Examples: Computers, laptops,
mobile phones, and other electronic gadgets are considered e-waste.
Ÿ E-waste recycling includes the recapture of valuable materials (metals, plas cs) and proper disposal
of hazardous components. Specialized facili es are equipped to handle e-waste recycling.

97
ParParcipant
cipant Guide
Handbook

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

Scan this QR Code to watch the related videos or click on the given link

h ps://www.youtube.com/watch?v=-0zQV8F03Og
Sustainable Prac ces

98
Cloud Security Analyst

UNIT 8.2: Diversity and Equity Promo on Strategies in the


Workplace

Unit Objec ves


At the end of this unit, par cipant will be able to:
1. Describe the importance of following the diversity policies.
2. Iden fy stereotypes and prejudices associated with people with disabili es and the nega ve
consequences of prejudice and stereotypes.
3. Discuss the importance of promo ng, sharing and implemen ng gender equality and PwD
sensi vity guidelines at organiza on level.
4. Demonstrate essen al communica on methods in line with gender inclusiveness and PwD
sensi vity.

8.2.1 Diversity
"Diversity" denotes to the presence of an extensive range of human characteris cs, a ributes, and
perspec ves within a group, organiza on, or community.
Diversity is considered a strength in various se ngs, as it can lead to increased crea vity, be er problem
-solving, and a more dynamic and adaptable organiza on or community. Organiza ons that priori ze
diversity o en aim to generate a culture where individuals feel empowered to contribute their unique
perspec ves and talents.
Key concepts related to diversity include:
Ÿ Inclusion: Nurturing an environment where everybody feels valued respected, and included.
Ÿ Equity: Ensuring fairness and impar ality, addressing systemic barriers, and providing resources
based on individual needs.
Ÿ Representa on: Ensuring that diverse voices are heard and represented at all levels of an
organiza on.

Characteris cs of Diversity:

Demographic Diversity: Cogni ve Diversity: Experience and Background


Ÿ Age Ÿ Different ways of thinking Diversity:
Ÿ Gender Ÿ Varied problem-solving Ÿ Educa onal background
Ÿ Race and ethnicity approaches Ÿ Professional experience
Ÿ Sexual orienta on Ÿ Diverse perspec ves on Ÿ Socioeconomic
Ÿ Na onality issues background
Ÿ Disability status

Cultural Diversity: Diversity of Abili es: Diversity of Thoughts and


Ÿ Cultural prac ces Ÿ Physical abili es Ideas:
Ÿ Language Ÿ Cogni ve abili es Ÿ Varied opinions
Ÿ Religious beliefs Ÿ Emo onal intelligence Ÿ Crea ve thinking
Ÿ Innova on

Fig. 8.2.1. Characteris cs of Diversity

99
ParParcipant
cipant Guide
Handbook

Diversity Policies
Following diversity policies is crucial for fostering an inclusive and equitable work environment. Key
reasons why adhering to diversity policies is important:
1. Inclusivity: Diversity policies create an inclusive workplace, fostering a sense of belonging among
employees.
2. Crea vity and Innova on: Diverse teams bring different perspec ves, enhancing crea vity and
innova on.
3. Talent A rac on and Reten on: Diversity a racts a broad range of talent, making organiza ons more
appealing and improving reten on rates.
4. Global Market Awareness: Diverse teams can be er understand and cater to the needs of diverse
markets, enhancing business performance.
5. Legal and Ethical Compliance: Following diversity policies ensures legal compliance and demonstrates
commitment to ethical business prac ces.
6. Elimina on of Discrimina on: Diversity policies work to eliminate discrimina on and bias, fostering a
fair and just workplace.
7. Improved Decision-Making: Diverse teams contribute varied viewpoints, leading to more well-
rounded and informed decision-making.
8. Enhanced Reputa on: Companies that priori ze diversity enjoy a posi ve reputa on, building trust
and loyalty among customers and clients.
9. Employee Engagement: Valuing diversity encourages employee engagement, posi vely impac ng
produc vity and job sa sfac on.
10. Long-Term Sustainability: Embracing diversity is a strategic business impera ve for long-term
organiza onal sustainability.

8.2.2 Gender Equality


In Indian legisla on, gender is delineated as the individual a ributes and traits linked to being masculine,
feminine, or transgender. The Indian authori es acknowledge three gender categories—male, female,
and transgender—according to the Transgender Persons (Protec on of Rights) Act, 2019, enacted by the
Parliament of India in November 2019.
Gender parity denotes the principle that every individual, irrespec ve of their gender, should enjoy
equivalent opportuni es and en tlements across all facets of life, encompassing educa on,
employment, poli cal engagement, and accessibility to healthcare and other public ameni es. It
signifies that no individual should face discrimina on or disadvantages based on their gender.

Fig. 8.2.2. Gender Equality at Workplace

100
Cloud Security Analyst

8.2.3 Gender-Inclusive Work Environment


In an all gender-inclusive culture, all employees, regardless of their gender iden ty (male, female, or,
transgender)), feel appreciated and supported. Apart from crea ng a sense of belonging, gender-
inclusive workplace culture can elevate previously unheard perspec ves and recognise various
experiences, fostering an environment of genuine respect and trust. This type of atmosphere not only
draws a broader range of applicants but also provides all of the necessary structural support for them to
succeed.

Fig. 8.2.3. Gender Inclusivity

The importance of a gender-inclusive workplace can be ascertained from the following benefits:
Ÿ By ensuring that the team has a healthy mix of female, male, transgender, and non-binary employees,
the organisa on can benefit from their diverse views and improve the team's crea vity and
innova on.
Ÿ By emphasising the importance of having an inclusive culture, businesses can raise employee morale
and increase opportuni es, which will lead to higher employee reten on rates and save me and
money in the long term.
Ÿ Organiza ons will be able to connect effec vely with customers and increase their understanding of
what they need if their workforce base represents their customers, bringing together a range of
genders, backgrounds, and races.
Ÿ An inclusive culture can be a major a rac on when it comes to recrui ng new employees. When a
company develops a reputa on for having a diverse workforce, it has a tremendous recrui ng tool at
its disposal.

8.2.4 Gender Sensi vity Rules and Regula ons


Ÿ Preven on of Sexual Harassment: Employers are required to establish and implement policies and
procedures to inhibit and address sexual harassment in the workplace. These policies should be
communicated to all employees and include measures for repor ng and inves ga ng complaints.
Ÿ Equal Opportuni es: Employers should ensure that all employees, regardless of gender, have equal
opportuni es for hiring, promo on, training, and development.
Ÿ Gender-Neutral Language: Employers should use gender-neutral language in all communica ons,
including job descrip ons, forms, and company policies, to avoid gender-based discrimina on.

101
ParParcipant
cipant Guide
Handbook

Ÿ Inclusive Workplace: Employers should create an inclusive work environment that accommodates
individuals of all genders, including those who iden fy as non-binary or do not conform to tradi onal
gender norms.
Ÿ Maternity and Paternity Leave: Employers should provide maternity and paternity leave to support
employees who are star ng or expanding their families.
Ÿ Sensi za on and Training: Employers should provide regular sensi za on and training to employees
on gender sensi vity, diversity, and inclusion in the workplace.
Ÿ Non-Discrimina on: Employers ought not to engage in discrimina on against employees on the
grounds of their gender iden ty or expression. They should proac vely address and counteract any
instances of discrimina on or harassment rooted in gender that may arise within the workplace.

8.2.5 Inclusion of Person with Disability in the Workplace


In India, the Persons with Disabili es Act (PwD) mandates that organisa ons provide differently-abled
individuals with equal opportuni es and a non-discriminatory atmosphere, as well as facili es that will
enable them to func on at their best under the condi ons.
The following are the 6 ini a ves that should be taken by the organiza on to become more inclusive:

Fig. 8.2.4. PwD Inclusivity at Workplace

1. Create safe spaces: Create employee support groups (ESGs) to encourage and empower all employees
in the company. They contribute to the development of the community by providing safe areas for
individuals to share and get to know one another. ESGs aim to improve employee experience while
also boo ng mental wellness.

2. Examine the resources: Take some me to review the company's wri ng, website, and marke ng
materials with a fresh perspec ve. Even if the message is clear, be alert for wording that may exclude
people. Avoid using terms like "physically challenged," "differently-abled," or "special needs" to
describe people with impairments. When describing persons without disabili es, never use the
adjec ve "normal.”

3. Hire a professional: Organisa on should hire people for their skills, irrespec ve of their physical
challenges. They should hire a person with a disability if they are fulfilling the demands of the job role.

4. Speak with the employees: Persons with disabili es should be included in the decision-making
process of the organisa on, whether or not it directly affects them.

102
Cloud Security Analyst

It may also cause irrita on when the organiza on adopts well-inten oned improvements that no one
requires. It is cri cal to include people with impairments in decision-making processes.

5. Promote diversity on all levels: Hiring people with disability should be done across all levels of the
organisa on. Companies must look below the surface to create a varied environment. There are
various kinds of diversity. Physical and mental ability, educ onal and economic background,
neurodiversity, and immigra on status are only a few examples. Recognize that these people aren't
merely " cking boxes.”

6. Be transparent: Companies and their leaders must demonstrate that crea ng a more inclusive
atmosphere is a priority, not a project. One should allow their managers and staff to be open and
honest about their problems, errors, victories, and even limita ons.

The advantages of having an inclusive workplace:


Ÿ Access to talent: Organisa ons can access an undiscovered source of talent by focusing on abili es
rather than assump ons.
Ÿ Increased innova on: Employees with varying levels of experience approach issue resolu on in
different ways.
Ÿ Increased reten on and engagement: Employees who feel valued and included are more loyal and
enthusias c.
Ÿ Be er reputa on: Customers value businesses that demonstrate a genuine commitment to diversity
and inclusion.
Ÿ Benefits for everyone: An inclusive workplace helps everyone, not just people with disabili es.

8.2.6 Types of Disabili es


There are various types of disabili es, including:
1. Physical disabili es: These are disabili es that affect a person's physical ability to perform tasks.
Physical disabili es can be caused by congenital condi ons, injuries, or illnesses. Examples of physical
disabili es include mobility impairments, amputa ons, paralysis, and chronic pain. Physical
disabili es can limit a person's ability to perform ac vi es of daily living, such as bathing, dressing, or
cooking. Assis ve devices and technologies, such as wheelchairs, prosthe c limbs, and mobility aids,
can help people with physical disabili es to perform these tasks and live independently.

Fig. 8.2.5. Types of Disabili es

103
ParParcipant
cipant Guide
Handbook

2. Mental disabili es: These are disabili es that affect a person's mental func oning. Mental disabili es
can include mental illnesses, such as depression, anxiety, bipolar disorder, or schizophrenia. Mental
disabili es can also include cogni ve impairments, such as memory loss, a en on deficits, or learning
disabili es. Mental disabili es can limit a person's ability to concentrate, communicate, or engage in
social interac ons. Treatment and support services, such as counselling, medica on, and therapy, can
help people with mental disabili es to cope their symptoms and improve their quality of life.

3. Intellectual disabili es: These are disabili es that affect a person's cogni ve abili es. Intellectual
disabili es can be caused by gene c condi ons, brain damage, or other factors. Intellectual disabili es
can result in difficul es with reasoning, problem-solving, and understanding complex concepts.
Intellectual disabili es can also affect a person's ability to communicate efficiently and involve in social
interac ons. Special educa on and support services, such as individualized instruc on and behavioral
therapies, can help people with intellectual disabili es to develop their cogni ve and social skills and
achieve their full poten al.

4. Sensory impairments: These are disabili es that affect a person's senses. Sensory impairments can
include hearing loss, vision impairment, or tac le sensi vity. Sensory impairments can limit a person's
ability to communicate, navigate their environment, or access informa on. Assis ve technologies,
such as hearing aids, Braille displays, and screen readers, can help people with sensory impairments to
overcome these limita ons and par cipate fully in society.

8.2.7 Rights of Persons with Disabili es


The Rights of Persons with Disabili es Act came into force on 19 April 2017. Further, the Rules were
no fied on June 15, 2017. The new Act replaces the Persons with Disabili es Act, 1995. The new Act
implements India’s obliga ons under the United Na ons Conven on on the Rights of Persons with
Disabili es, which was ra fied in 2007. It has taken the Indian Parliament more than a decade to pass this
legisla on.

Fig. 8.2.6. Rights of Persons with Disabili es Act, 2016

Key compliances under the Disabili es Act:


Although the majority of the Act's requirements apply only to government facili es, private businesses
are also subject to the Act's provisions and must comply with the following:

104
Cloud Security Analyst

Ÿ Create and post an Equal Opportunity Policy on the establishment's website or in a prominent
loca on within the premises. The policy must provide informa on about the perks and
accommoda ons available to disabled employees. The State Commissioner must also be given a copy
of the Policy.
Ÿ Employers with more than 20 employees must appoint a Liaison Officer to manage the recruitment of
disabled people and the par cular accommoda ons that must be provided for them.
Ÿ Establishments are required to iden fy job openings that are suitable for disabled people. In the case
of businesses that receive government subsidies, a minimum of 5% of job openings must be
designated for people with disabili es.
Ÿ In the workplace, the employer must ensure that illegi mate discrimina on against disabled people
is prohibited.
Ÿ To improve impaired employees' accessibility, the employer must provide addi onal facili es or
special advantages, such as special leave and training programmes.
Ÿ The government has published accessibility standards for disabled people, which must be followed
by all businesses. The accessibility standards apply to workplace infrastructure and communica on
technologies, both of which must be accessible to people with disabili es.
Ÿ Every organisa on must keep track of its disabled personnel.

8.2.8 Stereotypes and Prejudices Associated with People


with Disabili es
Ÿ Assump on of Dependency: Many people wrongly assume that individuals with disabili es are
en rely dependent on others for daily ac vi es and decision-making.
Ÿ Pity and Sympathy: Individuals with disabili es are some mes subjected to pity or sympathy,
perpetua ng the stereotype that their lives are inherently less fulfilling.
Ÿ Limited Capabili es: Stereotypes o en portray people with disabili es as having limited abili es,
overlooking their diverse talents, skills, and poten al.
Ÿ Invisibility of Abili es: Some stereotypes focus solely on the disability, overshadowing the
individual's other capabili es and talents.
Ÿ Assump ons about Intelligence: There can be misconcep ons about the intelligence of individuals
with certain disabili es, leading to underes ma on of their cogni ve abili es.
Ÿ Over-generaliza on: People with disabili es are some mes unfairly generalized, assuming that all
individuals with a par cular disability share the same characteris cs.
Ÿ S gma za on: Certain disabili es may carry social s gmas, leading to nega ve percep ons and
biased a tudes towards individuals with those disabili es.

Nega ve Consequences of Prejudice and Stereotypes:


Ÿ Social Exclusion: Prejudice and stereotypes contribute to social exclusion, limi ng opportuni es for
individuals with disabili es to fully par cipate in various aspects of life.
Ÿ Limited Opportuni es: Discriminatory a tudes can result in limited educa onal and employment
opportuni es, hindering personal and professional development.
Ÿ Psychological Impact: Individuals with disabili es may internalize nega ve stereotypes, leading to
lower self-esteem and mental health issues.
Ÿ Barriers to Inclusion: Prejudice can create barriers to inclusive environments, hindering the
development of diverse and collabora ve communi es.
Ÿ Underes ma on of Abili es: Stereotypes may lead to underes ma on of the skills and poten al of
individuals with disabili es, affec ng their ability to contribute effec vely.
Ÿ Unequal Treatment: Prejudice can result in unequal treatment, with individuals facing
discrimina on in various aspects of life, including healthcare, housing, and social interac ons.

105
ParParcipant
cipant Guide
Handbook

Ÿ Lack of Accessibility: Nega ve a tudes may contribute to a lack of accessibility in public spaces,
making it difficult for individuals with disabili es to navigate their surroundings independently.
Ÿ Impact on Mental Health: The constant experience of prejudice and stereotyping can contribute to
stress, anxiety, and other mental health challenges for individuals with disabili es.

8.2.9 Gender Equality and PwD Sensi vity Guidelines


Promo ng, sharing, and implemen ng gender equality and Persons with Disabili es (PwD) sensi vity
guidelines at the organiza onal level is crucial for fostering an inclusive and respec ul workplace. Here
are key reasons why this is important:
Ÿ Inclusive Work Environment: Guidelines for gender equality and PwD sensi vity contribute to
crea ng an inclusive workplace where all employees sense valued, respected, and treated equitably.
Ÿ Diverse Perspec ves and Innova on: Embracing diversity, including gender and disability, brings a
variety of perspec ves to the table. This diversity fosters crea vity and innova on as employees with
different backgrounds and experiences contribute unique insights.
Ÿ Talent A rac on and Reten on: Organiza ons that priori ze and demonstrate commitment to
gender equality and PwD sensi vity are more a rac ve to a diverse talent pool. Such organiza ons
also tend to retain employees be er as individuals feel appreciated and supported.
Ÿ Legal Compliance: Following guidelines for gender equality and PwD sensi vity ensures compliance
with relevant laws and regula ons. This reduces the risk of legal issues and demonstrates the
organiza on's commitment to ethical prac ces.
Ÿ Enhanced Reputa on: Organiza ons that ac vely promote equality and sensi vity build a posi ve
reputa on. This can enhance the organiza on's brand image and a ract customers, clients, and
partners who value social responsibility.
Ÿ Improved Employee Morale: Guidelines promo ng equality contribute to a posi ve organiza onal
culture, leading to higher employee morale. When employees feel that their workplace is fair and
inclusive, job sa sfac on and overall well-being are likely to improve.
Ÿ Produc vity and Performance: Inclusive environments tend to foster greater collabora on and
teamwork, posi vely impac ng produc vity and overall organiza onal performance. Employees are
more likely to work cohesively when they feel respected and included.
Ÿ Reduced Stereotyping and Bias: Guidelines can help challenge and overcome gender stereotypes
and biases, as well as those related to individuals with disabili es. This fosters a culture of fairness
and equal opportuni es.

8.2.10 Communica on
Ensuring gender inclusiveness and sensi vity toward Persons with Disabili es (PwD) in communica on
is essen al for fostering a respec ul and inclusive environment. Here are some communica on methods
aligned with these principles:
1. Inclusive Language:
Ÿ Avoid Gendered Language: Use gender-neutral language whenever possible to be inclusive of all
genders. Instead of using "he" or "she," opt for gender-neutral pronouns like "they" or rephrase
sentences to eliminate gender-specific terms.
Ÿ Accessible Language: Ensure that communica on is accessible to everyone, including individuals
with disabili es, by using plain language and avoiding jargon.

2. Diverse Representa on:


Ÿ Visuals and Imagery: Incorporate diverse images and visuals in communica on materials, reflec ng a
range of genders, ethnici es, and abili es.

106
Cloud Security Analyst

Ÿ Speaker Representa on: Ensure diverse representa on in speaking roles during mee ngs,
presenta ons, and events to promote a variety of perspec ves.

3. Accessibility Considera ons:


Ÿ Accessible Formats: Provide informa on in mul ple formats (e.g., text, audio, and video) to
accommodate diverse learning preferences and accessibility needs.
Ÿ Cap oning and Transcripts: Include cap ons for videos and provide transcripts for audio content to
ensure that individuals with hearing impairments can access the informa on.

4. Inclusive Policies and Prac ces:


Ÿ Clearly Communicate Inclusive Policies: Clearly communicate organiza onal policies related to
gender inclusiveness and disability sensi vity. Ensure that employees are aware of the support
available to them.
Ÿ Flexible Communica on Channels: Recognize that individuals may have different communica on
preferences. Offer flexibility in communica on channels, such as wri en, verbal, or virtual pla orms.

5. Empathy and Sensi vity:


Ÿ Use Inclusive Language: Be mindful of the language used when discussing gender-related topics and
disability. Avoid s gma zing or derogatory terms, and use person-first language for disabili es (e.g.,
"person with a disability" instead of "disabled person").
Ÿ Ac ve Listening: Prac ce ac ve listening to understand the perspec ves and needs of others,
especially when discussing issues related to gender and disabili es.

Exercise
A. Short Answer Ques ons
1. What are some different approaches for efficient u liza on of energy resources?
2. Explain the importance of prac cing the segrega on of recyclable, non-recyclable, and hazardous
waste.
3. List the examples of recyclable, non-recyclable, and hazardous waste.
4. What are the poten al nega ve outcomes of neglec ng gender inclusiveness and PwD sensi vity
at the organiza onal level?
5. In what ways can organiza ons ac vely combat stereotypes associated with people with
disabili es and foster a more inclusive environment?

B. Fill in the Blanks


Hints: Diversity, Economy, 19 April 2017, Energy resource u liza on, Energy)
1. The three pillars of sustainability are:___________ , Society and Environment.
2. EMS stands for _________ Management Systems.
3. ____________________________________ and conserva on refers to the prac ce of efficiently
u lizing and preserving energy sources.
4. __________ refers to the presence of a wide range of human characteris cs, a ributes, and
perspec ves within a group, organiza on, or community.
5. The Rights of Persons with Disabili es Act came into force on ______________.

C. State whether True or False.


1. Transgender Persons (Protec on of Rights) Act was passed by the Parliament of India in November
2009.

107
ParParcipant
cipant Guide
Handbook

2. Green Building Cer fica ons provide a cer ficates for pain ng the building green.
3. Mental disability is a type of disability.
4. Prejudice and stereotypes contribute to social exclusion
5. LEED stands for Leadership in Energy and Environmental Design.

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

108
Cloud Security Analyst

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

109
ParParcipant
cipant Guide
Handbook

110
9. Employability Skills

https://www.skillindiadigital.gov.in/content/list
ParParcipant
cipant Guide
Handbook

112
10. Annexure
Annexure 1 – Details of the QR Codes Given in the Units
ParParcipant
cipant Guide
Handbook

Annexure I
Unit-wise QR Code Details
Sl. Module Page
Unit Name Topic Name URL QR Code (s)
No Name No.

1. Module 1. UNIT 1.1: 1.1.1 IT-Ites h ps://youtu.be/cOt 12


IT- Understanding Sector KswmP2NY
ITeS/BPM/S the IT-ITeS
PD Sector
Industry An
Introduction About IT-ITeS Sector

2. Module 2. UNIT 2.1: 2.1.1 Future h ps://youtu.be/dXps 37


Future Skills Overview of Skills Sub- S3V7HXg
– An the Future Sector
Introduction Skills Sub-
Sector
Overview of Future Skills
And Cyber Security

3. Module 4. UNIT 4.1: 4.1.1 h ps://www.youtube. 61


Develop- Cloud Programmin com/watch?v=1ERdeg
ment Tools Development g concepts 8Sfv4&t=28s
and Usage Tools and applicable to
Usage cloud
computing Cloud Development Tools

4. Module 5. UNIT 5.1: 5.1.5 h ps://www.youtube. 71


Cloud Incident Technologies com/watch?v=VNp35
computing: detection in available to Uw_bSM
Incident Cloud detect
detection computing security
incidents Incident detec on in
Cloud compu ng

5. Module 6. UNIT 6.1: 6.1.1 Key h ps://www.youtube 79


Cloud Incident tools, .com/watch?v=E9pHJ
computing: Response in techniques, RRfAhw
Incident Cloud and
response computing procedures
to track and Tools, techniques, and procedures
mitigate to track and mi gate
security security intrusions
intrusions

6. Module 7. UNIT 7.1: 7.1.2 Latest h ps://www.youtube. 86


Cloud Continuous tools and com/watch?v=o96Rjq
computing: Monitoring in methodologi Np2wQ
Continuous Cloud es to identify,
monitoring Computing track, and
continuously Con nuous Monitoring in
monitor Cloud Compu ng
incidents

295
114
Cloud Security Analyst

Sl. Module Page


Unit Name Topic Name URL QR Code (s)
No Name No.

7. Module 8. UNIT 8.1: 8.1.1 h ps://www.youtube. 98


Inclusive and Sustainable Sustainability com/watch?v=-
Environment Practices in 0zQV8F03Og
ally the Workplace
Sustainable
Workplaces
Sustainable Prac ces

8. Module 9. NA NA h ps://www.skillindia 111


Employability digital.gov.in/content/
Module list

Employability Skill Module

Notes
__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

__________________________________________________________________________________

295
115
ParParcipant
cipant Guide
Handbook

295
116
IT – ITeS Sector Skill Council NASSCOM
Sector Skill Council Contact Details:
Address: Plot No. – 7, 8, 9 & 10 Sector – 126, Noida, Uttar Pradesh – 201303
Website: www.sscnasscom.com
Phone: 0120 4990111 – 0120 4990172

Price:

You might also like