Cloud Security Analyst
Cloud Security Analyst
Cloud Security Analyst
Sector
IT-ITeS
Sub-Sector
Future Skills
Occupation
Cloud Computing
Cloud Security
Analyst
Published by
IT – ITeS Sector Skill Council NASSCOM
Sector Skill Council Contact Details:
Address: Plot No. – 7, 8, 9 & 10 Sector – 126, Noida, Uttar Pradesh – 201303
Website: www.sscnasscom.com
Phone: 0120 4990111 – 0120 4990172
This license lets others remix, tweak, and build upon your work even for commercial purposes, as long as they
credit you and license their new creations under the identical terms. This license is often compared to
“copyleft” free and open-source software licenses. All new works based on yours will carry the same license, so
any derivatives will also allow commercial use. This is the license used by Wikipedia and is recommended for
materials that would benefit from incorporating content from Wikipedia and similarly licensed projects.
Disclaimer
The information contained herein has been obtained from sources reliable to IT – ITES Sector Skill Council
NASSCOM. NASSCOM disclaims all warranties to the accuracy, completeness or adequacy of such information.
NASSCOM shall have no liability for errors, omissions, or inadequacies, in the information contained herein, or
for interpretations thereof. Every effort has been made to trace the owners of the copyright material included in
the book. The publishers would be grateful for any omissions brought to their notice for acknowledgements in
future editions of the book. No entity in NASSCOM shall be responsible for any loss whatsoever, sustained by
any person who relies on this material. The material in this publication is copyrighted. No parts of this
publication may be reproduced, stored or distributed in any form or by any means either on paper or electronic
media, unless authorized by the NASSCOM.
ii
Skilling is building a be er India.
If we have to move India towards
development then Skill Development
should be our mission.
iii
IT-ITeS Sector Skills Council NASSCOM
iv
Acknowledgements
This participant's handbook meant for Cloud Security Analyst is a sincere attempt to ensure the
availability of all the relevant information to the existing and prospective job holders in this job
role. We have compiled the content with inputs from the relevant Subject Matter Experts
(SMEs) and industry members to ensure it is the latest and authentic. We express our sincere
gratitude to all the SMEs and industry members who have made invaluable contributions to the
completion of this participant's handbook.
This handbook will help deliver skill-based training in the Cloud Security Analyst. We hope that it
will benefit all the stakeholders, such as participants, trainers, and evaluators. We have made all
efforts to ensure the publication meets the current quality standards for the successful delivery
of QP/NOS-based training programs. We welcome and appreciate any suggestions for future
improvements to this handbook.
v
Par cipant Handbook
Symbols Used
vi
Cloud Security Analyst
Table of Contents
vii
Par cipant Handbook
viii
1. IT-ITeS/BPM/SPD
Industry an
Introduc on
Unit 1.1 – Understanding the IT-ITeS Sector
Unit 1.2 – Dynamics and Evolu on of the IT-ITeS Sector
Unit 1.3 – Roles & Responsibili es of Cloud Security
Analyst
Bridge Module
Par cipant Handbook
2
Cloud Security Analyst
In FY22, the IT sector contributed 7.4% of India's GDP, and by 2025, it is an cipated to make up 10% of
India's GDP.
According to Na onal Associa on of So ware and Service Companies (NASSCOM), the Indian IT
industry's revenue touched US$ 227 billion in FY22, a 15.5% YoY growth.
3
Par cipant Handbook
Difference between IT and ITeS in terms of their func ons, output, skills, and impact:
Global Compe veness Enhances through tech Drives efficiency, cost reduc on,
innova on. and specialized services.
4
Cloud Security Analyst
Advantages of ITES
Ÿ Through Business Process Outsourcing (BPO), organiza ons can broaden their capabili es, fostering
increased versa lity. BPO is a significant component of ITES.
Ÿ The improved organiza onal versa lity in ITES is achieved by accelera ng company processes,
events, and assignments.
Ÿ Efficient and advantageous use of chain partners and outsourcing of company processes enhance the
pace of specific company du es and func ons, par cularly in Supply Chain Management (SCM).
5
Par cipant Handbook
Ÿ Employment and Talent: Significant contributor to Indian employment, drawing on the country's
english-proficient and skilled workforce.
Ÿ Technological Landscape: Embracing technologies like RPA, AI, and machine learning to enhance
opera onal capabili es.
Indian government ini a ves support the growth of the IT-ITeS and BPM sectors through policies and
infrastructure development.
Global Compe veness Tech innova on, global Business efficiency, cost
solu ons. reduc on globally.
6
Cloud Security Analyst
Ÿ On the other hand, web development is the process of building websites and web applica ons that
operate within web browsers. Both of these domains undergo con nuous evolu on.
7
Par cipant Handbook
Defini on Mobile applica ons are so ware Web applica ons, on the other hand,
programs designed to operate on can be accessed through a web
smartphones and tablets. browser and are highly adaptable to
various devices.
Build process Companies o en hire developers to HTML5, CSS, and JavaScript can be
create na ve or hybrid mobile apps. combined to create web applica ons.
Func onality Compared to full-fledged website Web apps offer a broader range of
visitors, mobile app users o en func ons compared to mobile apps.
experience limited func onality, with
many of these applica ons focusing
on specific goals.
Pla orm These apps fall into the category of Web apps can provide extensive
dependency na ve applica ons, specifically func onali es, as seen with Adobe
cra ed to seamlessly integrate with Photoshop offering both a mobile app
a mobile device's opera ng system and a web version for users.
(OS).
Connec vity and The key dis nc on is that mobile apps Online apps require an ac ve Internet
Updates may frequently func on even when connec on for proper func onality.
disconnected.
Salary The average annual income for a The na onal average compensa on
Mobile Applica on Developer in the for a Web Developer in the US is
US is $91,245. $66,593 per year.
Skills iOS developers may use the Swi Web developers have access to a
programming language, Objec ve-C, variety of languages and frameworks,
and the XCode IDE, while Android including HTML, JavaScript, Python,
developers can choose Java or Kotlin PHP, and Ruby. Popular frameworks
with the Eclipse IDE. For hybrid apps, include Laravel and Rails.
HTML, JavaScript, and CSS are
frequently employed languages.
8
Cloud Security Analyst
This significance is closely ed to the nature of work and the dynamic requirements within the
applica on development domain:
Ÿ Technology Advancements: The IT-ITeS sector is at the forefront of technological advancements. As
an Applica on Developer working in web and mobile applica ons, staying updated with the latest
technologies and trends is crucial for crea ng innova ve and compe ve solu ons.
Ÿ Infrastructure and Support: The sector provides the necessary infrastructure and support for
developing robust web and mobile applica ons. This includes access to frameworks, tools, and
pla orms that streamline the development process.
Ÿ Global Collabora on: With the IT-ITeS sector facilita ng global collabora on, Applica on Developers
can work seamlessly with diverse teams and clients worldwide. This interconnectedness enhances
the exposure to different markets and user preferences.
Ÿ Job Opportuni es and Skill Development: The sector offers abundant job opportuni es for
Applica on Developers, allowing them to con nually enhance their skills. Professionals can
specialize in various aspects of web and mobile development, ensuring a dynamic and evolving
career path.
Ÿ Innova on Ecosystem: Within the IT-ITeS sector, there's a thriving innova on ecosystem. Developers
have access to cu ng-edge technologies, collabora ve pla orms, and a community that encourages
experimenta on and the crea on of novel solu ons.
Ÿ Digital Transforma on Focus: As businesses undergo digital transforma on, the demand for skilled
Applica on Developers is on the rise. The IT-ITeS sector plays a pivotal role in driving this
transforma on, offering developers the opportunity to be at the forefront of organiza onal change.
Ÿ Quality Assurance and Con nuous Improvement: The sector emphasizes quality assurance
processes and methodologies. Applica on Developers benefit from industry standards, best
prac ces, and a culture of con nuous improvement, ensuring the delivery of high-quality web and
mobile applica ons.
Ÿ Adaptability to Market Needs: The dynamic nature of the IT-ITeS sector enables Applica on
Developers to adapt quickly to evolving market needs. Whether it's incorpora ng new features or
addressing security concerns, developers can respond effec vely to changes in the industry.
Ÿ Global Compe veness in Applica ons: Through the IT-ITeS sector, Applica on Developers
contribute to the global compe veness of businesses. They create applica ons that not only meet
user expecta ons but also align with interna onal standards, posi oning companies on a global
stage.
9
Par cipant Handbook
This significance is closely ed to the nature of work and the dynamic requirements within the
applica on development domain:
10
Cloud Security Analyst
Ÿ So ware Development: Crea ng, maintaining, and upda ng so ware applica ons, coding, tes ng,
and debugging.
Ÿ Web Development: Building and maintaining websites, involving frontend development for user
interfaces and backend development for server-side func onali es.
Ÿ Mobile App Development: Designing and developing applica ons for mobile devices, including iOS
and Android pla orms.
Ÿ IT Consul ng: Providing expert advice on technology solu ons, conduc ng assessments, and
offering strategic guidance for technology implementa ons.
11
Par cipant Handbook
Ÿ System Integra on Services: Integra ng different IT systems and so ware applica ons to ensure
seamless communica on and func onality.
Ÿ Cloud Compu ng Services: Offering scalable and flexible compu ng resources, including
infrastructure as a service (IaaS) and pla orm as a service (PaaS).
Ÿ Digital Marke ng Services: Developing strategies and using tools to promote web and mobile
applica ons, enhancing online visibility.
Ÿ Cybersecurity Services: Protec ng digital assets, securing applica ons through measures like
encryp on, authen ca on, and vulnerability assessments.
Ÿ Data Analy cs and Business Intelligence: Extrac ng, analyzing, and interpre ng data generated by
applica ons for informed decision-making and business insights.
Scan this QR Code to watch the related videos or click on the given link
h ps://youtu.be/cOtKswmP2NY
About IT-ITeS Sector
12
Cloud Security Analyst
Tata Consultancy Services (TCS) So ware development, IT consul ng, business solu ons.
Cognizant Technology Solu ons IT consul ng, technology services, business process
outsourcing.
13
Par cipant Handbook
IBM (Interna onal Business IT services, so ware, hardware, cogni ve solu ons.
Machines)
14
Cloud Security Analyst
Web Development Transi on from sta c websites to Integra on of progressive web app
dynamic, responsive web (PWA) technologies, emphasizing user
applica ons. experience and cross-pla orm
compa bility.
Mobile App Advancements from na ve app Embracing Flu er, React Na ve, and
Development development to cross-pla orm Swi UI for efficient and unified mobile
frameworks. app development.
System Integra on Evolving from manual integra on to Adop on of API-first approaches and
Services automated and cloud-based hybrid cloud solu ons for seamless
integra ons. system integra on.
Digital Marke ng From tradi onal marke ng to data- U liza on of AI, machine learning,
Services driven, targeted digital marke ng and analy cs for personalized
strategies. marke ng campaigns.
Data Analy cs and Intelligence from basic repor ng to Leveraging big data technologies,
Business advanced analy cs and real- me Aidriven analy cs, and predic ve
insights. modeling for ac onable intelligence.
15
Par cipant Handbook
Enhanced User Experience Con nuous efforts to improve user experience through
innova ve UI/UX design, accessibility, and personalized
interac ons.
Data Privacy and Compliance Heightened focus on data privacy, compliance with
regula ons (such as GDPR), and ethical handling of user
data.
Edge Compu ng Expansion Increased adop on of edge compu ng for faster processing
and reduced latency, especially in applica ons like IoT and
real- me analy cs.
16
Cloud Security Analyst
Cybersecurity Challenges:
Ÿ Disrup on: Escala on of cyber threats and a acks, demanding advanced cybersecurity measures.
Ÿ Impact: Increased focus on robust security prac ces, threat intelligence, and the development of
resilient cybersecurity frameworks.
17
Par cipant Handbook
Ÿ Impact: Accelera ng applica on development, reducing dependence on coding exper se, and
democra zing so ware crea on.
Focus on Sustainability:
Ÿ Disrup on: Growing awareness and commitment to sustainable and eco-friendly IT prac ces.
Ÿ Impact: Green IT ini a ves, energy-efficient data centers, and sustainable technology solu ons.
18
Cloud Security Analyst
Cross-Pla orm Growing demand for apps across Rise of cross-pla orm frameworks
Development various pla orms. (e.g., React Na ve, Flu er) for unified
development across mul ple devices.
DevOps Integra on Increased integra on of DevOps Con nuous integra on and delivery
prac ces. (CI/CD) pipelines for automated
tes ng, deployment, and
collabora on.
Low-Code and No- Rise in the use of low-code and no- Empowering non-developers for
Code Development code pla orms. applica on crea on, accelera ng
development cycles.
Con nuous Ongoing need for skill development. Emphasis on con nuous learning to
Learning keep up with emerging technologies
and industry trends.
19
Par cipant Handbook
Risk Assessment: Assessing the security risks associated with cloud services, including infrastructure,
pla orms, and applica ons. This involves iden fying vulnerabili es and poten al threats to cloud-based
systems.
Security Policy Development: Developing and implemen ng security policies, procedures, and best
prac ces specific to cloud environments. This includes defining access controls, encryp on standards,
and data protec on protocols.
Security Architecture Design: Designing and implemen ng secure cloud architectures that meet the
organiza on's requirements for scalability, performance, and compliance. This involves selec ng
appropriate cloud security services and technologies.
Security Monitoring and Incident Response: Monitoring cloud environments for security incidents,
anomalies, and unauthorized ac vi es. Responding to security incidents in a mely manner, conduc ng
forensic analysis, and implemen ng correc ve ac ons to mi gate risks.
Compliance Management: Ensuring compliance with relevant industry regula ons and standards (e.g.,
GDPR, HIPAA, PCI DSS) in cloud environments. This includes conduc ng audits, risk assessments, and
security assessments to maintain compliance.
Security Awareness and Training: Providing security awareness training to employees and stakeholders
on cloud security best prac ces, policies, and procedures. This helps promote a security-conscious
culture within the organiza on.
20
Cloud Security Analyst
Security Automa on and Orchestra on: Implemen ng security automa on and orchestra on tools to
streamline security processes, improve efficiency, and reduce manual interven on in cloud security
opera ons.
Threat Intelligence Analysis: Monitoring and analyzing emerging threats, vulnerabili es, and security
trends in cloud compu ng. This involves staying updated on the latest security threats and proac vely
implemen ng countermeasures to protect cloud-based assets.
Vendor Risk Management: Assessing the security posture of cloud service providers and third-party
vendors to ensure they meet the organiza on's security requirements and standards. This includes
conduc ng due diligence assessments and monitoring vendor compliance.
Incident Repor ng and Documenta on: Documen ng security incidents, inves ga ons, and
remedia on efforts in accordance with organiza onal policies and regulatory requirements. This helps
maintain a record of security incidents and lessons learned for future reference.
Do’s
Stay Updated: Keep abreast of the latest trends, technologies, and threats in cloud security through
con nuous learning, industry conferences, and professional cer fica ons.
Implement Mul -Factor Authen ca on (MFA): Enforce MFA for accessing cloud services and accounts
to add an extra layer of security and mi gate the risk of unauthorized access.
Encrypt Data: Encrypt sensi ve data both at rest and in transit using robust encryp on algorithms to
prevent unauthorized access and protect data confiden ality.
Regularly Audit and Monitor: Conduct regular audits and monitoring of cloud environments to detect
security vulnerabili es, suspicious ac vi es, and unauthorized access a empts.
Follow the Principle of Least Privilege: Grant the minimum level of access necessary for users and
services to perform their tasks effec vely, reducing the risk of privilege escala on and unauthorized
access.
Implement Security Automa on: U lize security automa on tools and scripts to streamline security
opera ons, enforce security policies, and respond to security incidents promptly.
Backup Data Regularly: Implement regular data backups and disaster recovery plans to ensure business
con nuity in the event of data breaches, ransomware a acks, or system failures.
21
Par cipant Handbook
Conduct Security Awareness Training: Educate employees and stakeholders about cloud security best
prac ces, data handling policies, and procedures to foster a security-conscious culture within the
organiza on.
Establish Incident Response Procedures: Develop and document incident response procedures to
facilitate prompt detec on, inves ga on, and remedia on of security incidents in cloud environments.
Stay Compliant: Ensure compliance with relevant industry regula ons, standards, and compliance
frameworks (e.g., GDPR, HIPAA, SOC 2) applicable to cloud-based systems and services.
Don'ts:
Don't Neglect Security Updates: Avoid neglec ng security patches and updates for cloud services,
opera ng systems, and applica ons, as unpatched vulnerabili es can be exploited by a ackers.
Don't Store Creden als in Plain Text: Avoid storing sensi ve creden als, such as passwords and API keys,
in plain text or hardcoding them into scripts and configura ons. U lize secure creden al management
solu ons.
Don't Rely Solely on Default Security Se ngs: Avoid relying solely on default security se ngs provided
by cloud service providers. Customize security configura ons based on the organiza on's security
requirements and best prac ces.
Don't Ignore Security Alerts: Avoid ignoring security alerts, warnings, and anomalies detected in cloud
environments. Inves gate and respond to security incidents promptly to prevent poten al data
breaches or system compromises.
Don't Overlook Insider Threats: Avoid overlooking insider threats posed by employees, contractors, or
third-party vendors with privileged access to cloud resources. Implement access controls and
monitoring mechanisms to detect and mi gate insider threats.
Don't Share Access Creden als: Avoid sharing access creden als, keys, or tokens with unauthorized
individuals or third-party services. Implement secure authen ca on mechanisms and access controls to
protect sensi ve creden als.
Don't Store Sensi ve Data Without Encryp on: Avoid storing sensi ve data, such as personally
iden fiable informa on (PII) or financial data, without encryp on in cloud storage or databases.
Implement encryp on-at-rest and encryp on-in-transit to protect sensi ve data from unauthorized
access.
Don't Neglect Cloud Security Configura ons: Avoid neglec ng security configura ons for cloud
services, network se ngs, and firewall rules. Regularly review and update security configura ons to
align with industry best prac ces and security requirements.
Don't Assume Cloud Providers Ensure Full Security: Avoid assuming that cloud service providers ensure
full security of cloud environments. Shared responsibility models dictate that both the organiza on and
the cloud provider are responsible for different aspects of security.
Don't Panic During Security Incidents: Avoid panicking during security incidents or breaches. Follow
established incident response procedures, coordinate with relevant stakeholders, and priori ze
containment and remedia on efforts to minimize the impact of security incidents.
22
Cloud Security Analyst
A en on to Detail: Cloud security involves dealing with intricate systems and configura ons. A en on
to detail is crucial for iden fying vulnerabili es, anomalies, and poten al security risks within cloud
environments.
Cri cal Thinking: Cloud Security Analysts must be able to analyze complex systems and security
incidents cri cally. They should iden fy poten al threats, assess the severity of security risks, and
develop effec ve mi ga on strategies.
Problem-Solving Skills: The ability to solve problems efficiently is essen al for addressing security
challenges in cloud environments. Cloud Security Analysts must be adept at troubleshoo ng security
issues, iden fying root causes, and implemen ng appropriate solu ons.
Adaptability: Cloud technologies and security threats evolve rapidly. Cloud Security Analysts must be
adaptable and willing to learn new tools, techniques, and best prac ces to stay abreast of emerging
trends and technologies in cloud security.
Communica on Skills: Effec ve communica on is paramount for Cloud Security Analysts to convey
complex security concepts, risks, and mi ga on strategies to technical and non-technical stakeholders.
They must communicate clearly and concisely to facilitate understanding and collabora on.
Teamwork and Collabora on: Cloud Security Analysts o en work with cross-func onal teams, including
IT administrators, developers, and business stakeholders. They must collaborate effec vely with team
members, share knowledge, and work towards common security goals.
Ethical Integrity: Cloud Security Analysts handle sensi ve informa on and have access to cri cal systems
and data. Ethical integrity is essen al for maintaining confiden ality, integrity, and trustworthiness in
handling sensi ve informa on and performing security du es.
Curiosity and Con nuous Learning: The field of cloud security is dynamic and constantly evolving. Cloud
Security Analysts must possess a curious mindset and a commitment to con nuous learning. They
should explore new technologies, security trends, and best prac ces to enhance their skills and
knowledge.
Resilience and Resourcefulness: Cloud Security Analysts may encounter complex security challenges
and incidents. They must demonstrate resilience and resourcefulness in responding to security
incidents, adap ng to changing circumstances, and finding innova ve solu ons to security problems.
Risk Management Skills: Understanding risk management principles is essen al for Cloud Security
Analysts to assess, priori ze, and mi gate security risks effec vely. They should be able to balance
security requirements with business objec ves and regulatory compliance.
23
Par cipant Handbook
A career as a Cloud Security Analyst offers numerous opportuni es for growth and advancement in the
field of cybersecurity, par cularly in cloud compu ng. Here are some poten al career opportuni es for
Cloud Security Analysts:
Senior Cloud Security Analyst: Experienced Cloud Security Analysts can advance to senior roles where
they lead and oversee cloud security ini a ves within organiza ons. Senior Cloud Security Analysts
typically have broader responsibili es, including strategic planning, policy development, and mentoring
junior staff.
Cloud Security Engineer: Cloud Security Analysts with strong technical skills may transi on into roles as
Cloud Security Engineers. In this role, professionals design, implement, and maintain security solu ons
specifically tailored for cloud environments. Cloud Security Engineers focus on building robust security
architectures, automa ng security processes, and ensuring compliance with industry standards.
Cloud Security Architect: Cloud Security Architects design and develop secure cloud architectures and
solu ons to meet the unique security requirements of organiza ons. They collaborate with stakeholders
to define security policies, select appropriate cloud services, and implement security controls across
cloud environments. Cloud Security Architects play a pivotal role in designing scalable and resilient cloud
infrastructures while mi ga ng security risks.
Cloud Security Consultant: Cloud Security Analysts with exper se in cloud security best prac ces and
regulatory compliance may pursue careers as Cloud Security Consultants. Consultants provide advisory
services to organiza ons, assess their cloud security posture, and recommend remedia on measures to
address security gaps. Cloud Security Consultants o en work with clients across various industries and
assist in the implementa on of security solu ons tailored to their specific needs.
Security Opera ons Center (SOC) Analyst: Some Cloud Security Analysts transi on into roles as SOC
Analysts, where they monitor and analyze security events and incidents across cloud and on-premises
environments. SOC Analysts inves gate security alerts, perform threat hun ng ac vi es, and respond to
security incidents in real- me to mi gate poten al risks. SOC Analysts play a cri cal role in maintaining
the security posture of organiza ons and protec ng against cyber threats.
24
Cloud Security Analyst
Cloud Security Manager/Director: Experienced Cloud Security professionals may advance into
managerial or leadership posi ons as Cloud Security Managers or Directors. In these roles, they are
responsible for overseeing the overall security strategy, governance, and compliance of cloud
environments. Cloud Security Managers/Directors collaborate with execu ve leadership to align
security ini a ves with business objec ves and ensure the effec ve implementa on of security policies
and procedures.
Cybersecurity Risk Analyst: Cloud Security Analysts with exper se in risk management may pursue roles
as Cybersecurity Risk Analysts. These professionals assess the impact and likelihood of security risks
associated with cloud deployments, conduct risk assessments, and develop risk mi ga on strategies.
Cybersecurity Risk Analysts help organiza ons make informed decisions regarding risk tolerance and
investment in security controls to protect their cloud assets.
Cloud Security Trainer/Evangelist: Experienced Cloud Security professionals may transi on into roles as
trainers or evangelists, where they educate others about cloud security best prac ces, emerging threats,
and technologies. They may work for training organiza ons, industry associa ons, or vendors, delivering
workshops, webinars, and presenta ons to raise awareness and enhance the skills of cybersecurity
professionals and IT stakeholders.
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
25
Par cipant Handbook
Exercise
Answer the following ques ons:
Short Ques ons:
1. Why is the relevance of the IT-ITeS sector crucial in the contemporary business landscape?
2. Can you iden fy two sub-sectors within the broader IT-ITeS industry?
3. Briefly describe the nature of work performed across different sub-sectors in the IT-ITeS domain.
4. Name one organiza on opera ng in the IT-ITeS sector that has gained prominence.
5. How does the evolu on of sub-sectors contribute to the sector's adaptability and growth?
Fill-in-the-Blanks:
1. The IT-ITeS sector plays a vital role in ____________, powering various industries with
technological solu ons.
a) Isola on
b) Digital Transforma on
2. _________ and _________ are two prominent sub-sectors within the expansive IT-ITeS industry.
a) Healthcare, Agriculture
b) So ware Development, Business Process Management
3. The nature of work in IT-ITeS sub-sectors ranges from so ware development to __________.
a) Fashion Design
b) Data Analy cs
4. _________ and _________ are organiza ons that have made significant contribu ons to the ITITeS
sector.
a) ABC Corpora on, XYZ Innova ons
b) Tech Solu ons Ltd, Global Services Inc.
5. The evolu on of IT-ITeS sub-sectors involves adap ng to emerging technologies and __________.
a) Stagna on
b) Industry Trends
True/False Ques ons:
1. The IT-ITeS sector is isolated from the advancements in other industries.
2. So ware Development and Business Process Management are not sub-sectors within the IT-ITeS
industry.
3. The nature of work in IT-ITeS sub-sectors is limited to so ware development only.
4. Organiza ons like Tech Solu ons Ltd and Global Services Inc. are not associated with the IT-ITeS
sector.
5. The evolu on of sub-sectors in the IT-ITeS industry is not influenced by industry trends and
technological advancements.
26
Cloud Security Analyst
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
27
Par cipant Handbook
28
2. Future Skills – an
Introduc on
Unit 2.1 – Overview of the Future Skills Sub-Sector
Bridge Module
Par cipant Handbook
30
Cloud Security Analyst
NASSCOM (Na onal Associa on of So ware and Service Companies) is an industry associa on in India
with a focus on the IT-BPM (Informa on Technology-Business Process Management) sector.
Future Skills Prime, India's Technology Skilling Hub, is a collabora ve effort by NASSCOM and MeitY,
aiming to transform India into a Digital Talent Na on.
FutureSkills Prime serves as an innova ve and progressive ecosystem, equipping learners with
cu ngedge skills crucial in today's rapidly evolving digital landscape.
31
Par cipant Handbook
With NASSCOM as the driving force, the IT-ITeS industry has risen to the occasion through the Future
Skills Ini a ve – an industry-driven learning ecosystem.
32
Cloud Security Analyst
These occupa ons highlight the interdisciplinary nature of the Future Skills sub-sector, where
professionals need a combina on of technical, analy cal, crea ve, and collabora ve skills to excel in
their roles. The diversity of occupa ons underscores the need for a versa le workforce capable of
addressing the mul faceted challenges of the digital era.
33
Par cipant Handbook
Remote Work and Accelerated adop on of remote Demand for digital communica on,
Digital Collabora on work and digital collabora on tools. virtual collabora on, and project
management skills, reshaping the
way professionals work and
collaborate.
Con nual Learning Con nuous need for upskilling and Professionals expected to engage in
and Upskilling learning. ongoing learning to adapt to
emerging technologies, promo ng a
culture of lifelong learning.
Sustainable Prac ces Growing focus on sustainability in Integra on of eco-friendly prac ces,
technology and business prac ces. leading to demand for professionals
with skills in sustainable development
and green technologies.
Rise of Gig Economy Increasing par cipa on in the gig Crea on of flexible work
economy. opportuni es, requiring individuals to
possess entrepreneurial skills, self-
management, and adaptability.
Augmented and Growing adop on of augmented and Demand for specialists in AR and VR
Virtual Reality virtual reality technologies. development across various
Adop on industries, influencing how products
and services are experienced.
34
Cloud Security Analyst
Categorizing these trends provides a framework for understanding the evolving landscape of Future
Skills sub-sector occupa ons, guiding individuals and organiza ons in preparing for the demands of the
digital era.
Role Descrip on
User Experience (UX) Designers Design and enhance the overall user experience of digital
products, ensuring they are intui ve, user-friendly, and align
with user expecta ons.
Ar ficial Intelligence (AI) Develop and implement AI algorithms and solu ons,
Engineers leveraging machine learning and data science to create
intelligent applica ons.
Digital Marke ng Specialists Employ digital channels and strategies to promote products
or services, u lizing analy cs to op mize marke ng
campaigns.
35
Par cipant Handbook
DevOps Engineers Bridge the gap between development and opera ons,
focusing on collabora on, automa on, and con nuous
improvement in the so ware development lifecycle.
Content Creators and Managers Develop and manage digital content for various pla orms,
including websites, social media, and other online channels.
Exercise
Answer the following ques ons:
Short Ques ons:
1. What is the primary focus of the Future Skills sub-sector?
2. Can you name one occupa on under the Future Skills sub-sector that involves interpre ng
complex data sets?
3. Why is understanding key trends crucial in the Future Skills sub-sector?
4. How does the Future Skills sub-sector contribute to adap ng to an evolving technological
landscape?
5. Briefly describe the role of User Experience (UX) Designers in the Future Skills sub-sector. the
sector's adaptability and growth?
Fill-in-the-Blanks:
1. The Future Skills sub-sector is dedicated to preparing individuals for success in the __________
era.
a) Tradi onal
b) Digital
2. _________ and _________ are examples of occupa ons within the Future Skills sub-sector.
a) Ar sans, Farmers
b) Data Analysts, Cyber security Specialists
3. Understanding key trends is crucial in the Future Skills sub-sector to stay ahead of __________.
a) Past Prac ces
b) Industry Developments
36
Cloud Security Analyst
4. Various roles in the Future Skills sub-sector include Data Analysts, Cyber security Specialists, and
__________.
a) Architects
b) User Experience (UX) Designers
5. User Experience (UX) Designers play a pivotal role in ensuring that digital products are
__________ and align with user expections.
a) Complex
b) Intui ve
True/False Ques ons:
1. The Future Skills sub-sector is focused solely on tradi onal skill sets.
2. Data Analysts and Cyber security Specialists are not occupa ons within the Future Skills sub-sector.
3. Understanding key trends is not important in staying compe ve in the Future Skills sub-sector.
4. User Experience (UX) Designers are not involved in shaping the overall user experience of digital
products in the Future Skills sub-sector.
5. The Future Skills sub-sector is not influenced by the need for adaptability in an ever-changing
technological landscape.
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Scan this QR Code to watch the related videos or click on the given link
h ps://youtu.be/dXpsS3V7HXg
Overview of Future Skills And Cyber Security
37
Par cipant Handbook
38
3. Basics of Cloud
Compu ng and
Regulatory Standards
Unit 3.1 – Basics of Cloud Compu ng
Unit 3.2 – Regulatory Standards of Cloud Compu ng
Bridge Module
Par cipant Handbook
40
Cloud Security Analyst
41
Par cipant Handbook
42
Cloud Security Analyst
Global Reach: Cloud services are accessible from anywhere with an internet connec on, enabling
seamless collabora on among geographically dispersed teams and reaching global markets more
effec vely. This global reach enhances produc vity, accelerates me-to-market, and supports business
expansion strategies.
Scalability: Cloud compu ng pla orms offer virtually limitless scalability, allowing organiza ons to
effortlessly scale resources up or down based on demand. This scalability is par cularly beneficial for
handling fluctua ng workloads, seasonal peaks, or sudden spikes in traffic without disrup ng opera ons
or performance.
Innova on Accelera on: Cloud compu ng democra zes access to cu ng-edge technologies such as
ar ficial intelligence (AI), machine learning (ML), Internet of Things (IoT), and big data analy cs. By
leveraging cloud-based services and pla orms, organiza ons can accelerate innova on, experiment
with new ideas, and develop disrup ve solu ons more rapidly.
Enhanced Security: Leading cloud providers invest heavily in security measures, compliance
cer fica ons, and data protec on mechanisms to safeguard customer data and infrastructure. Cloud
pla orms o en offer advanced security features, including encryp on, iden ty and access management
(IAM), threat detec on, and automated compliance tools, helping organiza ons mi gate security risks
more effec vely than tradi onal on-premises solu ons.
Business Con nuity and Disaster Recovery: Cloud compu ng offers built-in redundancy, backup, and
disaster recovery capabili es, ensuring high availability and data resilience. By replica ng data across
mul ple geographic regions and employing failover mechanisms, cloud providers minimize down me
and mi gate the impact of unforeseen events, such as hardware failures, natural disasters, or cyber
a acks.
Sustainability: Cloud compu ng promotes environmental sustainability by op mizing resource
u liza on, energy efficiency, and carbon footprint reduc on. By consolida ng workloads onto shared
infrastructure and leveraging energy-efficient data centers, cloud providers can achieve economies of
scale and reduce overall environmental impact compared to tradi onal on-premises deployments.
43
Par cipant Handbook
By centralizing data and applica ons in the cloud, businesses can improve collabora on, streamline
workflows, and enhance produc vity across the organiza on.
Business Con nuity and Disaster Recovery: Cloud compu ng offers built-in redundancy, backup, and
disaster recovery capabili es, ensuring high availability and data resilience. By leveraging cloud-based
backup and recovery solu ons, businesses can minimize down me, mi gate the impact of unforeseen
events, and maintain business con nuity in the face of disasters or disrup ons.
Security and Compliance: Leading cloud providers invest heavily in security measures, compliance
cer fica ons, and data protec on mechanisms to safeguard customer data and infrastructure. Cloud
pla orms offer advanced security features, including encryp on, iden ty and access management
(IAM), threat detec on, and automated compliance tools, helping businesses mi gate security risks and
meet regulatory requirements more effec vely than tradi onal on-premises solu ons.
Innova on and Compe ve Advantage: Cloud compu ng democra zes access to cu ng-edge
technologies such as ar ficial intelligence (AI), machine learning (ML), Internet of Things (IoT), and big
data analy cs. By leveraging cloud-based services and pla orms, businesses can accelerate innova on,
experiment with new ideas, and develop disrup ve solu ons that drive compe ve differen a on and
market leadership.
44
Cloud Security Analyst
Ÿ Supply chain visibility and collabora on tools hosted on cloud pla orms to track inventory levels,
monitor supplier performance, and coordinate logis cs across the supply chain network.
Ÿ Predic ve maintenance solu ons u lizing cloud-based IoT sensors and analy cs to monitor
equipment health, iden fy maintenance issues in advance, and minimize unplanned down me.
5. Educa on:
Ÿ Learning Management Systems (LMS) hosted on cloud pla orms for delivering online courses,
managing student enrollment, and facilita ng collabora on among educators and learners.
Ÿ Virtual classrooms and distance learning solu ons powered by cloud-based video conferencing,
interac ve whiteboards, and content sharing tools.
Ÿ Data analy cs and learning insights leveraging cloud-based analy cs to track student progress,
assess learning outcomes, and personalize learning experiences.
45
Par cipant Handbook
Ÿ Public cloud services are highly scalable, cost-effec ve, and accessible from anywhere with an
internet connec on. Examples of public cloud providers include Amazon Web Services (AWS),
Microso Azure, and Google Cloud Pla orm (GCP).
2. Private Cloud:
Ÿ In a private cloud deployment model, cloud resources and infrastructure are dedicated exclusively to
a single organiza on or en ty, either hosted on-premises or by a third-party service provider.
Ÿ Private clouds offer greater control, customiza on, and security compared to public clouds, making
them suitable for organiza ons with specific compliance, security, or performance requirements.
Ÿ Private cloud deployments can be managed internally by the organiza on's IT department or
outsourced to a managed service provider (MSP) specializing in private cloud hos ng and
management.
3. Hybrid Cloud:
Ÿ A hybrid cloud deployment model combines elements of both public and private clouds, allowing
organiza ons to leverage the benefits of each approach while addressing specific use case
requirements.
Ÿ In a hybrid cloud setup, organiza ons can dynamically move workloads and data between public and
private cloud environments based on factors such as cost, performance, security, and compliance.
Ÿ Hybrid clouds provide flexibility, scalability, and interoperability, enabling organiza ons to maintain
sensi ve or mission-cri cal workloads on-premises or in a private cloud while u lizing the scalability
and agility of public cloud services for other workloads.
Ÿ Hybrid cloud deployments o en require seamless integra on, management, and orchestra on of
resources across mul ple cloud environments, typically facilitated by cloud management pla orms,
automa on tools, and hybrid cloud management solu ons.
Each cloud deployment model has its advantages, considera ons, and use cases, and organiza ons may
choose to adopt one or a combina on of these models based on their specific business needs, regulatory
requirements, budget constraints, and strategic objec ves.
46
Cloud Security Analyst
Ÿ PaaS offerings typically support mul ple programming languages, frameworks, and development
methodologies.
Ÿ Examples of PaaS providers include Google App Engine, Microso Azure App Service, Heroku, and
Red Hat OpenShi .
47
Par cipant Handbook
Ÿ Encryp on: Encryp ng data at rest and in transit to protect sensi ve informa on from unauthorized
disclosure or intercep on.
Ÿ Network Security: Implemen ng firewalls, Intrusion Detec on/Preven on Systems (IDS/IPS), and
network segmenta on to safeguard cloud networks from cyber threats and a acks.
Ÿ Security Monitoring and Logging: Monitoring cloud environments for security incidents, anomalies,
and unauthorized ac vi es, and logging security events for audi ng and forensic analysis.
Ÿ Compliance and Governance: Enforcing regulatory compliance requirements, industry standards,
and organiza onal policies through security controls, audits, and governance frameworks.
Ÿ Threat Detec on and Incident Response: Detec ng and responding to security threats, breaches,
and incidents in real- me, and implemen ng incident response plans to mi gate risks and minimize
impact.
Microso Azure
Microso Azure is a cloud compu ng pla orm and services provided by Microso . Azure offers a wide
range of services including virtual machines (Azure Vms), storage (Azure Blob Storage), databases (Azure
SQL Database), networking (Azure Virtual Network), and developer tools (Azure DevOps, Visual Studio).
Azure also provides services for AI/ML (Azure Machine Learning), analy cs (Azure Synapse Analy cs),
and IoT (Azure IoT Hub).
IBM Cloud
IBM Cloud is a cloud compu ng pla orm and services offered by IBM. IBM Cloud provides services such
as virtual servers (IBM Virtual Servers), storage (IBM Cloud Object Storage), databases (IBM Db2 on
Cloud), networking (IBM Cloud Virtual Private Cloud), and developer tools (IBM Cloud Func ons, IBM
Cloud Pak for Applica ons). IBM Cloud also offers services for AI/ML (Watson AI) and analy cs (IBM
Watson Analy cs).
Alibaba Cloud
Alibaba Cloud is a cloud compu ng pla orm provided by Alibaba Group. Alibaba Cloud offers services
such as compu ng (Elas c Compute Service), storage (Object Storage Service), databases (ApsaraDB for
RDS), networking (Virtual Private Cloud), and developer tools (Func on Compute, Alibaba Cloud CLI).
48
Cloud Security Analyst
Alibaba Cloud also provides services for AI/ML (Machine Learning Pla orm for AI) and analy cs
(MaxCompute).
Salesforce
Salesforce is a cloud-based Customer Rela onship Management (CRM) pla orm that provides a range of
services for sales, marke ng, customer service, and analy cs. Salesforce offers solu ons such as Sales
Cloud, Service Cloud, Marke ng Cloud, and Commerce Cloud, as well as developer tools and pla orm
services for building custom applica ons and integra ons.
Exercise
Q.1. List essen al characteris cs of cloud compu ng:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
49
Par cipant Handbook
Laws governing the cloud compu ng environment in an organiza on can vary depending on factors such
as the industry, geographic loca on, and type of data being stored or processed in the cloud. Here are
some key laws and regula ons that may impact cloud compu ng environments:
General Data Protec on Regula on (GDPR)
GDPR is a comprehensive data protec on regula on applicable to organiza ons opera ng within the
European Union (EU) or handling personal data of EU ci zens. It imposes strict requirements for data
protec on, privacy, consent, data subject rights, and cross-border data transfers.
50
Cloud Security Analyst
ISO/IEC 27017
ISO/IEC 27017 is a supplementary standard that provides guidelines for implemen ng informa on
security controls specific to cloud compu ng environments. It offers addi onal guidance on addressing
cloud-specific security risks, such as data protec on, iden ty and access management, virtualiza on,
and incident management.
51
Par cipant Handbook
ISO/IEC 27018
ISO/IEC 27018 is a standard that provides guidelines for protec ng personally iden fiable informa on
(PII) in cloud compu ng environments. It outlines requirements for cloud service providers to
implement controls for data protec on, privacy, transparency, and compliance with applicable data
protec on laws and regula ons.
NIST SP 800-53
NIST Special Publica on 800-53 provides a comprehensive catalog of security and privacy controls for
federal informa on systems and organiza ons. It offers guidance on selec ng and implemen ng security
controls to protect the confiden ality, integrity, and availability of informa on systems and data,
including those deployed in cloud compu ng environments.
NIST SP 800-144
NIST Special Publica on 800-144 provides guidelines for managing the security and privacy
considera ons associated with cloud compu ng. It offers a risk-based approach to assessing and
mi ga ng security risks in cloud deployments, including considera ons for cloud architecture, data
protec on, iden ty management, and incident response.
FIPS 140-2
Federal Informa on Processing Standard (FIPS) 140-2 is a U.S. government standard that specifies
requirements for cryptographic modules used to protect sensi ve informa on in computer and
telecommunica on systems. Compliance with FIPS 140-2 ensures that cryptographic algorithms and
implementa ons meet rigorous security standards.
52
Cloud Security Analyst
Data Security
Data security encompasses measures to protect data from unauthorized access, disclosure, altera on,
or destruc on. It includes implemen ng security controls such as encryp on, access controls,
authen ca on, authoriza on, audi ng, and security monitoring to safeguard sensi ve informa on from
security threats and breaches. Data security ensures confiden ality, integrity, and availability of data
assets.
Data Privacy
Data privacy involves protec ng individuals' privacy rights and ensuring compliance with data protec on
laws and regula ons. It encompasses obtaining consent for data collec on and processing, providing
transparency about data prac ces, and implemen ng measures to protect personal informa on from
misuse or unauthorized disclosure. Data privacy aims to respect individuals' privacy preferences and
safeguard their sensi ve data.
Data Accessibility
Data accessibility ensures that authorized users have mely and efficient access to the data they need to
perform their roles and responsibili es. It involves providing appropriate tools, technologies, and
interfaces for accessing, querying, analyzing, and visualizing data while maintaining security and privacy
controls. Data accessibility enhances collabora on, produc vity, and decision-making within
organiza ons.
Data Compliance
Data compliance involves ensuring compliance with relevant laws, regula ons, standards, and
contractual obliga ons governing data management, privacy, security, and confiden ality. It includes
staying informed about legal and regulatory requirements, conduc ng risk assessments, and
implemen ng controls to mi gate compliance risks. Data compliance minimizes legal and reputa onal
risks associated with non-compliance.
Data Ethics
Data ethics involves considering the ethical implica ons of data collec on, use, and analysis. It includes
promo ng transparency, fairness, accountability, and non-discrimina on in data prac ces, and ensuring
that data is used responsibly and ethically.
53
Par cipant Handbook
Exercise
Q.1. Write a note on General Data Protec on Regula on (GDPR):
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
54
Cloud Security Analyst
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
55
Par cipant Handbook
56
4. Development Tools
and Usage
Unit 4.1 – Cloud Development Tools and Usage
Bridge Module
Par cipant Handbook
1. Outline all the important tools and pla orms required to perform programming in cloud
environment.
2. Use development tools, frameworks, pla orms, libraries, and packages for programming on the
cloud.
58
Cloud Security Analyst
Scalability: Wri ng code that can scale horizontally or ver cally to handle varying workloads efficiently,
leveraging cloud resources dynamically.
Resilience: Implemen ng fault-tolerant and resilient applica ons by designing for failure and using
techniques such as redundancy and graceful degrada on.
Microservices Architecture: Building applica ons as a collec on of small, loosely coupled services that
can be independently deployed, managed, and scaled in the cloud environment.
Serverless Compu ng: Developing event-driven applica ons without managing infrastructure, u lizing
serverless pla orms like AWS Lambda or Azure Func ons to execute code in response to events.
Security: Implemen ng robust security prac ces and encryp on mechanisms to protect data and
applica ons in the cloud from unauthorized access and a acks.
59
Par cipant Handbook
60
Cloud Security Analyst
Con nuous Integra on/Con nuous Deployment (CI/CD): Automate the build, test, and deployment
processes to streamline development cycles and deliver updates quickly and reliably.
Monitoring and Logging: Implement comprehensive monitoring and logging to track performance,
detect anomalies, and troubleshoot issues effec vely. Use tools like AWS CloudWatch or Azure Monitor
for centralized logging and monitoring.
Cost Op miza on: Op mize resource usage and costs by rightsizing instances, leveraging spot
instances, and implemen ng cost-aware architectures.
Exercise
Q.1. What are the popular tools and pla orms available for programming in the cloud environment?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Scan this QR Code to watch the related videos or click on the given link
h ps://www.youtube.com/watch?v=1ERdeg8Sfv4&t=28s
Cloud Development Tools
61
Par cipant Handbook
62
5. Cloud Compu ng:
Incident Detec on
Unit 5.1 – Incident Detec on in Cloud Compu ng
SSC/N8334
Par cipant Handbook
64
Cloud Security Analyst
A security incident refers to any adverse event or occurrence that compromises the confiden ality,
integrity, or availability of an organiza on's informa on systems, data, or resources. It can encompass a
wide range of events, including:
Unauthorized Access: A empted or successful unauthorized access to systems, networks, or data by
internal or external par es.
Malware Infec ons: Installa on or execu on of malicious so ware (e.g., viruses, ransomware, Trojans)
that compromises system func onality or steals sensi ve informa on.
Data Breaches: Unauthorized disclosure, altera on, or destruc on of sensi ve or confiden al data, such
as customer informa on, financial records, or intellectual property.
Denial of Service (DoS) A acks: Deliberate a empts to disrupt or overload network services or
resources, rendering them inaccessible to legi mate users.
Insider Threats: Malicious or inadvertent ac ons by employees, contractors, or partners that undermine
system security or violate organiza onal policies.
Physical Security Breaches: Unauthorized access to physical facili es, equipment, or assets, leading to
the , vandalism, or sabotage.
Social Engineering A acks: Decep ve techniques used to manipulate individuals into disclosing
sensi ve informa on, such as phishing, pretex ng, or impersona on.
65
Par cipant Handbook
66
Cloud Security Analyst
Intrusion Detec on Systems (IDS): IDS monitor network traffic for suspicious pa erns and anomalies,
aler ng administrators to poten al security breaches.
Security Informa on and Event Management (SIEM): SIEM solu ons collect and analyze log data from
various sources to detect security incidents, correlate events, and provide real- me threat intelligence.
Endpoint Detec on and Response (EDR): EDR tools monitor endpoints for malicious ac vi es and
unusual behavior, enabling rapid detec on and response to security incidents.
Network Traffic Analysis (NTA): NTA solu ons analyze network traffic to iden fy abnormal behavior,
unauthorized access a empts, and malware infec ons.
User and En ty Behavior Analy cs (UEBA): UEBA tools use machine learning algorithms to analyze user
behavior and detect anomalous ac vi es indica ve of insider threats or compromised accounts.
Threat Intelligence Pla orms (TIP): TIPs aggregate and analyze threat data from various sources to
iden fy emerging threats and provide context for security incidents.
67
Par cipant Handbook
Penetra on Tes ng (Pen Tes ng): Simulates real-world a acks to iden fy vulnerabili es and
weaknesses in cloud infrastructure, applica ons, and networks. It provides insights into poten al
security risks and helps priori ze remedia on efforts.
Vulnerability Scanning: Automated tools scan cloud environments for known vulnerabili es in so ware,
configura ons, and systems. Vulnerability scanning helps iden fy weaknesses that could be exploited by
a ackers and enables proac ve patching and mi ga on.
Configura on Audits: Assess the configura ons of cloud services and infrastructure against security best
prac ces, industry standards, and regulatory requirements. Configura on audits help iden fy
misconfigura ons, insecure se ngs, and compliance viola ons that could pose security risks.
Web Applica on Security Tes ng: Focuses on assessing the security of web applica ons hosted in the
cloud, including tes ng for common vulnerabili es such as injec on flaws, broken authen ca on, and
sensi ve data exposure.
Network Security Tes ng: Evaluates the security of cloud network architectures, including firewall
configura ons, network segmenta on, and traffic monitoring. Network security tes ng helps iden fy
vulnerabili es and weaknesses in network defenses that could be exploited by a ackers.
Code Review and Sta c Analysis: Analyzes applica on code and scripts for security vulnerabili es,
coding errors, and poten al weaknesses. Code review and sta c analysis help iden fy vulnerabili es
early in the development lifecycle and reduce the risk of introducing security flaws into cloud-based
applica ons.
Threat Modeling: Systema cally iden fies poten al threats, vulnerabili es, and a ack vectors in cloud
solu ons by analyzing system components, data flows, and trust boundaries. Threat modeling helps
priori ze security controls and mi ga on strategies based on the likelihood and impact of poten al
threats.
Red Team Exercises: Simulates real-world a ack scenarios by deploying skilled professionals to emulate
the tac cs, techniques, and procedures (TTPs) of threat actors. Red team exercises help assess the
effec veness of security controls, incident response capabili es, and overall resilience of cloud solu ons
against sophis cated a acks.
68
Cloud Security Analyst
Gap Analysis: Iden fy gaps and weaknesses in threat detec on capabili es by comparing current
prac ces against industry standards, best prac ces, and regulatory requirements.
Technology Adop on: Invest in advanced threat detec on technologies such as machine learning,
ar ficial intelligence, and behavioral analy cs to enhance detec on capabili es and adapt to evolving
threats.
Training and Awareness: Provide training and awareness programs to security personnel to improve
their skills in threat detec on, incident response, and analysis.
Con nuous Improvement: Establish a culture of con nuous improvement by regularly reviewing and
upda ng threat detec on processes based on lessons learned, emerging threats, and organiza onal
changes.
69
Par cipant Handbook
Network Traffic Analysis: Monitor network traffic pa erns and anomalies using intrusion detec on
systems (IDS) or network traffic analysis (NTA) tools..
Endpoint Detec on and Response (EDR): Deploy EDR solu ons to monitor and analyze endpoint ac vity
for signs of compromise or malicious behavior.
Threat Intelligence Feeds: Integrate threat intelligence feeds to stay updated on emerging threats and
indicators of compromise (IOCs).
70
Cloud Security Analyst
Ÿ Developing incident response plans with defined roles, responsibili es, and escala on procedures.
Ÿ Providing regular training to staff on incident detec on and response procedures.
Exercise
Q.1. Write a short note on various types of security incident:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Scan this QR Code to watch the related videos or click on the given link
h ps://www.youtube.com/watch?v=VNp35Uw_bSM
Incident detec on in Cloud compu ng
71
Par cipant Handbook
72
6. Cloud Compu ng:
Incident Response
Unit 6.1 – Incident Response in Cloud Compu ng
SSC/N8335
Par cipant Handbook
74
Cloud Security Analyst
Key tools, techniques, and procedures to track and mi gate security intrusions include:
Ÿ Intrusion Detec on Systems (IDS): Monitors network traffic for suspicious ac vi es or pa erns.
Ÿ Intrusion Preven on Systems (IPS): Iden fies and blocks poten al security threats in real- me.
Ÿ Security Informa on and Event Management (SIEM): Collects and analyzes security event data from
various sources.
Ÿ Firewalls: Controls and filters network traffic based on predefined security rules.
Ÿ Endpoint Detec on and Response (EDR): Monitors and responds to suspicious ac vi es on
endpoints.
Ÿ Vulnerability Scanning: Iden fies and priori zes security vulnerabili es in systems and networks.
Ÿ Penetra on Tes ng: Simulates real-world a acks to iden fy weaknesses and security flaws.
Ÿ User Educa on and Awareness Training: Educates users about security best prac ces and how to
iden fy poten al threats.
Ÿ Incident Response Plans: Establishes procedures for responding to security incidents in a mely and
effec ve manner.
Ÿ Threat Intelligence Feeds: Provides informa on about emerging threats and a ack trends.
Ÿ Patch Management: Ensures that systems and so ware are up-to-date with the latest security
patches and updates.
75
Par cipant Handbook
76
Cloud Security Analyst
77
Par cipant Handbook
Patch and Update: Apply security patches and updates to remediate vulnerabili es exploited during the
incident and prevent future a acks.
System Hardening: Implement security best prac ces, such as disabling unnecessary services,
configuring firewalls, and implemen ng access controls, to strengthen system defenses.
Incident Review and Lessons Learned: Conduct a thorough post-incident analysis to iden fy root
causes, vulnerabili es, and gaps in security controls. Use this informa on to improve incident response
procedures and strengthen defenses against future incidents.
Communica on and Transparency: Keep stakeholders informed about the incident, its impact, and the
remedia on efforts. Provide mely updates on progress and ac ons taken to restore normal opera ons.
User Training: Reinforce cybersecurity awareness and best prac ces among employees to prevent
similar incidents in the future.
78
Cloud Security Analyst
Exercise
Q.1. List 5 main tools, techniques, and procedures to track and mi gate security intrusions:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Q.2. Describe in short the methods to iden fy compromised and affected systems:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Scan this QR Code to watch the related videos or click on the given link
h ps://www.youtube.com/watch?v=E9pHJRRfAhw
Tools, techniques, and procedures to track and mi gate security intrusions
79
Par cipant Handbook
80
7. Cloud Compu ng:
Con nuous Monitoring
Unit 7.1 – Con nuous Monitoring in Cloud Compu ng
SSC/N8337
Par cipant Handbook
82
Cloud Security Analyst
Reac ve Response:
Ÿ A er-the-Fact: Reacts to incidents a er they have occurred, o en leading to delayed detec on and
response.
83
Par cipant Handbook
Ÿ Damage Control: Focuses on containing and mi ga ng the immediate impact of the incident.
Ÿ Limited Insights: Provides limited insights into the root causes and broader threat landscape.
Ÿ Ad Hoc: Responses may lack cohesion and consistency, increasing the risk of recurrence.
84
Cloud Security Analyst
85
Par cipant Handbook
Exercise
Q.1. Write a short note on importance of Threat Hun ng and Intelligence-Driven Incident Response:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Q.2. List the latest tools and methodologies available to iden fy, track, and con nuously monitor
incidents:
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Scan this QR Code to watch the related videos or click on the given link
h ps://www.youtube.com/watch?v=o96RjqNp2wQ
Con nuous Monitoring in Cloud Compu ng
86
Cloud Security Analyst
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
87
Par cipant Handbook
88
8. Inclusive and
Environmentally
Sustainable
Workplaces
Unit 8.1 – Sustainable Practices in the Workplace
Unit 8.2 – Diversity and Equity Promotion Strategies in the
Workplace
SSC/N9014
ParParcipant
cipant Guide
Handbook
90
Cloud Security Analyst
8.1.1 Sustainability
Sustainability is the equilibrium among the environment, equity, and economy. In 1987, the Brundtl and
Commission of the United Na ons characterized sustainability as "addressing the requirements of the
current genera on without jeopardizing the capacity of succeeding genera ons to fulfill their own
necessi es.”
Sustainability is a concept comprised of three interconnected pillars, each playing a vital role in achieving
a harmonious and balanced system. These three pillars collec vely form the founda on for sustainable
development, ensuring that ac ons and decisions consider the broader impact on our planet and future
genera ons.
91
ParParcipant
cipant Guide
Handbook
92
Cloud Security Analyst
The different approaches for efficient energy resource u liza on and conserva on are:
1. Advanced Metering Infrastructure (AMI): Advanced Metering Infrastructure (AMI) is a sophis cated
system of smart meters, communica on networks, and data management systems designed to
modernize and enhance the func onality of tradi onal u lity metering. AMI enables the collec on,
analysis, and communica on of detailed energy consump on data in real- me, offering numerous
advantages over conven onal metering systems.
2. Energy Management Systems (EMS): Energy Management Systems (EMS) are comprehensive
so ware and hardware solu ons designed to monitor, control, and op mize energy consump on
within various environments. EMS plays a crucial role in enhancing energy efficiency, reducing costs,
and suppor ng sustainability ini a ves.
3. Energy Audits: Energy audits are systema c assessments of energy usage and efficiency within a
facility, building, or industrial process. The primary goal is to iden fy opportuni es for energy
conserva on, cost savings, and overall improvement in energy performance.
93
ParParcipant
cipant Guide
Handbook
4. Energy-Efficient Ligh ng: Energy-efficient ligh ng refers to the use of ligh ng technologies and
strategies that minimize energy consump on while maintaining or improving the quality of
illumina on. This approach is crucial for reducing electricity costs, enhancing sustainability, and
mi ga ng environmental impacts.
5. Green Building Cer fica ons: Green Building Cer fica ons offer a comprehensive framework to
advocate for environmentally responsible and sustainable prac ces in both the construc on and
opera on of buildings. One prominent cer fica on is LEED (Leadership in Energy and Environmental
Design), se ng the standard for environmentally friendly building design.
6. Combined Heat and Power (CHP) Systems: Combined Heat and Power (CHP) systems, also denoted to
as cogenera on, represent integrated energy systems that produce electricity and valuable thermal
energy from a single fuel source. This approach significantly enhances overall energy efficiency
equated to the separate produc on of electricity and thermal energy.
7. Energy-Efficient HVAC Systems: Energy-efficient Hea ng, Ven la on, and Air Condi oning (HVAC)
systems play a essen al role in eleva ng building sustainability and promo ng energy conserva on.
These systems incorporate advanced technologies and features priori zing energy efficiency,
resul ng in decreased energy consump on and opera onal costs.
94
Cloud Security Analyst
3. Cost Savings:
Ÿ Implementa on of efficient waste management systems results in significant reduc ons in waste
disposal costs.
Ÿ Recycling programs can poten ally unlock revenue streams, offering financial benefits to
organiza ons.
1. Iden fy Wastes:
The ini al step in effec ve waste management involves a comprehensive iden fica on of the various
types of wastes generated within a given system or organiza on. This process necessitates a thorough
understanding of the waste stream, encompassing both solid and poten ally hazardous materials. By
categorizing and cataloging the different types of wastes produced, organiza ons can establish a
founda onal understanding of the scope and nature of their waste genera on.
Iden fica on also involves iden fying sources, pa erns, and poten al environmental impacts. This step
is cri cal in laying the groundwork for subsequent waste management ac ons, enabling organiza ons to
tailor strategies that address the specific composi on and characteris cs of their generated wastes.
2. Evaluate Waste:
Once wastes are iden fied, the next step involves a detailed evalua on of their proper es, risks, and
poten al for resource recovery. This evalua on encompasses assessing the composi on of the waste
stream, dis nguishing between recyclable, non-recyclable, and hazardous materials.
Evalua on also involves considering the environmental impact of various waste management methods.
95
ParParcipant
cipant Guide
Handbook
For instance, determining whether incinera on, recycling, or landfill disposal is the most
environmentally sustainable op on involves a comprehensive evalua on of factors such as energy
consump on, emissions, and long-term ecological effects.
Risk assessments associated with hazardous wastes are crucial during this step. Understanding the
poten al harm posed by certain materials guides the implementa on of safe handling and disposal
prac ces.
3. Manage Wastes:
Armed with a thorough understanding of iden fied wastes and their evalua ons, organiza ons can then
implement tailored waste management strategies. This involves the development and implementa on
of systems for waste reduc on, recycling, proper disposal, and, where applicable, resource recovery.
Waste management strategies may include the establishment of recycling programs, the adop on of
sustainable packaging prac ces, and the implementa on of efficient disposal methods that minimize
environmental impact. Regulatory compliance, adherence to best prac ces, and ongoing monitoring are
integral components of effec ve waste management.
1. Recyclable Waste:
Ÿ Recyclable materials, like paper, cardboard, plas cs, glass, and certain metals, are iden fied and
separated at the source of genera on. This requires awareness and educa on among individuals or
within organiza ons to recognize materials that can be recycled.
Ÿ Segrega ng recyclable waste at the point of origin enhances the efficiency of recycling processes. It
streamlines the collec on and processing of materials, facilita ng the recovery of valuable resources
and reducing the environmental effect associated with manufacturing new products.
2. Non-Recyclable Waste:
Ÿ Materials that do not fall into the recyclable category, such as certain types of plas cs, contaminated
items, or non-reusable goods, are iden fied during the segrega on process. These materials are then
appropriately disposed of, o en through landfill or incinera on methods.
96
Cloud Security Analyst
3. Hazardous Waste:
Ÿ Recogni on and Special Handling: Hazardous waste, encompassing materials with poten al risks to
human health or the environment, requires special a en on. Segrega on involves recognizing items
such as ba eries, electronic waste, chemicals, and medical waste that fall into this category.
Ÿ Safe Disposal Protocols: Proper segrega on ensures that hazardous waste is handled and disposed of
according to regulatory guidelines. This mi gates the poten al for environmental pollu on and
minimizes health risks associated with improper disposal of hazardous materials.
2. Wet Waste
Ÿ Wet waste consists of organic materials that can decompose, such as food scraps and soiled items.
Examples of Wet Waste are Food waste, soiled paper, and yard waste fall.
Ÿ Wet waste is typically processed through compos ng, conver ng organic ma er into nutrientrich
compost for agricultural use.
3. Sanitary Waste:
Ÿ Sanitary waste includes items origina ng solely from humans and human ac vi es, poten ally
including medical waste. Examples of sanitary waste are Diapers, sanitary napkins, and certain
medical waste items.
Ÿ Due to poten al health risks, sanitary waste may require specialized disposal methods, especially
when medical waste is involved.
97
ParParcipant
cipant Guide
Handbook
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Scan this QR Code to watch the related videos or click on the given link
h ps://www.youtube.com/watch?v=-0zQV8F03Og
Sustainable Prac ces
98
Cloud Security Analyst
8.2.1 Diversity
"Diversity" denotes to the presence of an extensive range of human characteris cs, a ributes, and
perspec ves within a group, organiza on, or community.
Diversity is considered a strength in various se ngs, as it can lead to increased crea vity, be er problem
-solving, and a more dynamic and adaptable organiza on or community. Organiza ons that priori ze
diversity o en aim to generate a culture where individuals feel empowered to contribute their unique
perspec ves and talents.
Key concepts related to diversity include:
Ÿ Inclusion: Nurturing an environment where everybody feels valued respected, and included.
Ÿ Equity: Ensuring fairness and impar ality, addressing systemic barriers, and providing resources
based on individual needs.
Ÿ Representa on: Ensuring that diverse voices are heard and represented at all levels of an
organiza on.
Characteris cs of Diversity:
99
ParParcipant
cipant Guide
Handbook
Diversity Policies
Following diversity policies is crucial for fostering an inclusive and equitable work environment. Key
reasons why adhering to diversity policies is important:
1. Inclusivity: Diversity policies create an inclusive workplace, fostering a sense of belonging among
employees.
2. Crea vity and Innova on: Diverse teams bring different perspec ves, enhancing crea vity and
innova on.
3. Talent A rac on and Reten on: Diversity a racts a broad range of talent, making organiza ons more
appealing and improving reten on rates.
4. Global Market Awareness: Diverse teams can be er understand and cater to the needs of diverse
markets, enhancing business performance.
5. Legal and Ethical Compliance: Following diversity policies ensures legal compliance and demonstrates
commitment to ethical business prac ces.
6. Elimina on of Discrimina on: Diversity policies work to eliminate discrimina on and bias, fostering a
fair and just workplace.
7. Improved Decision-Making: Diverse teams contribute varied viewpoints, leading to more well-
rounded and informed decision-making.
8. Enhanced Reputa on: Companies that priori ze diversity enjoy a posi ve reputa on, building trust
and loyalty among customers and clients.
9. Employee Engagement: Valuing diversity encourages employee engagement, posi vely impac ng
produc vity and job sa sfac on.
10. Long-Term Sustainability: Embracing diversity is a strategic business impera ve for long-term
organiza onal sustainability.
100
Cloud Security Analyst
The importance of a gender-inclusive workplace can be ascertained from the following benefits:
Ÿ By ensuring that the team has a healthy mix of female, male, transgender, and non-binary employees,
the organisa on can benefit from their diverse views and improve the team's crea vity and
innova on.
Ÿ By emphasising the importance of having an inclusive culture, businesses can raise employee morale
and increase opportuni es, which will lead to higher employee reten on rates and save me and
money in the long term.
Ÿ Organiza ons will be able to connect effec vely with customers and increase their understanding of
what they need if their workforce base represents their customers, bringing together a range of
genders, backgrounds, and races.
Ÿ An inclusive culture can be a major a rac on when it comes to recrui ng new employees. When a
company develops a reputa on for having a diverse workforce, it has a tremendous recrui ng tool at
its disposal.
101
ParParcipant
cipant Guide
Handbook
Ÿ Inclusive Workplace: Employers should create an inclusive work environment that accommodates
individuals of all genders, including those who iden fy as non-binary or do not conform to tradi onal
gender norms.
Ÿ Maternity and Paternity Leave: Employers should provide maternity and paternity leave to support
employees who are star ng or expanding their families.
Ÿ Sensi za on and Training: Employers should provide regular sensi za on and training to employees
on gender sensi vity, diversity, and inclusion in the workplace.
Ÿ Non-Discrimina on: Employers ought not to engage in discrimina on against employees on the
grounds of their gender iden ty or expression. They should proac vely address and counteract any
instances of discrimina on or harassment rooted in gender that may arise within the workplace.
1. Create safe spaces: Create employee support groups (ESGs) to encourage and empower all employees
in the company. They contribute to the development of the community by providing safe areas for
individuals to share and get to know one another. ESGs aim to improve employee experience while
also boo ng mental wellness.
2. Examine the resources: Take some me to review the company's wri ng, website, and marke ng
materials with a fresh perspec ve. Even if the message is clear, be alert for wording that may exclude
people. Avoid using terms like "physically challenged," "differently-abled," or "special needs" to
describe people with impairments. When describing persons without disabili es, never use the
adjec ve "normal.”
3. Hire a professional: Organisa on should hire people for their skills, irrespec ve of their physical
challenges. They should hire a person with a disability if they are fulfilling the demands of the job role.
4. Speak with the employees: Persons with disabili es should be included in the decision-making
process of the organisa on, whether or not it directly affects them.
102
Cloud Security Analyst
It may also cause irrita on when the organiza on adopts well-inten oned improvements that no one
requires. It is cri cal to include people with impairments in decision-making processes.
5. Promote diversity on all levels: Hiring people with disability should be done across all levels of the
organisa on. Companies must look below the surface to create a varied environment. There are
various kinds of diversity. Physical and mental ability, educ onal and economic background,
neurodiversity, and immigra on status are only a few examples. Recognize that these people aren't
merely " cking boxes.”
6. Be transparent: Companies and their leaders must demonstrate that crea ng a more inclusive
atmosphere is a priority, not a project. One should allow their managers and staff to be open and
honest about their problems, errors, victories, and even limita ons.
103
ParParcipant
cipant Guide
Handbook
2. Mental disabili es: These are disabili es that affect a person's mental func oning. Mental disabili es
can include mental illnesses, such as depression, anxiety, bipolar disorder, or schizophrenia. Mental
disabili es can also include cogni ve impairments, such as memory loss, a en on deficits, or learning
disabili es. Mental disabili es can limit a person's ability to concentrate, communicate, or engage in
social interac ons. Treatment and support services, such as counselling, medica on, and therapy, can
help people with mental disabili es to cope their symptoms and improve their quality of life.
3. Intellectual disabili es: These are disabili es that affect a person's cogni ve abili es. Intellectual
disabili es can be caused by gene c condi ons, brain damage, or other factors. Intellectual disabili es
can result in difficul es with reasoning, problem-solving, and understanding complex concepts.
Intellectual disabili es can also affect a person's ability to communicate efficiently and involve in social
interac ons. Special educa on and support services, such as individualized instruc on and behavioral
therapies, can help people with intellectual disabili es to develop their cogni ve and social skills and
achieve their full poten al.
4. Sensory impairments: These are disabili es that affect a person's senses. Sensory impairments can
include hearing loss, vision impairment, or tac le sensi vity. Sensory impairments can limit a person's
ability to communicate, navigate their environment, or access informa on. Assis ve technologies,
such as hearing aids, Braille displays, and screen readers, can help people with sensory impairments to
overcome these limita ons and par cipate fully in society.
104
Cloud Security Analyst
Ÿ Create and post an Equal Opportunity Policy on the establishment's website or in a prominent
loca on within the premises. The policy must provide informa on about the perks and
accommoda ons available to disabled employees. The State Commissioner must also be given a copy
of the Policy.
Ÿ Employers with more than 20 employees must appoint a Liaison Officer to manage the recruitment of
disabled people and the par cular accommoda ons that must be provided for them.
Ÿ Establishments are required to iden fy job openings that are suitable for disabled people. In the case
of businesses that receive government subsidies, a minimum of 5% of job openings must be
designated for people with disabili es.
Ÿ In the workplace, the employer must ensure that illegi mate discrimina on against disabled people
is prohibited.
Ÿ To improve impaired employees' accessibility, the employer must provide addi onal facili es or
special advantages, such as special leave and training programmes.
Ÿ The government has published accessibility standards for disabled people, which must be followed
by all businesses. The accessibility standards apply to workplace infrastructure and communica on
technologies, both of which must be accessible to people with disabili es.
Ÿ Every organisa on must keep track of its disabled personnel.
105
ParParcipant
cipant Guide
Handbook
Ÿ Lack of Accessibility: Nega ve a tudes may contribute to a lack of accessibility in public spaces,
making it difficult for individuals with disabili es to navigate their surroundings independently.
Ÿ Impact on Mental Health: The constant experience of prejudice and stereotyping can contribute to
stress, anxiety, and other mental health challenges for individuals with disabili es.
8.2.10 Communica on
Ensuring gender inclusiveness and sensi vity toward Persons with Disabili es (PwD) in communica on
is essen al for fostering a respec ul and inclusive environment. Here are some communica on methods
aligned with these principles:
1. Inclusive Language:
Ÿ Avoid Gendered Language: Use gender-neutral language whenever possible to be inclusive of all
genders. Instead of using "he" or "she," opt for gender-neutral pronouns like "they" or rephrase
sentences to eliminate gender-specific terms.
Ÿ Accessible Language: Ensure that communica on is accessible to everyone, including individuals
with disabili es, by using plain language and avoiding jargon.
106
Cloud Security Analyst
Ÿ Speaker Representa on: Ensure diverse representa on in speaking roles during mee ngs,
presenta ons, and events to promote a variety of perspec ves.
Exercise
A. Short Answer Ques ons
1. What are some different approaches for efficient u liza on of energy resources?
2. Explain the importance of prac cing the segrega on of recyclable, non-recyclable, and hazardous
waste.
3. List the examples of recyclable, non-recyclable, and hazardous waste.
4. What are the poten al nega ve outcomes of neglec ng gender inclusiveness and PwD sensi vity
at the organiza onal level?
5. In what ways can organiza ons ac vely combat stereotypes associated with people with
disabili es and foster a more inclusive environment?
107
ParParcipant
cipant Guide
Handbook
2. Green Building Cer fica ons provide a cer ficates for pain ng the building green.
3. Mental disability is a type of disability.
4. Prejudice and stereotypes contribute to social exclusion
5. LEED stands for Leadership in Energy and Environmental Design.
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
108
Cloud Security Analyst
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
109
ParParcipant
cipant Guide
Handbook
110
9. Employability Skills
https://www.skillindiadigital.gov.in/content/list
ParParcipant
cipant Guide
Handbook
112
10. Annexure
Annexure 1 – Details of the QR Codes Given in the Units
ParParcipant
cipant Guide
Handbook
Annexure I
Unit-wise QR Code Details
Sl. Module Page
Unit Name Topic Name URL QR Code (s)
No Name No.
295
114
Cloud Security Analyst
Notes
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
295
115
ParParcipant
cipant Guide
Handbook
295
116
IT – ITeS Sector Skill Council NASSCOM
Sector Skill Council Contact Details:
Address: Plot No. – 7, 8, 9 & 10 Sector – 126, Noida, Uttar Pradesh – 201303
Website: www.sscnasscom.com
Phone: 0120 4990111 – 0120 4990172
Price: