GRC Threat Modelling with Cloud Native (1 day)

This course builds on Threat Modelling Kubernetes by diving deeper into how formal threat modelling can be used to prove compliance with GRC requirements. The course is backed by a full reference Kubernetes Threat Model, linked to controls from industry frameworks and standards. It highlights how these controls can be implemented in practice using popular open source technologies. Attendees will leave with the practical knowledge and tools needed to design or audit secure-by-default Kubernetes-based systems, within highly regulated environments.

Course Outline

• Half-day version of “Threat Modelling Kubernetes” to introduce the fundamentals of Threat Modelling
• Attendees will then use the fundamental Threat Modelling techniques learned in the first half of the course to build up a complete, generic Kubernetes Threat Model
• Deep dive into applicable compliance frameworks
• Integration examples of popular open source technology into governance, risk management, and compliance frameworks, and demonstrations of how these technologies can help organisations meet compliance requirements
• Further hands-on scenario-focused threat modelling based on real customer needs and “straw man” architectures presented by attendees to update the initial generic Threat Model

Who Should Attend

This course is designed for audit and regulatory teams that may have had some exposure to Kubernetes, but who are not well acquainted with how to meet strict GRC requirements for rapidly evolving, cloud native systems. By working through a complete Kubernetes Threat Model, fully mapped to key compliance standards, attendees will leave with the confidence needed to run, audit and assure Kubernetes clusters in highly regulated contexts.

Learn More

To understand how we collaborate with your team, customise to your needs, or talk to one of our instructors, contact us.