Lesson 1Network and infrastructure security: segmentation, firewalls, IDS/IPS, cloud security group best practicesExplains how to secure cloud networks and infrastructure for SaaS. Covers segmentation, firewalls, security groups, IDS/IPS, bastion access, and hardening of management planes while aligning with shared responsibility models.
Network zoning and tenant segmentationFirewall and security group rule designSecure remote admin and bastion patternsIDS/IPS deployment and tuning basicsCloud provider network security featuresLesson 2Access control and identity management: strong authentication, least privilege, role-based access controlsDescribes how to design access control for SaaS platforms using strong authentication and least privilege. Explains RBAC, ABAC, joiner-mover-leaver processes, and periodic access reviews aligned with ISO 27001 Annex A controls.
Identity lifecycle and JML process designStrong authentication and MFA enforcementRole-based and attribute-based access modelsLeast privilege and privileged access controlPeriodic access reviews and recertificationsLesson 3Incident management and response: detection, triage, containment, root cause analysis, communicationDescribes the incident response lifecycle for SaaS environments. Explains detection, triage, containment, eradication, recovery, root cause analysis, communication, and post-incident improvements aligned with ISO 27035.
Incident classification and severity levelsTriage, containment, and evidence handlingEradication, recovery, and service restorationRoot cause analysis and lessons learnedInternal and external incident communicationLesson 4Cryptography and key management: data encryption at rest and in transit, key lifecycle managementCovers cryptographic controls for SaaS data at rest and in transit. Explains algorithm choices, TLS configuration, key generation, storage, rotation, and separation of duties using HSMs or cloud key management services.
Data at rest encryption for SaaS storageTLS configuration and data in transit securityKey generation, storage, and rotation rulesUse of HSMs and cloud KMS servicesKey access control, logging, and escrowLesson 5Secure development and change management: secure SDLC, code reviews, dependency management, CI/CD security gatesFocuses on secure SDLC practices for SaaS products. Explains security requirements, threat modeling, code review, dependency management, CI/CD security gates, and controlled change management with proper approvals and rollback plans.
Defining security requirements in the SDLCThreat modeling for cloud SaaS featuresSecure code review and pair review practicesDependency and open source risk managementCI/CD security gates and change approvalsLesson 6Backup, restore, and business continuity: backup strategy, recovery time/objectives, testingExplains how to design, implement, and test backup and recovery controls for SaaS workloads. Focuses on RPO/RTO, immutable backups, offsite storage, and alignment with business continuity and disaster recovery objectives.
Defining RPO and RTO for SaaS servicesBackup scope, frequency, and retention rulesImmutable, offsite, and geo-redundant backupsBackup encryption, access control, and loggingBackup restore drills and BC/DR test planningLesson 7Logging, monitoring, and alerting: centralized logging, SIEM basics, retention, log integrityDescribes how to design centralised logging and monitoring for SaaS. Covers log sources, retention, integrity, SIEM onboarding, alert tuning, and dashboards that support detection, forensics, and compliance reporting needs.
Selecting and onboarding log sourcesLog normalization, parsing, and enrichmentLog retention, protection, and integritySIEM use cases and alert rule designMonitoring dashboards and KPIs for ISBsLesson 8Third-party/vendor risk management: supplier assessment, contracts, SLA/security requirementsCovers lifecycle management of suppliers supporting a SaaS service. Details due diligence, risk assessments, contractual clauses, SLAs, and ongoing monitoring to ensure third parties meet ISO 27001 and cloud security expectations.
Supplier classification and criticality levelsSecurity due diligence and risk assessmentsContractual security, privacy, and audit clausesDefining and monitoring security SLAsOngoing vendor monitoring and reassessmentLesson 9Endpoint and host security: EDR, hardening baselines, configuration managementExplains endpoint and host security for servers, containers, and admin devices. Covers hardening baselines, EDR, configuration management, secure images, and compliance monitoring for cloud and on-premise assets.
Hardening baselines for servers and VMsEDR deployment and alert triage basicsSecure golden images and template controlConfiguration management and drift detectionAdmin workstation and jump host securityLesson 10Vulnerability management and patching: asset inventory, vulnerability scanning, prioritization, remediation SLAsDetails how to run a structured vulnerability management program. Covers asset inventory, scanning, risk-based prioritisation, remediation SLAs, exception handling, and reporting to management and auditors.
Building and maintaining asset inventoriesVulnerability scanning for cloud workloadsRisk-based prioritization and scoringPatch deployment windows and SLAsException handling and risk acceptance
