Few issues in the IT arena are currently treated with more interest and passion than virtualization. Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them. By providing a logical rather than a physical view of computing resources, virtualization makes possible many functions, currently the most popular of which is to run multiple operating systems and/or applications on a single physical machine. Virtualization also has many additional benefits; virtualization and computing will continue to converge well into the future.

The information security implications of breakthrough technologies are almost never thoroughly understood until well after they are widely implemented; virtualization is no exception. An increasing number of significant security-related risks (each associated with a variety of business risks) in connection with virtualization have been and are still being identified. These risks include ability to defeat "secure isolation," "hyperjacking," unauthorized data capture in virtualized networks, new types of denial of service attacks, and many others. Unmitigated virtualization-related risk can result in substantial business loss and disruption. Because the business benefits of virtualization are also so great, pitting costs versus benefits in the world of virtualization is frequently an unusually difficult task.

This one-day course is designed to facilitate learning at the knowledge, comprehension, application and evaluation levels. At the knowledge and comprehension levels, attendees will learn what virtualization is, how virtualization works, major types of virtualization, its many benefits, the kinds and severity of risks that it introduces, the types of administrative and technical controls that can be used for risk mitigation, and how effective each control is. The course then focuses on analyzing, evaluating and applying to real-world settings issues such as whether virtualization-related risk is adequately considered during the risk analysis process, how policy, standards and procedures may have to be modified in accordance with changes that virtualized environments typically create, how to make costs versus benefits comparisons, special considerations due virtualization components in "cloud computing," and how virtualization technology is likely to evolve over time and the probable impact upon information security. Finally, the course covers audit considerations—the kinds of issues auditors should examine while conducting audits on virtualized environments and why. Kinds of findings that are likely result and how to prioritize each will also be covered.

To find out more about our services, please call us at 415.944.2977 or request additional information by emailing info@emagined.com.