Book Your Seat Today!

Kindly advise me your company detail and our consultant will contact you soonest!

Course Objectives

  • Validate your competence gained through experience in cloud security
  • Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
  • Differentiate yourself from other candidates for desirable employment in the fast-growing cloud security market
  • Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
  • Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environment
  • Increase your confidence that candidates are qualified and committed to cloud security
  • Ensure practitioners use a universal language, circumventing ambiguity with industry-accepted cloud security terms and practices
  • Increase organizations’ credibility when working with constituents

Description

As enterprises and consumers move greater amounts of sensitive information to the cloud, employers struggle to find information security leaders who have the necessary breadth and depth of knowledge to establish cloud security programs protecting sensitive information.

The CCSK lets the marketplace know you are ready for the challenge with the first credential dedicated to cloud security, offered by the world’s thought leader in cloud security.

Target Audience

The CCSK is strongly recommended for IT auditors, and it is even required for portions of the CSA Security, Trust & Assurance Registry (STAR) program.

Training Outline

Domain 1: Cloud Computing Concepts and Architectures
  • Definitions of Cloud Computing
    • Service Models
    • Deployment Models
    • Reference and Architecture Models
    • Logical Model
  • Cloud Security Scope, Responsibilities, and Models
  • Areas of Critical Focus in Cloud Security
Domain 2: Governance and Enterprise Risk Management
  • Tools of Cloud Governance
  • Enterprise Risk Management in the Cloud
  • Effects of various Service and Deployment Models
  • Cloud Risk Trade-offs and Tools
Domain 3: Legal Issues, Contracts and Electronic Discovery
  • Legal Frameworks Governing Data Protection and Privacy
    • Cross-Border Data Transfer
    • Regional Considerations
  • Contracts and Provider Selection
    • Contracts
    • Due Diligence
    • Third-Party Audits and Attestations
  • Electronic Discovery
    • Data Custody
    • Data Preservation
    • Data Collection
    • Response to a Subpoena or Search Warrant
Domain 4: Compliance and Audit Management
  • Compliance in the Cloud
    • Compliance impact on cloud contracts
    • Compliance scope
    • Compliance analysis requirements
  • Audit Management in the Cloud
    • Right to audit
    • Audit scope
    • Auditor requirements
Domain 5: Information Governance
  • Governance Domains
  • Six phases of the Data Security Lifecycle and their key elements
  • Data Security Functions, Actors and Controls
Domain 6: Management Plane and Business Continuity
  • Business Continuity and Disaster Recovery in the Cloud
  • Architect for Failure
  • Management Plane Security
Domain 7: Infrastructure Security
  • Cloud Network Virtualization
  • Security Changes with Cloud Networking
  • Challenges of Virtual Appliances
  • SDN Security Benefits
  • Micro-segmentation and the Software Defined Perimeter
  • Hybrid Cloud Considerations
  • Cloud Compute and Workload Security
Domain 8: Virtualization and Containers
  • Mayor Virtualizations Categories
  • Network
  • Storage
  • Containers
Domain 9: Incident Response
  • Incident Response Lifecycle
  • How the Cloud Impacts IR
Domain 10: Application Security
  • Opportunities and Challenges
  • Secure Software Development Lifecycle
  • How Cloud Impacts Application Design and Architectures
  • The Rise and Role of DevOps
Domain 11: Data Security and Encryption
  • Data Security Controls
  • Cloud Data Storage Types
  • Managing Data Migrations to the Cloud
  • Securing Data in the Cloud
Domain 12: Identity, Entitlement, and Access Management
  • IAM Standards for Cloud Computing
  • Managing Users and Identities
  • Authentication and Credentials
  • Entitlement and Access Management
Domain 13: Security as a Service
  • Potential Benefits and Concerns of SecaaS
  • Major Categories of Security as a Service Offerings
Domain 14: Related Technologies
  • Big Data
  • Internet of Things
  • Mobile
  • Serverless Computing
ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
  • Isolation failure
  • Economic Denial of Service
  • Licensing Risks
  • VM hopping
  • Five key legal issues common across all scenarios
  • Top security risks in ENISA research
  • OVF
  • Underlying vulnerability in Loss of Governance
  • User provisioning vulnerability
  • Risk concerns of a cloud provider being acquired
  • Security benefits of cloud
  • Risks R.1 – R.35 and underlying vulnerabilities
  • Data controller versus data processor definitions
  • In Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring

Prerequisite

The CCSK is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization.