Special Notices


Overview

Day one and two will consist of the Foundation Class which provides students a
comprehensive one day review of cloud security fundamentals and prepares
them to take the Cloud Security Alliance CCSK v4.0 certificate exam. Starting
with a detailed description of cloud computing, the course covers all major
domains in the Guidance v4.0 document from the Cloud Security Alliance, which
follows the recommendations from the European Network and Information
Security Agency (ENISA).

The third day of training builds upon the CCSK Foundation class (Day 1&2) with
expanded material and extensive hands-on activities. Students will learn to
apply their knowledge as they perform a series of exercises as they complete a
scenario bringing a fictional organization securely into the cloud.

As well as the above, the second day will include assessing, building, and
securing a cloud infrastructure.

Prerequisites

None

Delegates will learn how to

The CCSK plus course is designed to prepare students to sit and pass the Cloud
Security Alliance, CCSK examination.

Outline

Domain 1 Cloud Computing Concepts and Architectures

  • Definitions of Cloud Computing
  • Service Models
  • Deployment Models
  • Reference and Architecture Models
  • Logical Model
  • Cloud Security Scope, Responsibilities, and Models
  • Areas of Critical Focus in Cloud Security


Domain 2: Governance and Enterprise Risk Management

  • Tools of Cloud Governance
  • Enterprise Risk Management in the Cloud
  • Effects of various Service and Deployment Models
  • Cloud Risk Trade-offs and Tools


Domain 3: Legal Issues, Contracts and Electronic Discovery

  • Legal Frameworks Governing Data Protection and Privacy
  • Cross-Border Data Transfer
  • Regional Considerations
  • Contracts and Provider Selection
  • Contracts
  • Due Diligence
  • Third-Party Audits and Attestations
  • Electronic Discovery
  • Data Custody
  • Data Preservation
  • Data Collection
  • Response to a Subpoena or Search Warrant


Domain 4: Compliance and Audit Management

  • Compliance in the Cloud
  • Compliance impact on cloud contracts
  • Compliance scope
  • Compliance analysis requirements
  • Audit Management in the Cloud
  • Right to audit
  • Audit scope
  • Auditor requirements


Domain 5: Information Governance

  • Governance Domains
  • Six phases of the Data Security Lifecycle and their key elements
  • Data Security Functions, Actors and Controls


Domain 6: Management Plane and Business Continuity

  • Business Continuity and Disaster Recovery in the Cloud
  • Architect for Failure
  • Management Plane Security

Domain 7: Infrastructure Security

  • Cloud Network Virtualization
  • Security Changes With Cloud Networking
  • Challenges of Virtual Appliances
  • SDN Security Benefits
  • Micro-segmentation and the Software Defined Perimeter
  • Hybrid Cloud Considerations
  • Cloud Compute and Workload Security


Domain 8: Virtualization and Containers

  • Mayor Virtualizations Categories
  • Network
  • Storage
  • Containers


Domain 9: Incident Response

  • Incident Response Lifecycle
  • How the Cloud Impacts IR


Domain 10: Application Security

  • Opportunities and Challenges
  • Secure Software Development Lifecycle
  • How Cloud Impacts Application Design and Architectures
  • The Rise and Role of DevOps


Domain 11: Data Security and Encryption

  • Data Security Controls
  • Cloud Data Storage Types
  • Managing Data Migrations to the Cloud
  • Securing Data in the Cloud


Domain 12: Identity, Entitlement, and Access Management

  • IAM Standards for Cloud Computing
  • Managing Users and Identities
  • Authentication and Credentials
  • Entitlement and Access Management


Domain 13: Security as a Service

  • Potential Benefits and Concerns of SecaaS
  • Major Categories of Security as a Service Offerings


Domain 14: Related Technologies

  • Big Data
  • Internet of Things
  • Mobile
  • Serverless Computing

Please complete this form and we'll be in touch

Hide form
Please enter a date or timescale
Please type in a preferred location or region...