CCSK Foundation E-Learning

There are no formal prerequisites. However, it is strongly recommended that learners have:

• A basic understanding of cybersecurity concepts such as firewalls, encryption, identity and access management, and secure development
• An interest in cloud service models, governance frameworks, and risk controls

Target audience

This course is ideal for:

• Network administrators, systems engineers, and security analysts
• Cloud architects and DevOps professionals
• Cybersecurity consultants and risk managers
• Pre- and post-sales engineers supporting cloud technologies
• IT professionals preparing for CCSK certification

By the end of this course, learners will be able to:

• Define cloud computing models, reference architectures, and security frameworks
• Implement cloud governance and compliance strategies based on CSA best practices
• Conduct cloud risk assessments and manage audit requirements
• Apply identity and access controls within multi-cloud and hybrid environments
• Use monitoring, telemetry, and analytics tools to secure cloud infrastructures
• Protect cloud workloads including virtual machines, containers, and serverless services
• Secure cloud data using classification, encryption, and workload-specific controls
• Integrate secure application design principles using DevSecOps and CI/CD pipelines
• Develop cloud-specific incident response and resilience planning processes
• Understand emerging technologies like Zero Trust and generative AI in cloud security

Introduction and orientation

• Navigating the CCSK learning environment
• Using the CCSK Orb and CSA Circle

Domain 1: Cloud computing concepts and architectures

• Defining cloud models and reference architectures
• Scope of cloud security and shared responsibility

Domain 2: Cloud governance

• Governance frameworks and hierarchy
• Key strategies for governance in cloud environments

Domain 3: Risk, audit, and compliance

• Risk management tools and frameworks
• Compliance validation and cloud audit practices

Domain 4: Organisation management

• Provider-level security models
• Hybrid and multi-cloud architecture considerations

Domain 5: Identity and access management

• Strong authentication and IAM policies
• Automation and least privilege strategies

Domain 6: Security monitoring

• Monitoring techniques and telemetry sources
• Cloud-native detection and analytics
• Use of generative AI for threat detection

Domain 7: Infrastructure and networking

• Securing infrastructure and networking fundamentals
• Zero Trust and SASE integration in cloud models

Domain 8: Cloud workload security

• Securing VMs, containers, serverless, and PaaS
• Security of AI workloads

Domain 9: Data security

• Data classification, workload, and storage protections
• Security policies for cloud-native data environments

Domain 10: Application security

• Secure development lifecycle in cloud environments
• DevSecOps, CI/CD, and SaaS security considerations

Domain 11: Incident response and resilience

• Planning and executing incident response
• Post-incident analysis and resilience frameworks

Domain 12: Related technologies and strategies

• Emerging risks with Zero Trust, AI, and threat management

Final modules

• CCSK practice exam
• Preparation and next steps

Exams and assessments

This course includes a CCSK exam token for one attempt. The exam is administered by the Cloud Security Alliance and tests learners across the 12 domains of CCSK v5. A certificate of completion is provided, worth 15.5 course hours, which may be submitted for Continuing Professional Education (CPE) credits.

Hands-on learning

This course includes:

• Interactive CCSK Orb chatbot for scenario-based learning
• Practice questions and a mock CCSK exam
• Fully guided digital study content and downloadable materials
• Real-world case studies across multiple domains