About this course

Course code TPH8P75S
Duration 2 Days

There is a lot of hype and confusion around cloud security. This 2-day course slices through the hyperbole and provides students with the practical knowledge they need to understand the real cloud security issues and solutions. The training gives students a comprehensive review of cloud security fundamentals and prepares them for the Cloud Security Alliance CCSK certification exam.

Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). Alternatively, take the 3-day H8P76S CCSK Plus course that adds an additional day for hands-on labs. Each course includes an exam voucher from the Cloud Security Alliance for the CCSK certification exam.

Prerequisites

We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management. For security foundations training, refer to the HP Information Security Common Body of Knowledge curriculum found at hp.com/learn/security.

Who should attend?

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security.

Outline

Module 1: Introduction And Cloud Architectures

  • Define cloud computing and its business benefits
  • List the attributes that define cloud computing
  • Identify pros and cons of cloud computing choices
  • Discuss the different components of the cloud computing stack
  • Differentiate service models and deployment models
  • Describe individual service models and how they operate
  • Describe individual deployment models and how they operate

Module 2: Adapting Governance And Information Risk Mgt Objectives

  • List the key elements of information security governance related to cloud operations
  • Identify strategies to manage provider governance
  • Describe the steps in risk management lifecycle specifically for moving to the cloud
  • List alternatives for risk treatment used by CSA
  • Discuss levels of maturity in risk management
  • Differentiate risk treatment implementation responsibility across service models
  • Identify types of assets and how to evaluate their value to the organization
  • Describe how incidents change in cloud
  • Identify challenges in incident response when working with a cloud provider at various service levels
  • List the steps in responding to a security incident

Module 3: Compliance And Audit In The Cloud Objectives

  • Identify types legal responsibilities based on business compliance, regulations, and geography
  • Discuss responsibility and accountability for assessing and mitigating information security risks
  • Discuss contractual elements that support compliance and verification
  • Describe types of audit and how to plan for them
  • List required artifacts for auditing
  • Describe how to handle the results of an audit

Module 4: Physical And Administrative Controls Objectives

  • Recognize sample security controls for data center perimeter
  • Describe how cloud provider employment policies affect information security

Module 5: Infrastructure Technology Objectives

  • Identify architectural layers in a cloud environment
  • Provide a high level description of the operation of hypervisors in creating, updating, and destroying virtual machines
  • Discuss operation of the cloud management plane
  • List elements of virtual networking
  • Give a general description of the operation of shared storage
  • List additional infrastructure elements required in the operation of a cloud architecture
  • Differentiate the infrastructure delivery for different service models

Module 6: Securing Cloud Infrastructure Objectives

  • Discuss the security advantages and disadvantages of working with virtual infrastructure
  • Identify security concerns in a cloud environment
  • List elements to secure the host and hypervisor levels
  • Discuss how to secure the cloud management plane
  • Describe how to secure virtual networking
  • Describe how to secure virtual machines during creation, use, movement, and destruction
  • List ways to secure API interfaces
  • Learn the security basics for the difference service models
  • Assess the security implications of different deployment models

Module 7: Data Security For Cloud Computing Objectives

  • Describe different cloud storage models
  • Define security issues for data in the cloud
  • Describe data security lifecycle
  • Use functions, actors, and locations to identify cloud security issues, and specific controls to address security and governance
  • Discuss data encryption and key management
  • Describe forms of data loss prevention

Module 8: Cloud Identity And Access Management Objectives

  • Define identity, entitlement, and access management terms
  • Differentiate between identity and access management
  • List best practices in provisioning identity and entitlement
  • Describe how to build an entitlement matrix
  • Differentiate between authentication, authorization, and access control
  • Describe architectural models for provisioning and how to integrate them
  • Describe the operation of federated identity management
  • List key identity management standards and how they facilitate interoperation

Module 9: Developing And Securing Cloud Applications Objectives

  • Describe the importance of standard interfaces and the potential costs of vendor lock-in
  • Differentiate between portability and interoperability
  • Describe how to minimize disruption of service during vendor change
  • Define Application Architecture, Design, and Operations lifecycle
  • Discuss impact of cloud operations on SDLC and identify threat modeling requirements
  • Differentiate static and dynamic testing methods and give examples of each
  • Examine application security tools and vulnerability management processes
  • Discuss the role of compliance in cloud applications
  • Describe methods of ongoing application monitoring

Module 10: Security As A Service Objectives

  • Define SECaaS
  • List advantages and concerns for SECaaS
  • Describe various forms of security offered as services

Module 11: Vendor Relationships Objectives

  • List elements of risk management planning and implementation to look for in a cloud service provider
  • Identify strategies to manage provider governance
  • Advocate for contractual clarity in all phases of risk management and information security
  • Describe elements of supplier assessment for cloud providers

2 Days

Duration

This is a QA approved partner course

Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.