The Cloud Computing Security Knowledge course provides students with thorough coverage of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. The course begins with a detailed description of cloud computing and then expands into all major organisations such as; Governance and Risk Management, the Cloud Architectural Framework and Business Continuity/Disaster. The CCSK is an examination testing for a broad foundation of knowledge about cloud security, with topics ranging from architecture, governance, compliance, operations, encryption, virtualiszation and much more. The body of knowledge for the CCSK examination is the CSA Security Guidance for Critical Areas of Focus in Cloud Computing V3, English language version, and the ENISA report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”.
This course includes the following features:
Instructor-led demonstrations and visual presentations that you to develop your skills based on real world scenarios.
Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
Flash Cards and Education Games are also provided throughout the course.
Practice exams prepare you for your exams. These exams are on average 100 questions to ensure you are 100% prepared if you are taking a certification exam.
You can also interact and collaborate with other students through our forums, student contributions and announcement features.
Who should complete this course?
IT Managers, IT Security personnel, Programmers and Developers, IT Security Managers.
People considering a career in IT Security Management.
Entry Requirements / Prerequisites
None. Recommended experience is six months’ direct experience in an IT environment, including IT-related tasks, responsibility, and decision making.
Topics covered in this Course
CSA Cloud Reference Model
Jericho Cloud Cube Model
Cloud Security Reference Model
Cloud Service Brokers
Service Level Agreements
Governance and Enterprise Risk Management
Contractual Security Requirements
Enterprise and Information Risk Management
Third Party Management Recommendations
Supply chain examination
Use of Cost Savings for Cloud
Legal Issues: Contracts and Electronic Discovery
Consideration of cloud-related issues in three dimensions
Jurisdictions and data locations
Liability for activities of subcontractors
Due diligence responsibility
Federal Rules of Civil Procedure and electronically stored information
Compliance and Audit Management
Definition of Compliance
Right to audit
Compliance impact on cloud contracts
Audit scope and compliance scope
Compliance analysis requirements
Information Management and Data Security
Six phases of the Data Security Lifecycle and their key elements
Logical vs physical locations of data
Three valid options for protecting data
Data Loss Prevention
Detection Data Migration to the Cloud
Encryption in IaaS, PaaS and SaaS
Database Activity Monitoring and File Activity Monitoring
Interoperability and Portability
Definitions of Portability and Interoperability
Virtualization impacts on Portability and Interoperability
SAML and WS-Security
Size of Data Sets
Lock-In considerations by IaaS, PaaS and SaaS delivery models
Mitigating hardware compatibility issues
Traditional Security, Business Continuity, and Disaster Recovery
Four D’s of perimeter security
Cloud backup and disaster recovery services
Customer due diligence related to BCM/DR
Business Continuity Management/Disaster Recovery due diligence
Physical location of cloud provider
Data Center Operations
Relation to Cloud Controls Matrix
Queries run by data center operators
Technical aspects of a Provider’s data center operations for customers
Logging and report generation in multi-site clouds
Factor allowing for more efficient and effective containment and recovery in a cloud
Main data source for detection and analysis of an incident
Investigating and containing an incident in an Infrastructure as a Service
Reducing the occurrence of application level incidents
How often should incident response testing occur
Offline analysis of potential incidents
Identity, entitlement, and access management (IdEA)
SDLC impact and implications
Differences in S-P-I models
Consideration when performing a remote vulnerability test of a cloud-based
Categories of security monitoring for applications
Encryption and Key Management
Adequate encryption protection of data in the cloud
Key management best practices, location of keys, keys per user
Relationship to tokenization, masking and cloud database controls
Identity, Entitlement, and Access Management
Relationship between identities and attributes
Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
SAML and WS-Federation
Provisioning and authoritative sources
Security concerns for hypervisor architecture
VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
In-Motion VM characteristics that can create a serious complexity for audits
How can virtual machine communications bypass network security controls
VM attack surfaces
Compartmentalization of VMs
Security as a Service
Barriers to developing full confidence in security as a service (SECaaS)
Deployment of Security as a Service in a regulated industry prior SLA
Logging and reporting implications
How can web security as a service be deployed
What measures do Security as a Service providers take to earn the trust of their customers
ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
Economic Denial of Service
Five key legal issues common across all scenarios
Top security risks in ENISA research
Underlying vulnerability in Loss of Governance
User provisioning vulnerability
Risk concerns of a cloud provider being acquired
Security benefits of cloud
Data controller vs data processor definitions in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring.
Once you successfully pass the programme, you will receive a Certificate in Cloud Security from CMIT.
You may optionally take an online exam to receive CCSK certification. This is assessed through a computer-based multiple choice exam. Exam fees are not included in the course price.
Broadband internet connection.
Browser – we recommend Chrome or Safari for Tablet or Apple Mac; and Firefox or Internet Explorer for PC hardware.
Operating System – PC (Windows XP, Vista, 7 or 8), Mac or Android.
You may optionally take exams to receive CCSK Certification. This is assessed through computer-based multiple choice exams (CSA-CCSK). Exam fees are not included in the course price.