Cloud Computing Security Knowledge (CCSK) Preparation Course

Cloud Computing Security Knowledge (CCSK) Preparation Course

The CCSK course is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, system administrators, security professionals with at least 5 years of experience

After completing this course, the student will be able to:

• Validate their competence gained through experience in cloud security
• Prepare for the CCSK exam.
• Demonstrate their technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
• Differentiate themselves from other candidates for desirable employment in the fast-growing cloud security market
• Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
• Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environmen

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Day 1

1. Cloud Computing Concepts and Architecture

a) Definitions of Cloud Computing

• Service Models
• Deployment Models
• Reference and Architecture Models
• Logical Mode

b) Cloud Security Scope, Responsibilities, and Models

c) Areas of Critical Focus in Cloud Security

2. Governance and Enterprise Risk Management

a) Tools of Cloud Governance

b) Enterprise Risk Management in the Cloud

c) Effects of various Service and Deployment Models

d) Cloud Risk Trade-offs and Tools

3. Legal Issues, Contracts and Electronic Discovery

a) Legal Frameworks Governing Data Protection and Privacy

• Cross-Border Data Transfer
• Regional Considerations

b) Contracts and Provider Selection

• Contracts
• Due Diligence
• Third-Party Audits and Attestations

c) Electronic Discovery

• Data Custody
• Data Preservation
• Data Collection
• Response to a Subpoena or Search Warrant

4. Compliance and Audit Management

a) Compliance in the Cloud

• Compliance impact on cloud contracts
• Compliance scope
• Compliance analysis requirements

b) Audit Management in the Cloud

• Right to audit
• Audit scope
• Auditor requirements

Day 2

 5. Information Governance

a) Governance Domains

b) Six phases of the Data Security Lifecycle and their key elements

c) Data Security Functions, Actors and Controls

6. Management Plane and Business Continuity

a) Business Continuity and Disaster Recovery in the Cloud

b) Architect for Failure

c) Management Plane Security

7. Infrastructure Security

a) Cloud Network Virtualization

b) Security Changes with Cloud Networking

c) Challenges of Virtual Appliances

d) SDN Security Benefits

e) Micro-segmentation and the Software Defined Perimeter

f) Hybrid Cloud Considerations

g) Cloud Compute and Workload Security

8. Virtualization and Containers

a) Major Virtualizations Categories

b) Network

c) Storage

d) Containers

Day 3

9. Incident Response

a) Incident Response Lifecycle

b) How the Cloud Impacts IR

10. Application Security

a) Opportunities and Challenges

b) Secure Software Development Lifecycle

c) How Cloud Impacts Application Design and Architectures

d) The Rise and Role of DevOps

11. Data Security and Encryption

a) Data Security Controls

b) Cloud Data Storage Types

c) Managing Data Migrations to the Cloud

d) Securing Data in the Cloud

12. Identity, Entitlement, and Access Management

a) IAM Standards for Cloud Computing

b) Managing Users and Identities

c) Authentication and Credentials

d) Entitlement and Access Management

13. Security as a Service

a) Potential Benefits and Concerns of SecaaS

b) Major Categories of Security as a Service Offerings

14. Related Technologies

a) Big Data

b) Internet of Things

c) Mobile

d) Serverless Computing