Topics covered in this CCSK course

Architecture

• NIST Definitions
• Essential Characteristics
• Service Models
• Deployment Models
• Multi-Tenancy
• CSA Cloud Reference Model
• Jericho Cloud Cube Model
• Cloud Security Reference Model
• Cloud Service Brokers
• Service Level Agreements

Governance and Enterprise Risk Management

• Contractual Security Requirements
• Enterprise and Information Risk Management
• Third-Party Management Recommendations
• Supply chain examination
• Use of Cost Savings for Cloud

Legal Issues: Contracts and Electronic Discovery

• Consideration of cloud-related issues in three dimensions
• eDiscovery considerations
• Jurisdictions and data locations
• Liability for activities of subcontractors
• Due diligence responsibility
• Federal Rules of Civil Procedure and electronically stored information
• Metadata
• Litigation hold
• Compliance and Audit Management
• Definition of Compliance
• Right to audit

Compliance impact on cloud contracts

• Audit scope and compliance scope
• Compliance analysis requirements
• Auditor requirements

Information Management and Data Security

• Six phases of the Data Security Lifecycle and their key elements
• Volume storage
• Object storage
• Logical vs physical locations of data
• Three valid options for protecting data
• Data Loss Prevention
• Detection Data Migration to the Cloud
• Encryption in IaaS, PaaS & SaaS
• Database Activity Monitoring and File Activity Monitoring
• Data Backup
• Data Dispersion
• Data Fragmentation

Interoperability and Portability

• Definitions of Portability and Interoperability
• Virtualization impacts on Portability and Interoperability
• SAML and WS-Security
• Size of Data Sets
• Lock-In considerations by IaaS, PaaS & SaaS delivery models
• Mitigating hardware compatibility issues

Traditional Security, Business Continuity, and Disaster Recovery

• Four D’s of perimeter security
• Cloud backup and disaster recovery services
• Customer due diligence related to BCM/DR
• Business Continuity Management/Disaster Recovery due diligence
• Restoration Plan
• Physical location of cloud provider

Data Center Operations

• Relation to Cloud Controls Matrix
• Queries run by data centre operators
• Technical aspects of a Provider’s data centre operations for customers
• Logging and report generation in multi-site clouds

Incident Response

• Factor allowing for more efficient and effective containment and recovery in a cloud
• Main data source for detection and analysis of an incident
• Investigating and containing an incident in an Infrastructure as a Service
• environment
• Reducing the occurrence of application-level incidents
• How often should incident response testing occur
• Offline analysis of potential incidents

Application Security

• Identity, entitlement, and access management (IdEA)
• SDLC impact and implications
• Differences in S-P-I models
• Consideration when performing a remote vulnerability test of a cloud-based
• application
• Categories of security monitoring for applications
• Entitlement matrix

Encryption and Key Management

• Adequate encryption protection of data in the cloud
• Key management best practices, location of keys, keys per user
• Relationship to tokenization, masking and cloud database controls

Identity, Entitlement, and Access Management

• Relationship between identities and attributes
• Identity Federation
• Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
• SAML and WS-Federation
• Provisioning and authoritative sources

Virtualization

• Security concerns for hypervisor architecture
• VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
• In-Motion VM characteristics that can create a serious complexity for audits
• How can virtual machine communications bypass network security controls
• VM attack surfaces
• Compartmentalization of VMs

Security as a Service

• 10 categories
• Barriers to developing full confidence in security as a service (SECaaS)
• Deployment of Security as a Service in a regulated industry prior SLA
• Logging and reporting implications
• How can web security as a service be deployed
• What measures do Security as a Service providers take to earn the trust of their customers
• ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
• Isolation failure
• Economic Denial of Service
• Licensing Risks
• VM hopping
• Five key legal issues common across all scenarios
• Top security risks in ENISA research
• OVF
• Underlying vulnerability in Loss of Governance
• User provisioning vulnerability
• Risk concerns of a cloud provider being acquired
• Security benefits of cloud
• Risks
• Data controller vs data processor definitions in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring

Assessment

• Once you successfully pass the programme(s), you will be able to download a CMIT Digital Certificate of Completion. This can be accessed via the Progress Reports section located on the top right side of your eLearning platform.
• You may optionally take exams to receive certification. Exam fees are not included in the course price. Click here for exam information.

Accreditation

• You may optionally take exams to receive CCSK certification.
• Click here for Accreditation Details