Certificate of Cloud Security Knowledge (CCSK course)
- Course Fee: €395
- Exam fees are not included in the course price. Click here for exam information.
- Approved eLearning course leading to certification from CSA
- Students have 12 months to work at their own pace, and can start at any time of year.
- Click here to Enrol for this course online now
- Click here to Request a Prospectus
Course Details
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.
The Certificate of Cloud Security Knowledge CCSK course provides students with thorough coverage of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. The course begins with a detailed description of cloud computing and then expands into all major organisations such as; Governance and Risk Management, the Cloud Architectural Framework and Business Continuity/Disaster. The CCSK is an examination testing for a broad foundation of knowledge about cloud security, with topics ranging from architecture, governance, compliance, operations, encryption, virtualization and much more. The body of knowledge for the CCSK examination is the CSA Security Guidance for Critical Areas of Focus in Cloud Computing V3, English language version, and the ENISA report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”.
This course includes the following features:
- Instructor-led demonstrations and visual presentations to develop your skills based on real-world scenarios.
- Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
- FlashCards and Education Games are also provided throughout the course.
- Practice exams prepare you for your exams. These exams are on average 100 questions to ensure you are 100% prepared if you are taking a certification exam.
- You can also interact and collaborate with other students through our forums, student contributions and announcement features.
Who should complete this CCSK course?
- IT Managers, IT Security personnel, Programmers and Developers, IT Security Managers.
- People considering a career in IT Security Management.
Entry Requirements / Prerequisites
- None.
- For technical requirements required to access CMIT eLearning click here>
- For more details on the suitability of this course click here>
How CMIT eLearning Works…
Topics covered in this CCSK course
Architecture
- NIST Definitions
- Essential Characteristics
- Service Models
- Deployment Models
- Multi-Tenancy
- CSA Cloud Reference Model
- Jericho Cloud Cube Model
- Cloud Security Reference Model
- Cloud Service Brokers
- Service Level Agreements
Governance and Enterprise Risk Management
- Contractual Security Requirements
- Enterprise and Information Risk Management
- Third-Party Management Recommendations
- Supply chain examination
- Use of Cost Savings for Cloud
Legal Issues: Contracts and Electronic Discovery
- Consideration of cloud-related issues in three dimensions
- eDiscovery considerations
- Jurisdictions and data locations
- Liability for activities of subcontractors
- Due diligence responsibility
- Federal Rules of Civil Procedure and electronically stored information
- Metadata
- Litigation hold
- Compliance and Audit Management
- Definition of Compliance
- Right to audit
Compliance impact on cloud contracts
- Audit scope and compliance scope
- Compliance analysis requirements
- Auditor requirements
Information Management and Data Security
- Six phases of the Data Security Lifecycle and their key elements
- Volume storage
- Object storage
- Logical vs physical locations of data
- Three valid options for protecting data
- Data Loss Prevention
- Detection Data Migration to the Cloud
- Encryption in IaaS, PaaS & SaaS
- Database Activity Monitoring and File Activity Monitoring
- Data Backup
- Data Dispersion
- Data Fragmentation
Interoperability and Portability
- Definitions of Portability and Interoperability
- Virtualization impacts on Portability and Interoperability
- SAML and WS-Security
- Size of Data Sets
- Lock-In considerations by IaaS, PaaS & SaaS delivery models
- Mitigating hardware compatibility issues
Traditional Security, Business Continuity, and Disaster Recovery
- Four D’s of perimeter security
- Cloud backup and disaster recovery services
- Customer due diligence related to BCM/DR
- Business Continuity Management/Disaster Recovery due diligence
- Restoration Plan
- Physical location of cloud provider
Data Center Operations
- Relation to Cloud Controls Matrix
- Queries run by data centre operators
- Technical aspects of a Provider’s data centre operations for customers
- Logging and report generation in multi-site clouds
Incident Response
- Factor allowing for more efficient and effective containment and recovery in a cloud
- Main data source for detection and analysis of an incident
- Investigating and containing an incident in an Infrastructure as a Service
- environment
- Reducing the occurrence of application-level incidents
- How often should incident response testing occur
- Offline analysis of potential incidents
Application Security
- Identity, entitlement, and access management (IdEA)
- SDLC impact and implications
- Differences in S-P-I models
- Consideration when performing a remote vulnerability test of a cloud-based
- application
- Categories of security monitoring for applications
- Entitlement matrix
Encryption and Key Management
- Adequate encryption protection of data in the cloud
- Key management best practices, location of keys, keys per user
- Relationship to tokenization, masking and cloud database controls
Identity, Entitlement, and Access Management
- Relationship between identities and attributes
- Identity Federation
- Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
- SAML and WS-Federation
- Provisioning and authoritative sources
Virtualization
- Security concerns for hypervisor architecture
- VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
- In-Motion VM characteristics that can create a serious complexity for audits
- How can virtual machine communications bypass network security controls
- VM attack surfaces
- Compartmentalization of VMs
Security as a Service
- 10 categories
- Barriers to developing full confidence in security as a service (SECaaS)
- Deployment of Security as a Service in a regulated industry prior SLA
- Logging and reporting implications
- How can web security as a service be deployed
- What measures do Security as a Service providers take to earn the trust of their customers
- ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
- Isolation failure
- Economic Denial of Service
- Licensing Risks
- VM hopping
- Five key legal issues common across all scenarios
- Top security risks in ENISA research
- OVF
- Underlying vulnerability in Loss of Governance
- User provisioning vulnerability
- Risk concerns of a cloud provider being acquired
- Security benefits of cloud
- Risks
- Data controller vs data processor definitions in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring
Assessment
- Once you successfully pass the CCSK course, you will receive a Certificate of Cloud Security Knowledge from CMIT.
- You may optionally take exams to receive certification. Exam fees are not included in the course price. Click here for exam information.
Technical Requirements
- Broadband internet connection of at least 10Mbps.
- Browser – we recommend Chrome or Safari for Tablet or Apple Mac; and Firefox or Internet Explorer for PC hardware.
- Operating System – PC (Windows 7 or later), Mac or Android.
Accreditation
- You may optionally take exams to receive CCSK certification.
- Click here for Accreditation Details