Cloud Computing Security Knowledge (CCSK)

30 Hours / 12 Months / Self-Paced

Course Overview:

The Cloud Computing Security Knowledge class provides students thorough coverage of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. The course begins with a detailed description of cloud computing and then expands into all major domains such as; Governance and Risk Management, the Cloud Architectural Framework and Business Continuity/Disaster Recovery.

This course includes:
  • Visual Demonstrations & Multimedia Presentations
  • Quizzes & Exam Simulators
  • Social Learning & Networking
  • Flash Cards & Educational Games
  • Enhanced Navigation and Controls

This course prepares the student to take the CSA Cloud Computing Security Knowledge (CCSK) certification exam.

Course Outline:

Lesson 1: Architecture
  • NIST Definitions
  • Essential Characteristics
  • Service Models
  • Deployment Models
  • Multi-Tenancy
  • CSA Cloud Reference Model
  • Jericho Cloud Cube Model
  • Cloud Security Reference Model
  • Cloud Service Brokers
  • Service Level Agreements
Lesson 2: Governance and Enterprise Risk Management
  • Contractual Security Requirements
  • Enterprise and Information Risk Management
  • Third Party Management Recommendations
  • Supply chain examination
  • Use of Cost Savings for Cloud
Lesson 3: Legal Issues: Contracts and Electronic Discovery
  • Consideration of cloud-related issues in three dimensions
  • eDiscovery considerations
  • Jurisdictions and data locations
  • Liability for activities of subcontractors
  • Due diligence responsibility
  • Federal Rules of Civil Procedure and electronically stored information
  • Metadata
  • Litigation hold
Lesson 4: Compliance and Audit Management
  • Definition of Compliance
  • Right to audit
  • Compliance impact on cloud contracts
  • Audit scope and compliance scope
  • Compliance analysis requirements
  • Auditor requirements
Lesson 5: Information Management and Data Security
  • Six phases of the Data Security Lifecycle and their key elements
  • Volume storage
  • Object storage
  • Logical vs physical locations of data
  • Three valid options for protecting data
  • Data Loss Prevention
  • Detection Data Migration to the Cloud
  • Encryption in IaaS, PaaS & SaaS
  • Database Activity Monitoring and File Activity Monitoring
  • Data Backup
  • Data Dispersion
  • Data Fragmentation
Lesson 6: Interoperability and Portability
  • Definitions of Portability and Interoperability
  • Virtualization impacts on Portability and Interoperability
  • SAML and WS-Security
  • Size of Data Sets
  • Lock-In considerations by IaaS, PaaS & SaaS delivery models
  • Mitigating hardware compatibility issues
Lesson 7: Traditional Security, Business Continuity, and Disaster Recovery
  • Four D’s of perimeter security
  • Cloud backup and disaster recovery services
  • Customer due diligence related to BCM/DR
  • Business Continuity Management/Disaster Recovery due diligence
  • Restoration Plan
  • Physical location of cloud provider
Lesson 8: Data Center Operations
  • Relation to Cloud Controls Matrix
  • Queries run by data center operators
  • Technical aspects of a Provider’s data center operations for customers
  • Logging and report generation in multi-site clouds
Lesson 9: Incident Response
  • Factor allowing for more efficient and effective containment and recovery in a cloud
  • Main data source for detection and analysis of an incident
  • Investigating and containing an incident in an Infrastructure as a Service environment
  • Reducing the occurrence of application level incidents
  • How often should incident response testing occur
  • Offline analysis of potential incidents
Lesson 10: Application Security
  • Identity, entitlement, and access management (IdEA)
  • SDLC impact and implications
  • Differences in S-P-I models
  • Consideration when performing a remote vulnerability test of a cloud-based application
  • Categories of security monitoring for applications
  • Entitlement matrix
Lesson 11: Encryption and Key Management
  • Adequate encryption protection of data in the cloud
  • Key management best practices, location of keys, keys per user
  • Relationship to tokenization, masking, anonymization and cloud database controls
Lesson 12: Identity, Entitlement, and Access Management
  • Relationship between identities and attributes
  • Identity Federation
  • Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
  • SAML and WS-Federation
  • Provisioning and authoritative sources
Lesson 13: Virtualization
  • Security concerns for hypervisor architecture
  • VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
  • In-Motion VM characteristics that can create a serious complexity for audits
  • How can virtual machine communications bypass network security controls
  • VM attack surfaces
  • Compartmentalization of VMs
Lesson 14: Security as a Service
  • 10 categories
  • Barriers to developing full confidence in security as a service (SECaaS)
  • Deployment of Security as a Service in a regulated industry prior SLA
  • Logging and reporting implications
  • How can web security as a service be deployed
  • What measures do Security as a Service providers take to earn the trust of their customers
  • ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
  • Isolation failure
  • Economic Denial of Service
  • Licensing Risks
  • VM hopping
  • Five key legal issues common across all scenarios
  • Top security risks in ENISA research
  • OVF
  • Underlying vulnerability in Loss of Governance
  • User provisioning vulnerability
  • Risk concerns of a cloud provider being acquired
  • Security benefits of cloud
  • Risks
  • Data controller vs data processor definitions in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring

All necessary materials are included.

Certification(s):

This course prepares the student to take the CSA Cloud Computing Security Knowledge (CCSK) certification exam.


System Requirements:

Internet Connectivity Requirements:
  • Cable and DSL internet connections are recommended.

Hardware Requirements:
  • Minimum Pentium 400 Mhz CPU or G3 Macintosh. 1 GHz or greater CPU recommended.
  • 256MB RAM minimum. 1 GB RAM recommended.
  • 800x600 video resolution minimum. 1025x768 recommended.
  • Speakers/Headphones to listen to Dialogue steaming audio sessions.
  • A microphone to speak in Dialogue streaming audio sessions.
Operating System Requirements:
  • Windows Vista, 7, 8, 8.1, 9, 10
  • Mac OSX 10 or higher.
  • OpenSUSE Linux 9.2 or higher.
Web Browser Requirements:
  • Google Chrome is recommended.
  • Firefox 13.x or greater.
  • Internet Explorer 6.x or greater.
  • Safari 3.2.2 or greater.
Software Requirements:
  • Adobe Flash Player 6 or greater.
  • Oracle Java 7 or greater.
  • Adobe Reader 7 or greater.
Web Browser Settings:
  • Accept Cookies
  • Disable Pop-up Blocker.


**Outlines are subject to change, as courses and materials are updated.**