Certificate in Cloud Security Knowledge(CCSK+)

No Prerequisites. This course is designed for IT professionals whose roles are/involve:

• Cloud computing
• Cloud migration
• IT and information security management
• Network administration
• Security engineer / tester
• Software developer
• Chief Information Officer (CIO)
• Chief Information Security Officer (CISO)

The hands-on labs in AWS and Azure require participants to activate their free trial accounts with AWS and Azure cloud. This requires participants to enter their payment card details. This is only required if participants want to do hands-on learning on AWS or Azure or both the cloud platforms. Just as a direction, on AWS, the maximum charge is usually under $10 and is NIL (no charge) on Azure if you follow the instructor and course guidelines.

• Understand Cloud architecture
• Understand infrastructure security for the cloud
• Understand managing cloud security and risk
• Understand data security for cloud computing
• Understand application security
• Understand Identity and Access Management (IAM) for cloud computing
• Understand cloud security operations
• Understand how to configure security and enable MFA and basic account monitoring practically
• Understand how to configure virtual networks (VPC) and implement baseline controls practically
• Understand how to enable encryption and storage security practically
• Understand how to implement security federation practically

Applied Learning Outcomes:

Core Account Security

• Learn what to configure in the first 5 minutes of opening a new cloud account and enable security controls such as MFA, basic monitoring, and IAM.

IAM and Monitoring In-Depth

• Expand on your work in the first lab and implement more-complex identity management and monitoring. This includes expanding IAM with Attribute Based Access Controls, implementing security alerting, and understanding how to structure enterprise-scale IAM and monitoring.

Network and Instance Security

• Create a virtual network (VPC) and implement a baseline security configuration. You will also learn how to securely select and launch a virtual machine (instance), run a vulnerability assessment in the cloud, and connect to the instance.

Encryption and Storage Security

• Expand your deployment by adding a storage volume encrypted with a customer managed key. You will also learn how to secure snapshots and other data.

Application Security and Federation

• Finish the technical labs by completely building out a 2-tier application and implementing federated identity using OpenID.

Risk and Provider Assessment

• Practice using the CSA Cloud Controls Matrix and STAR registry to evaluate risk and select a cloud provider.

Day one

Domain: 1 Cloud computing concept and architecture
Domain: 2 Governance & risk management
Domain: 3 Legal issues, contract & e-discovery
Domain: 4 Compliance & audit management

Day two:

Domain: 5 Information governance
Domain: 6 Management plane and business contunity
Domain: 7 Infrastructure security
Domain: 8 Virtualization & containers
Domain: 9 Incident response
Domain: 10 Application security

Day three

Domain 11: Data security & encryption
Domain 12: Identity, entitlement & access management
Domain 13: Security as a service
Domain 14: Related technologies

Lab Exercises

Lab Exercise 1: Core Account Security. Students learn what to configure in the first 5 minutes of opening a new cloud account and enable security controls such as MFA, basic monitoring, and IAM.

Lab Exercise 2: IAM and Monitoring In-Depth. Attendees expand their work on the first lab and implement more-complex identity management and monitoring. This includes expanding IAM with Attribute Based Access Controls, implementing security alerting, and understanding how to structure enterprise-scale IAM and monitoring.

Lab Exercise 3: Network and Instance Security. Students create a virtual network (VPC) and implement a baseline security configuration. They also learn how to securely select and launch a virtual machine (instance), run a vulnerability assessment in the cloud, and connect to the instance.

Lab Exercise 4: Encryption and Storage Security: Students expand their deployment by adding a storage volume encrypted with a customer managed key. They also learn how to secure snapshots and other data.

Lab Exercise 5: Application Security and Federation. Students finish the technical labs by completely building out a 2-tier application and implementing federated identity using OpenID.

Lab Exercise 6: Risk and Provider Assessment. Students use the CSA CCM and STAR registry to evaluate risk and select a cloud provider.

Exam

The CCSK is an open-book, online exam, completed in 90 minutes with 60 multiple-choice questions selected randomly from the CCSK question pool. Delegates will recieve the exam voucher post course, which you will have 2 years to use. The minimum passing score is 80%.