As organizations migrate to the cloud, they need information security professionals who are cloud-savvy. The CCSK certificate is widely recognized as the standard of expertise for cloud security and gives you a cohesive and vendor-neutral understanding of how to secure data in the cloud. The CCSK credential is the foundation to prepare you to earn additional cloud credentials specific to certain vendors or job functions.
This class provides the foundational knowledge needed to utilize cloud services and enables you to gain critical insights into topics such as data security, key management, and identity and access management and speak with confidence about cloud security concerns.
|Contact Hours:||41hr Lecture 31 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
|Text Materials:||labs, SU Pen Testing Materials, resource CD’s and attack handouts|
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Machines a Dual Core 16M Ram, 1TGig drives, running MS OS, linux, and VMWare Workstation.
Who Is This Program For?
Cloud Computing Analyst, Cloud Administrator, Cloud Architect, Cloud Engineer, Enterprise Architect, Security Administrators, Security Architect and Systems Engineer are cloud security job roles.
What you will learn:
Introduction to Information Security within Cloud Computing
Selecting secure cloud services begins with understanding business requirements. This course will teach you to identify and select secure cloud services based upon business requirements.
The Certificate of Cloud Security Knowledge, enables you to gain critical insights into topics such as data security, key management, and identity and access management. You’ll have the skills and knowledge of Managing Cloud Security and Risk needed to reduce risks to an acceptable degree to the business.With an expanding array of cloud services being offered daily it is easy for the inexperienced to lack awareness of security functions in cloud offerings. In this course, Introduction to Information Security within Cloud Computing, you’ll learn to identify and select secure cloud services based upon business requirements. First, you’ll explore the detailed definition of cloud computing. Next, you’ll discover the deployment and service models of cloud computing. Finally, you’ll learn how to use a matrix to review the controls enacted by a cloud provider. When you’re finished with this course, you’ll have the skills and knowledge of, Introduction to Information Security within Cloud Computing needed to select secure cloud services that meet business requirements.
Lesson 1: 8 hr lab and lecture:
- Defining Cloud Computing and Essential Characteristics
- Chapter 13: Security as a Service
- Chapter 14: Related Technologies
- Chapter 15: ENISA Cloud Computing: Benefits, Risks and Recommendations for Security
- Chapter 3: Legal Issues, Contracts, and Electronic Discovery
- Defining Cloud Computing and Essential Characteristics
- Standard Definition of the Cloud
- NIST Definition of Cloud Computing
- ISO IEC 17788: Definition of Cloud Computing
Lesson 2: 10 hr labs and lecture:
- Understanding Cloud Deployment and Service Models
- Chapter 6: Management Plan E and Business Continuity
- Chapter 7: Infrastructure Security
- Cloud Deployment Models
- Cloud Service Models
- CSA’S Logical Model
- M3 C4 Summary
Lesson 3: 16 hrs lab and lecture:
- Establishing a Secure Cloud Architecture
- Chapter 8: Virtualization and Containers
- Chapter 9: Incident Response
- Chapter 10: Application Security
- Chapter 11: Data Security and Encryption
- Chapter 12: Identity, Entitlement, and Access Management
- CSA Enterprise Architecture
- CSA-BOSS Pillar
- CSA–ITOS Pillar
- CSA–Services Pillar
- CSA–Risk Management Pillar
- NIST Cloud Computing Reference Architecture
- Using the Cloud Control Matrix
- Selecting a CSP
- Summary and labs
Lesson 4: 12 lab and lecture:
- Understanding Governance and Enterprise Risk Management in the Cloud
- Chapter 1: Cloud Computing Concepts and Architectures
- Chapter 2: Governance and Enterprise Risk Management
- Understanding Governance and Enterprise Risk Management In the Cloud
- Review of Governance Frameworks Cloud Governance Tools
- Enterprise Risk Management Frameworks
- Risks Related to Service and Deployment Models
- Summary and labs
Lesson 5: 12 lab and lecture:
- Maintaining Compliance and Audit Management in the Cloud
- Appendix A: Cloud Security Lexicon
- Appendix B: Cloud Security Standards and Certifications
- Appendix C: Sample Cloud Policy
- Compliance Objectives
- Industry Specific Compliance
- Cloud Audit Management
- Attestation of Cloud Controls
- Certification of Cloud Controls
Lesson 6: 9 hr lab and lecture:
- Compiling Legal Issues, Contract, and Electronic Discovery
- Chapter 4: Compliance and Audit Management
- Chapter 5: Information Governance
- Common Concerns for Cloud Data Privacy
- Country and Regional Data Privacy Laws
- European Union and European Economic Area
- The Americas
- Electronic Discovery
- Cloud Data Security Lifecycle
Earning the CCSK will provide you with the knowledge to effectively develop a holistic cloud security program relative to globally accepted standards. It covers key areas, including best practices for IAM, cloud incident response, application security, data encryption, SecaaS, securing emerging technologies, and more. If you want to learn more, you can the CCSK guide.
36 hours of in-depth discussion of cloud platform technologies; giving you a look into how the services are built and managed, and the security implications. We will then quickly start building out a sandbox environment and deploying security controls.
Some of the topics and techniques covered will include (at a minimum):
Use of accounts for managing blast radius.
Building out advanced cloud virtual networks.
Leveraging inherent cloud capabilities for network security.
Use of DNS management, auto scale groups, load balancers, and other technologies for immutable infrastructure.
Advanced Identity and Access management for cloud, including setting up SAML federation across providers.
Privileged user management, MFA, and other access essentials.
Securing serverless, PaaS and mixed IaaS/PaaS architectures.
This next 36 hours focuses on designing secure architectures, integrate with evOps, and build your own SecDevOps toolkit for managing cloud security at scale:
Fundamentals of SecDevOps.
Building secure deployment pipelines.
Integrating automated security testing into deployment pipelines.
Cloud security architectural patterns for major application types.
Cloud data security and encryption.
Automating continuous security monitoring and alerting using cloud native capabilities.
Security automation through the console.
Security automation through code.
Scaling your security operations to hundreds (or thousands) of accounts through automation.
Students should have basic familiarity with at least one public cloud provider (Amazon or Azure) and hands-on experience launching and managing basic instances/services. They should also be comfortable with the command line and basic scripting. Additionally we highly encourage students to understand basic Ruby programming for the coding portions. Code snippets will be provided, so students with experience in other languages should be able to keep up. This is a very broad, advanced training that requires a diverse skills set to complete all the labs. Students may fall behind in certain sections due to the rapid pace but the labs can all be completed outside of the training environment if needed. Only about 10% of those who take the class have the background to complete every hands-on portion but we ensure through lecture that everyone gains the needed knowledge.