The Certificate of Cloud Security Knowledge (CCSK)

Course Content

Course will prepare attendees with the knowledge to pass the CCSK exam, a widely recognized standard of expertise and the industry’s primary benchmark for measuring cloud security skillsets.

Course Duration

3 Days

Who is this course for?

The CCSK course is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, system administrators and security professionals with at least 5 years of experience.

After completing this course, the student will be able to:

  • Validate the competence gained through experience in cloud security
  • Prepare for the CCSK exam
  • Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
  • Differentiate oneself from other candidates for desirable employment in the fast-growing cloud security market
  • Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
  • Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environment

Course Syllabus

    • Definitions of Cloud Computing
    • Definitions of Cloud Computing - Service Models
    • Definitions of Cloud Computing - Deployment Models
    • Definitions of Cloud Computing - Reference and Architecture Models
    • Definitions of Cloud Computing - Logical Model
    • Cloud Security Scope, Responsibilities, and Models
    • Areas of Critical Focus in Cloud Security
    • Tools of Cloud Governance
    • Enterprise Risk Management in the Cloud
    • Effects of various Service and Deployment Models
    • Cloud Risk Trade-offs and Tools
    • Legal Frameworks Governing Data Protection and Privacy
    • Legal Frameworks Governing Data Protection and Privacy -Cross-Border Data Transfer
    • Legal Frameworks Governing Data Protection and Privacy - Regional Considerations
    • Contracts and Provider Selection - Contracts
    • Contracts and Provider Selection - Due Diligence
    • Contracts and Provider Selection - Third-Party Audits and Attestations
    • Electronic Discovery
    • Electronic Discovery - Data Custody
    • Electronic Discovery - Data Preservation
    • Electronic Discovery - Data Collection
    • Electronic Discovery - Response to a Subpoena or Search Warrant
    • Compliance in the Cloud
    • Compliance in the Cloud - Compliance impact on cloud contracts
    • Compliance in the Cloud - Compliance scope
    • Compliance in the Cloud - Compliance analysis requirements
    • Audit Management in the Cloud
    • Audit Management in the Cloud - Right to audit
    • Audit Management in the Cloud - Audit scope
    • Audit Management in the Cloud - Auditor requirements
    • Governance Domains
    • Six phases of the Data Security Lifecycle and their key elements
    • Data Security Functions, Actors and Controls
    • Business Continuity and Disaster Recovery in the Cloud
    • Architect for Failure
    • Management Plan Security
    • Cloud Network Virtualisation
    • Security Changes with Cloud Networking
    • Challenges of Virtual Appliances
    • SDN Security Benefits
    • Micro-segmentation and the Software Defined Perimeter
    • Hybrid Cloud Considerations
    • Cloud Compute and Workload Security
    • Major Virtualisations Categories
    • Network
    • Storage
    • Containers
    • Incident Response Lifecycle
    • How the Cloud Impacts IR
    • Opportunities and Challenges
    • Secure Software Development Lifecycle
    • How Cloud Impacts Application Design and Architectures
    • The Rise and Role of DevOps
    • Data Security Controls
    • Cloud Data Storage Types
    • Managing Data Migrations to the Cloud
    • Securing Data in the Cloud
    • IAM Standards for Cloud Computing
    • Managing Users and Identities
    • Authentication and Credentials
    • Entitlement and Access Management
    • Potential Benefits and Concerns of SecaaS
    • Major Categories of Security as a Service Offerings
    • Big Data
    • Internet of Things
    • Mobile
    • Serverless Computing