Overview
Course Description
Thank you for reading this post, don't forget to subscribe!This course is the most comprehensive review of cloud security concepts and industry best practices covering the six domains of the (ISC)2 Common Body of Knowledge (CBK®). You will gain knowledge in identifying the types of controls necessary to administer various levels of confidentiality, integrity, and availability, with regard to securing data in the cloud. You will identify the virtual and physical components of the cloud infrastructure with regard to risk management analysis, including tools and techniques necessary for maintaining a secure cloud infrastructure. You will gain an understanding in cloud software assurance and validation, utilizing secure software, and the controls necessary for developing secure cloud environments. You will identify privacy issues and audit processes utilized within a cloud environment, including auditing controls, assurance issues, and the specific reporting attributes.
Audience Profile
- Anyone whose position requires CCSP certification
- Individuals whose responsibilities involve procuring, securing, and managing cloud environments or purchased cloud services
Prerequisites
Experienced information security professionals with at least five years of IT experience, including three years of information security and at least one year of cloud security experience.
Course Objectives
Upon completing this course, the participants will gain valuable knowledge and skills including the ability to:
- Successfully pass the CCSP exam
- Understand the fundamentals of the cloud computing architecture framework
- Understand security challenges associated with different types of cloud services
- Identify and evaluate security risks for their organization’s cloud environments
- Select and implement appropriate controls to ensure secure implementation of cloud services
Thoroughly understand the 6 essential core domains of the CCSP common body of knowledge:
- Architectural Concepts & Design Requirements
- Cloud Data Security
- Cloud Platform & Infrastructure Security
- Cloud Application Security
- Operations
- Legal & Compliance
Course Outline
Course Outline
1. Architecture Concepts and Design Requirements
- Cloud Computing Concepts
- Cloud Reference Architecture
- Security Concepts Relevant to Cloud Computing
- Design Principles of Secure Cloud Computing
- Trusted Cloud Services
2. Cloud Data Security
- Cloud Data Lifecycle
- Design and Implement Cloud Data Storage Architectures
- Design and Apply Data Security Strategies
- and Implement Data Discovery and Classification Technologies
- Design and Implement Data Rights Management
- Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PIN)
- Plan and Implement Data Retention, Deletion, and Archiving Policies
- Design and Implement Auditability, Traceability, and Accountability of Data Events
3. Cloud Platform and Infrastructure Security
- Cloud Infrastructure Components
- Risks Associated to Cloud Infrastructure
- Design and Plan Security Controls
- Plan Disaster Recovery and Business Continuity Management
4. Cloud Application Security
- Need for Training and Awareness in Application Security
- Cloud Software Assurance and Validation
- Use Verified Secure Software
- Software Development Life-Cycle (SDLC) Process
- Apply the Software Development Life-Cycle
- Specifics of Cloud Application Architecture
- Design Appropriate Identity and Access Management (IAM) Solutions
5. Operations
- Support the Planning Process for the Data Center Design
- Implement and Build Physical Infrastructure for Cloud Environment
- Run Physical Infrastructure for Cloud Environment
- Manage Physical Infrastructure for Cloud Environment
- Build Logical Infrastructure for Cloud Environment
- Run Logical Infrastructure for Cloud Environment
- Manage Logical Infrastructure for Cloud Environment
- Ensure Compliance with Regulations and Controls (ITIL, ISO/IEC 20000-I)
- Conduct Risk Assessment to Logical and Physical Infrastructure
- Collection, Acquisition, and Preservation of Digital Evidence
- Manage Communication with Relevant Parties
6. Legal and Compliance
- Legal Requirements and Unique Risks within the Cloud Environment
- Privacy Issues, Including Jurisdictional Variation
- Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
- Implications of Cloud to Enterprise Risk Management
- Outsourcing and Cloud Contract Design
- Execute Vendor Management