Full program description
Certificate of Cloud Security Knowledge (CCSK)
NTUC LearningHub Course Code: CCSK
As enterprises and consumers move greater amounts of sensitive information to the cloud, employers struggle to find information security leaders who have the necessary breadth and depth of knowledge to establish cloud security programs protecting sensitive information. The CCSK lets the marketplace know you are ready for the challenge with the first credential dedicated to cloud security, offered by the worlds thought leader in cloud security.
The CCSK certificate is widely recognized as the standard of expertise for cloud security and provides you with the foundations you need to secure data in the cloud. How you choose to build on that knowledge is your choice.
Over the first two days of the class, our authorized instructor will guide you through the official courseware developed by the Cloud Security Alliance (CSA). This course begins with the fundamentals, then increases in complexity as it works through all 16 domains of the CSA Security Guidance, recommendations from the European Union Agency for Network & Information Security (ENISA), and an overview of the Cloud Controls Matrix.
On the third and final day, there will be extensive hands-on activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional organization securely into the cloud, which gives them the opportunity to apply their knowledge by performing a series of activities that would be required in a real-world environment.
This course includes one exam voucher for the most current version of the CCSK exam.
Benefits of earning your CCSK:
- Prove your competency in key cloud security issues through an organization that specializes in cloud research.
- Increase employment opportunities by filling the skills-gap for cloud-certified professionals.
- Demonstrate your technical knowledge, skills, and abilities to effectively use controls tailored to the cloud.
- Learn to establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls.
- Complement other credentials such as the CISA, CISSP and CCSP.
Who Should Attend
This course is intended for
- Those who are interested in learning more about cloud computing and security,
- IT professionals hoping to achieve the Certificate of Cloud Security Knowledge (CCSK) credential. This includes but not limited to:
o Professionals Interested in Obtaining the CCSK Credential
o IT Security Professionals
o IT Auditors
o Managers, Directors and Executives
o System Architects
o Compliance Specialists
o Risk Specialists
o Business Analysts
o Business Unit Stakeholders
3 Days / 21 Hours
Module 1. Cloud Architecture
The fundamentals of cloud computing, including definitions, architectures, and the role of virtualization. Key topics include cloud computing service models, delivery models, and fundamental characteristics. It also introduces the Shared Responsibilities Model and a framework for approaching cloud security.
- Unit 1 - Introduction to Cloud Computing
- Unit 2- Introduction & Cloud Architecture
- Unit 3 - Cloud Essential Characteristics
- Unit 4 - Cloud Service Models
- Unit 5 - Cloud Deployment Models
- Unit 6 - Shared Responsibilities
Module 2. Infrastructure Security for Cloud
Delves into the details of securing the core infrastructure for cloud computing- including cloud components, networks, management interfaces, and administrator credentials. It delves into virtual networking and workload security, including the basics of containers and serverless
- Unit 1 - Module Intro
- Unit 2 - Intro to Infrastructure Security for Cloud Computing
- Unit 3 - Software Defined Networks
- Unit 4 - Cloud Network Security
- Unit 5 - Securing Compute Workloads
- Unit 6 - Management Plane Security
- Unit 7 BCDR
Module 3. Managing Cloud Security and Risk
Covers important considerations for managing security for cloud computing. It begins with risk assessment and governance, then covers legal and compliance issues, such as discovery requirements in the cloud. It also covers important CSA risk tools including the CAIQ, CCM, and STAR registry.
- Unit 1 - Module Introduction
- Unit 2 - Governance
- Unit 3 - Managing Cloud Security Risk
- Unit 4 - Legal
- Unit 5 - Legal Issues in Cloud
- Unit 6 - Compliance
- Unit 7 - Audit
- Unit 8 - CSA Tools
Module 4. Data Security for Cloud Computing
Covers information lifecycle management for the cloud and how to apply security controls, with an emphasis on public cloud. Topics include the Data Security Lifecycle, cloud storage models, data security issues with different delivery models, and managing encryption in and for the cloud, including customer managed keys (BYOK).
- Unit 1 - Module Introduction
- Unit 2 - Cloud Data Storage
- Unit 3 - Securing Data in The Cloud
- Unit 4 - Encryption for IaaS
- Unit 5 - Encryption for PaaS & SaaS
- Unit 6 - Encryption Key Management
- Unit 7 - Other Data Security Options
- Unit 8 - Data Security Lifecycle
Module 5. Application Security and Identity Management for Cloud Computing
Covers identity management and application security for cloud deployments. Topics include federated identity and different IAM applications, secure development, and managing application security in and for the cloud.
- Unit 1 - Module Introduction
- Unit 2 - Secure Software Development Life Cycle (SSDLC)
- Unit 3 - Testing & Assessment
- Unit 4 - DevOps
- Unit 5 - Secure Operations
- Unit 6 - Identity & Access Management Definitions
- Unit 7 - IAM Standards
- Unit 8 - IAM In Practice
Module 6. Cloud Security Operations
Key considerations when evaluating, selecting, and managing cloud computing providers. We also discuss the role of Security as a Service providers and the impact of cloud on Incident Response.
- Unit 1 - Module Introduction
- Unit 2 - Selecting A Cloud Provider
- Unit 3 - SECaaS Fundamentals
- Unit 4 - SECaaS Categories
- Unit 5 - Incident Response
- Unit 6 - Domain 14 Considerations
- Unit 7 - CCSK Exam Preparation
Hands-on Lab Activities
Exercise 1: Core Account Security
Students learn what to configure in the first 5 minutes of opening a new cloud account and enable security controls such as MFA, basic monitoring, and IAM.
Exercise 2: IAM and Monitoring In-Depth
Attendees expand their work on the first lab and implement more-complex identity management and monitoring. This includes expanding IAM with Attribute Based Access Controls, implementing security alerting, and understanding how to structure enterprise-scale IAM and monitoring.
Exercise 3: Network and Instance Security
Students create a virtual network (VPC) and implement a baseline security configuration. They also learn how to securely select and launch a virtual machine (instance), run a vulnerability assessment in the cloud, and connect to the instance.
Exercise 4: Encryption and Storage Security
Students expand their deployment by adding a storage volume encrypted with a customer managed key. They also learn how to secure snapshots and other data.
Exercise 5: Application Security and Federation
Students finish the technical labs by completely building out a 2-tier application and implementing federated identity using OpenID.
Exercise 6: Risk and Provider Assessment
Students use the CSA Cloud Controls Matrix and STAR registry to evaluate risk and select a cloud provider
This course will enable participants to:
- Define cloud computing and why you care about it
- Discuss the different components of the cloud computing stack
- Work through the cloud reference model and understand where security fits in
- Understand the components of cloud infrastructure
- Assess the security implications of virtual networks and workloads
- Learn the security advantages and disadvantages of working with cloud infrastructure
- Evaluate how to secure the cloud management plane
- Learn how to manage business continuity for cloud computing
- Tools of governance
- Adjusting risk management for cloud computing
- Legal: jurisdictions, contracts, and eDiscovery
- Compliance and compliance inheritance
- Audit management for cloud computing
- Information governance
- Introduction to the CCM & CAIQ
- Understand different cloud storage models
- Define security issues for data in the cloud
- Assess the role and effectiveness of access controls
- Learn different cloud encryption models
- Understand additional data security options
- Introduce data security lifecycle
- Discover how application security differs in cloud computing
- Review secure software development basics and how those change in the cloud
- Leverage cloud capabilities for more secure cloud applications
- Learn how to select cloud providers
- Understand the advantages & disadvantages of Security as a Service
- Assess the different major Security as a Service categories
- Learn how to respond to security incidents in the cloud
- Understand the security issues of technologies related to cloud computing: Big Data, Mobile, Serverless, IoT
This course is geared towards security professionals but is also useful for anyone looking to expand their knowledge of cloud security. We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management.
Medium of Instruction & Trainer
Medium of instruction: English
Trainer: Trainee Ratio is 1:20
Full Course Fee: $3,950 (before GST) / $4,226.50 (with GST)
Promo Fee (valid until 30 Jun 2020): $3,000 (before GST) / $3,210 (with GST)