Untitled design 12 e1776314108607

Certificate of Cloud Security Knowledge Plus (CCSK)

Build on CCSK with expanded material and AWS hands-on labs, applying your knowledge to a real-world cloud migration scenario.

Category:

Upon completion of the training, students will be able to:

  • Get hands-on experience securing an organization in the cloud.
  • Prepare to earn the widely recognized standard of expertise for cloud security, the Certificate of Cloud
    Security Knowledge (CCSK).
  • Learn and practice applying the knowledge from all 12 domains of the CSA Security Guidance v5.

There is no official work experience or prior qualification is required. However, it is helpful for
participants to have at least a basic understanding of security fundamentals such as firewalls,
secure development, encryption, and identity and access management.

The CCSK is designed for IT Professionals working in Cloud Computing. Security staff and other
technical professionals, including developers, IT operations, audit/compliance professionals, sales
and solution engineers, and product marketers, benefit from its well-rounded view of cloud security.

1.1 – Cloud Computing
  • Defining Cloud Computing
  • Abstraction & Orchestration
1.2 – Model of Cloud Computing
  • Essential Characteristics of Cloud
  • Cloud Service Models
  • Cloud Deployment Models
1.3 – Reference & Architecture Models
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Anything as a Service (XaaS)
  • CSA Enterprise Architecture Model
  • Shared Security Responsibility Model
  • CSA CAIQ & CCM
1.4 – Frameworks, Patterns, & Models
  • CSA Recommendations
  • Simple Cloud Security Process Model
2.1 – Governance
  • Cloud Governance
  • Cloud Adoption & Governance
  • Cloud Governance Complexities
  • Effective Cloud Governance
2.2 – The Governance Hierarchy
  • Collect Foundational Governance Guidelines
  • Build a Cloud Registry
  • Framework
  • Policies & Scope
  • Cloud Security Control Objectives
  • Cloud Shared Responsibility Model & Trust
2.3 – Strategies & Concepts with Governance Implications
  • DevOps
  • Zero Trust
  • AI & Machine Learning
3.1 – Risk, Audit, & Compliance
  • Cloud Risks
  • Understanding Cloud Risk Management
  • Assessing Cloud Services
  • The Cloud Risk Register
  • Risk Assessments, Threat Intelligence, & Modeling
3.2 – Compliance & Audit
  • Cloud Relevant Laws & Regulations Examples
  • Compliance Inheritance
  • Jurisdictions
  • Cloud Assurance Mechanisms
  • Artifacts of Compliance
3.3 – Governance, Risk, Compliance Tools & Technologies
  • Non-Tech Tools
  • Technology-Based Tools
4.1 – Organization, Tenancy, & Enterprise Management
  • Definitions
  • Strategic Organization Security Objectives
  • Organization Capabilities Within a Cloud Provider
  • Building a Hierarchy Within a Provider
4.2 – Managing Organization-Level Security within a Provider
  • Identity Provider & User/Group/Role Mappings
  • Cloud Service Provider (Organization) Policies
  • Common Organization Shared Services
  • Cloud Security Posture Management (CSPM) and CNAPP
4.3 – Considerations for Hybrid & Multi-Cloud Deployments
  • Organization Management for Hybrid Cloud Security
  • Complexity From Hybrid Cloud Sprawl
  • Organization Management for Multi-Cloud Security
  • Organization Management for IaaS/PaaS Multi-Cloud
  • Organization Management for SaaS Hybrid & Multi-Cloud
  • Zero Trust Security Strategy for Hybrid & Multi-Cloud
5.1 – Identity & Access Management
  • How Cloud Impacts IAM
  • Fundamental Terms
5.2 – Common Federation Standards
  • How Federated Identity Management Works
  • Managing Users & Identities for Cloud
5.3 – Authentication & Credentials
  • Entitlement & Access Management
  • Conditional Access, Tokens, & IAM Perimeter Management
  • Managing Privileged Access in Cloud
  • IAM Policy Types
5.4 – Least Privilege & Automation
  • Identity & Zero Trust
  • Customer Identities
6.1 – Cloud Monitoring
  • Cloud Security Complexity
  • Logs & Events
  • Alerting & Monitoring
  • Timeliness of Logs & Alerts
  • Monitoring Key Indicators
6.2 – Cloud Telemetry Sources
  • Management Plane Logs
  • Service & Application Logs
  • Resource Logs
  • Cloud Native Tools
  • CSP Security Tools & Container Monitoring Tools
6.3 – Collection Architectures
  • Log Storage & Retention
  • Cascading Log Architecture
  • Cloud Security Monitoring Strategy Guidance
  • Security Data Lake
6.4 – Detection Paths
  • Comparing Different Tools for Detection
  • Security Monitoring & Analysis in Practice
  • Cloud Detection & Response
  • Advanced Monitoring: Canaries & Honey Tokens
  • Generative AI for Security Monitoring
7.1 – Cloud Infrastructure Security
  • Infrastructure Security Foundation
  • CSP Infrastructure Security Responsibilities
  • Infrastructure as Code (IaC)
  • Cloud Migration Strategies
7.2 – Cloud Network Fundamentals
  • Security Benefits of SDN
  • Example: Minimum Viable Network
  • Common SDN-Based Cloud Network Components
  • Cloud Network Security Groups
  • Cloud Network Security & Secure Architectures
  • Security Measures
  • Container Networking
7.3 – Connecting to Resources
  • Connecting Virtual Networks Within a Provider
  • Connecting to Datacenters & Between Providers
7.4 – Zero Trust Conceptual Architecture
  • Zero Trust for Cloud Infrastructure & Networks
  • Foundational ZT Concepts & Components
  • Software Defined Perimeter & Zero Trust Network Architecture
  • SASE: Secure Access Service Edge
8.1 – Cloud Workload Security
  • Workloads Types
  • Cloud Workloads: Short & Long Running
  • Short vs. Long Running Workloads
  • Impact of Cloud on Traditional Workload Security
  • Software Composition Analysis (SCA)
  • Software Bill of Materials (SBOM)
8.2 – Cloud Virtual Machine Security
  • Virtual Machine Image Security
  • Vulnerability Management for VMs
  • Creating an Image Factory
  • Snapshots & Security Risks
8.3 – Securing Container Workloads
  • Container Orchestration Systems
  • Container Orchestration Security
  • Managing Container Vulnerabilities
  • Runtime Protection for Containers
8.4 – Best Practices for Securing PaaS
  • Securing Specific PaaS Services
8.5 – Function as a Service or Serverless
  • Serverless Security Issues
  • Securing Serverless
8.6 – AI Workload – Specific Threats
  • Dealing with AI-Workload Attacks
9.1 – Data Classification
  • Data States
  • Major Cloud Storage Types
  • Data Security Toolset
9.2 – Access Controls
  • Access Policies
  • Cloud Data Encryption Layers
  • Cloud Data Encryption Strategies
  • Confidential Computing
  • Key Management Service & Bring Your Own Key
  • Encryption Recommendations
9.3 – Cloud Data Loss Prevention
  • Data Security Posture Management (DSPM)
  • Object Storage Security Concerns
  • Cloud Database Security
9.4 – Data Lake Security
  • Data Lake Security
9.5 – Data Security for AI (Artificial Intelligence)
  • Data Security for AI
10.1 – Attack Vectors
  • Agile Processes & Automation
  • Provider & Service Impact on Security Design
10.2 – Secure Development Lifecycle
  • CSA Secure Software Development Lifecycle
  • Threat Modeling Example
  • Secure Design & Development
  • Testing: Pre-Deployment
  • Testing: Post Deployment
10.3 – Cloud Impacts on Architecture-Level Security
  • Cloud Impacts on Application Design & Architecture
  • Infrastructure as Code & Application Security
  • Best Practices for API Security
  • Setting Permissions on Application Components
  • Secrets Management
  • Secrets Management Deployment Models
10.4 – DevSecOps
  • The Six Pillars of DevSecOps
  • DevSecOps in Practice
10.5 – Containerized & Serverless Application Considerations
  • Container Considerations
  • Serverless Considerations
11.1 – Incidents Response
  • The Incident Response Process
  • Adapting the Preparation Phase for Cloud
  • Provider Response Assistance
  • Training for Cloud Incident Responders
  • Updates to Processes
  • Enable Responder Access
  • Technology Support to Cloud Incident Response
  • Runbooks & Playbooks
11.2 – Detection & Analysis
  • Building Cloud-Native Detectors
  • Supporting Analysis
  • Analysis Priorities: RECIPE PICKS
  • Cloud System Forensics
  • Container & Serverless Considerations
11.3 – Containment Priorities
  • Eradication
  • Recovery
11.4 – Post Incident Analysis
  • Post Incident Analysis
11.5 – Cloud Resiliency Levels
  • Resiliency Tools for IaaS/PaaS
  • Resiliency for SaaS
12.1 – Zero Trust
  • Technical Objectives
  • Business Objectives
  • Zero Trust Maturity Model
  • Five Steps of Zero Trust
  • ZT & Cloud Security
12.2 – Artificial Intelligence & Cloud Security
  • AI Enhanced Security Tools
12.3 – Cloud Threat and Vulnerability Management
  • Updating Threat Management for Cloud
  • Cloud Threat Intelligence Sources
Core Account Security
  • Learn what to configure in the first 5 minutes of opening a new cloud account
  • Enable security controls such as MFA, basic monitoring, and IAM
IAM & Monitoring In-Depth
  • Expand on your work from the first lab
  • Implement more complex identity management and monitoring
  • Expand IAM with Attribute Based Access Controls
  • Implement security alerting
  • Understand how to structure enterprise-scale IAM and monitoring
Network & Instance Security
  • Create a virtual network (VPC) and implement baseline security configuration
  • Securely select and launch a virtual machine (instance)
  • Run a vulnerability assessment in the cloud
  • Connect to the instance
Encryption & Storage Security
  • Expand your deployment by adding a storage volume encrypted with a customer managed key
  • Learn how to secure snapshots and other data
Application Security & Federation
  • Finish the technical labs by completely building out a 2-tier application
  • Implement federated identity using OpenID
Risk & Provider Assessment
  • Practice using the CSA Cloud Controls Matrix and STAR registry
  • Evaluate risk and select a cloud provider
Length of exam 2 hours
Number of questions 60 questions
Question format Multiple Choice Questions (Open book exam)
Passing grade 80%
Languages English
Testing center Online Proctoring

Description

The CCSK Plus builds on the foundation class with expanded material and offers extensive hands-on
activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional
organization securely into the cloud, which gives them the opportunity to apply their knowledge by
performing a series of activities that would be required in a real-world environment. Labs are available in
AWS.

Related Courses