CSA - Firebrand's training for CSA's Certified Cloud Security Knowledge (CCSK) exam

Curriculum

On this Firebrand Course, you'll cover the following topics:

Domain 1: Cloud Computing Concepts and Architectures

• Defining Cloud Computing
• Definitional Model
• Essential Characteristics
• Service Models
• Deployment Models
• Reference and Architecture Models
• Infrastructure as a Service
• Platform as a Service
• Software as a Service
• Logical Model
• Cloud Security and Compliance Scope and Responsibilities
• Cloud Security Models
• A Simple Cloud Security Process Model
• Governing in the Cloud
• Operating in the Cloud

Domain 2: Governance and Enterprise Risk Management

• Governance
• Tools of Cloud Governance
• Enterprise Risk Management
• The Effects of Service Model and Deployment Model
• Service Models
• Deployment Models
• Cloud Risk Management Trade-Offs
• Cloud Risk Management Tools

Domain 3: Legal Issues, Contracts and Electronic Discover

• Legal Frameworks Governing Data Protection and Privacy
• Common Themes
• Required Security Measures
• Restrictions to Cross-border Data Transfers
• Regional Examples – GDPR, NIS Directive, US Federal and State Laws
• Contracts and Provider Selection
• Internal Due Diligence
• Monitoring, Testing, and Updating
• External Due Diligence
• Contract Negotiations
• Reliance on Third-Party Audits and Attestations
• Electronic Discovery
• Possession, Custody and Control
• Relevant Cloud Applications and Environment
• Searchability and E-Discovery Tools
• Preservation
• Data Retention Laws and Record Keeping Obligations
• Collection
• Direct Access
• Native Production
• Authentication
• Cooperation Between Provider and Client in E-Discovery
• Response to a Subpoena or Search Warrant
• More Information

Domain 4: Compliance and Audit Management

• Compliance
• How Cloud Changes Compliance
• Audit Management
• How Cloud Changes Audit Management

Domain 5: Information Governance

• Cloud Information Governance Domains
• The Data Security Lifecycle
• Locations and Entitlements
• Functions, Actors, and Controls

Domain 6: Management Plane and Business Continuity

• Business Continuity and Disaster Recovery in the Cloud
• Architect for Failure
• Management Plane Security
• Accessing the Management Plane
• Securing the Management Plane
• Management Plane Security When Building/Providing a Cloud Service
• Business Continuity and Disaster Recovery
• Business Continuity Within the Cloud Provider
• Business Continuity for Loss of the Cloud Provider
• Business Continuity For Private Cloud and Providers

Domain 7: Infrastructure Security

• Cloud Network Virtualisation
• How Security Changes With Cloud Networking
• Challenges of Virtual Appliances
• SDN Security Benefits
• Microsegmentation and the Software Defined Perimeter
• Additional Considerations for Cloud Providers or Private Clouds
• Additional Considerations for Cloud Providers or Private Clouds
• Cloud Compute and Workload Security
• How Cloud Changes Workload Security
• Immutable Workloads Enable Security
• The Impact of Cloud on Standard Workload Security Controls
• Changes to Workload Security Monitoring and Logging
• Changes to Vulnerability Assessment
• Cloud Storage Security

Domain 8: Virtualisation and Containers

• Major Virtualisation Categories Relevant to Cloud Computing
• Compute
• Network
• Monitoring and Filtering
• Management Infrastructure
• Cloud Overlay Networks
• Storage
• Containers

Domain 9: Incident Response

• Incident Response Lifecycle
• How the Cloud Impacts IR
• Preparation
• Detection and Analysis
• Containment, Eradication and Recovery
• Post-mortem

Domain 10: Application Security

• Introduction to the Secure Software Development Lifecycle and Cloud Computing
• Secure Design and Development
• Secure Deployment
• Impact on Vulnerability Assessment
• Impact on Penetration Testing
• Deployment Pipeline Security
• Impact of Infrastructure as Code and Immutable
• Secure Operations
• How Cloud Impacts Application Design and Architectures
• Additional Considerations for Cloud Providers
• The Rise and Role of DevOps
• Security Implications and Advantages

Domain 11: Data Security and Encryption

• Data Security Controls
• Cloud Data Storage Types
• Managing Data Migrations to the Cloud
• Securing Cloud Data Transfers
• Securing Data in the Cloud
• Cloud Data Access Controls
• Storage (At-Rest) Encryption and Tokenization
• Key Management (Including Customer-Managed Keys)
• Data Security Architectures
• Monitoring, Auditing, and Alerting
• Additional Data Security Controls
• Cloud Platform/Provider-Specific Controls
• Data Loss Prevention
• Enterprise Rights Management
• Data Masking and Test Data Generation
• Enforcing Lifecycle Management Security

Domain 12: Identity, Entitlement, and Access Management

• How IAM is Different in the Cloud
• IAM Standards for Cloud Computing
• Managing Users and Identities for Cloud Computing
• Authentication and Credentials
• Entitlement and Access Management
• Privileged User Management

Domain 13: Security as a Service

• Potential Benefits and Concerns of SecaaS
• Major Categories of Security as a Service Offerings
• Identity, Entitlement, and Access Management Services
• Cloud Access and Security Brokers (CASB, also known as Cloud Security Gateways)
• Web Security (Web Security Gateways)
• Email Security
• Security Assessment
• Web Application Firewalls
• Intrusion Detection/Prevention (IDS/IPS)
• Security Information & Event Management (SIEM)
• Encryption and Key Management
• Business Continuity and Disaster Recovery
• Security Management
• Distributed Denial of Service Protection

Domain 14: Related Technologies

• Big Data
• Security and Privacy Considerations
• Data Collection
• Key Management
• Security Capabilities
• Identity and Access Management
• PaaS
• Internet of Things (IoT)
• Mobile
• Serverless Computing