Cloud Computing Security Knowledge (CCSK)
The Cloud Computing Security Knowledge class provides students thorough coverage of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. The course begins with a detailed description of cloud computing, and expands into all major domains such as Governance and Risk Management, the Cloud Architectural Framework, and Business Continuity/Disaster Recovery. Upon course completion, students will be prepared for the CCSK exam, and experts in the following topics: understanding cloud computing, security challenges, cloud computing security, controls recommendation, elasticity, resiliency and measured usage, and understand the cloud computing architectual framework.
Course Content
1: Architecture
NIST Definitions
Essential Characteristics
Service Models
Deployment Models
Multi-Tenancy
CSA Cloud Reference Model
Jericho Cloud Cube Model
Cloud Security Reference Model
Cloud Service Brokers
Service Level Agreements
2: Governance and Enterprise Risk Management
Contractual Security Requirements
Enterprise and Information Risk Management
Third Party Management Recommendations
Supply chain examination
Use of Cost Savings for Cloud
3: Legal Issues: Contracts and Electronic Discovery
Consideration of cloud-related issues in three dimensions
eDiscovery considerations
Jurisdictions and data locations
Liability for activities of subcontractors
Due diligence responsibility
Federal Rules of Civil Procedure and electronically stored information
Metadata
Litigation hold
4: Compliance and Audit Management
Definition of Compliance
Right to audit
Compliance impact on cloud contracts
Audit scope and compliance scope
Compliance analysis requirements
Auditor requirements
5: Information Management and Data Security
Six phases of the Data Security Lifecycle and their key elements
Volume storage
Object storage
Logical vs physical locations of data
Three valid options for protecting data
Data Loss Prevention
Detection Data Migration to the Cloud
Encryption in IaaS, PaaS & SaaS
Database Activity Monitoring and File Activity Monitoring
Data Backup
Data Dispersion
Data Fragmentation
6: Interoperability and Portability
Definitions of Portability and Interoperability
Virtualization impacts on Portability and Interoperability
SAML and WS-Security
Size of Data Sets
Lock-In considerations by IaaS, PaaS & SaaS delivery models
Mitigating hardware compatibility issues
7: Traditional Security, Business Continuity, and Disaster Recovery
Four D's of perimeter security
Cloud backup and disaster recovery services
Customer due diligence related to BCM/DR
Business Continuity Management/Disaster Recovery due diligence
Restoration Plan
Physical location of cloud provider
8: Data Center Operations
Relation to Cloud Controls Matrix
Queries run by data center operators
Technical aspects of a Provider's data center operations for customers
Logging and report generation in multi-site clouds
9: Incident Response
Factor allowing for more efficient and effective containment and recovery in a cloud
Main data source for detection and analysis of an incident
Investigating and containing an incident in an Infrastructure as a Service environment
Reducing the occurrence of application level incidents
How often should incident response testing occur
Offline analysis of potential incidents
10: Application Security
Identity, entitlement, and access management (IdEA)
SDLC impact and implications
Differences in S-P-I models
Consideration when performing a remote vulnerability test of a cloud-based application
Categories of security monitoring for applications
Entitlement matrix
11: Encryption and Key Management
Adequate encryption protection of data in the cloud
Key management best practices, location of keys, keys per user
Relationship to tokenization, masking, anonymization and cloud database controls
12: Identity, Entitlement, and Access Management
Relationship between identities and attributes
Identity Federation
Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
SAML and WS-Federation
Provisioning and authoritative sources
13: Virtualization
Security concerns for hypervisor architecture
VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
In-Motion VM characteristics that can create a serious complexity for audits
How can virtual machine communications bypass network security controls
VM attack surfaces
Compartmentalization of VMs
14: Security as a Service
10 categories
Barriers to developing full confidence in security as a service (SECaaS)
Deployment of Security as a Service in a regulated industry prior SLA
Logging and reporting implications
How can web security as a service be deployed
What measures do Security as a Service providers take to earn the trust of their customers
ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
Isolation failure
Economic Denial of Service
Licensing Risks
VM hopping
Five key legal issues common across all scenarios
Top security risks in ENISA research
OVF
Underlying vulnerability in Loss of Governance
User provisioning vulnerability
Risk concerns of a cloud provider being acquired
Security benefits of cloud
Risks
Data controller vs data processor definitions in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring
