Cloud Computing Security Knowledge (CCSK)

As cloud computing shows itself to be the future of information technology, several studies have pointed to the necessity of addressing the IT industry’s skills gap and training professionals in both cloud computing and security.

Cloud computing is being aggressively adopted on a global basis as businesses seek to reduce costs and improve their agility. And one of the critical needs of the industry is to provide training and certification of professionals to assure that cloud computing is implemented responsibly, and with the appropriate security controls.

My Training Academy’s Cloud Computing Security Knowledge course provides students thorough coverage of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. The course begins with a detailed description of Cloud Computing and then expands into all major domains such as: Governance and Risk Management, the Cloud Architectural Framework and Business Continuity/Disaster Recovery.

The course is of particular interest to:

• IT infrastructure managers who need to understand and plan for Cloud adoption.
• IT professionals who need to better understand Cloud technologies.
• IT systems engineers who need to understand Cloud configuration, deployment and support.
• Professionals working within the Cloud IT sector who want to achieve the vendor neutral Cloud Security CCSK qualification.

Upon completing this course, the students will be experts in the following topics:

• Pass the CCSK Exam
• Understanding cloud computing security challenges
• Cloud computing security controls recommendation
• Elasticity, Resiliency and Measured Usage
• Understand the cloud computing architectural framework

The great thing about our Cloud Computing Security Knowledge course is that you are in charge of your start and finish date, with no deadline pressures!

We train our students to the very best standards, offering expert instructor-led training via our state of the art eLearning platform.

By achieving the Cloud Computing Security Knowledge certification, you will create more career opportunities and be better positioned when applying for work.

Enrol today and prepare for a future you deserve.

WHY STUDY WITH MY TRAINING ACADEMY?

• Flexible training - study anytime, anywhere and from any device.
• Expert Instructor-Led Training – our courses are delivered by the finest instructors with a minimum of 15 years real-world experience and are subject matter experts in their field, which is why we have a 97.4% pass rate.
• Visual Demonstrations & Multimedia Presentations – allows students to develop their skills based on real world scenarios explained by the instructor.
• Quizzes & Exam Simulators – custom practice exams to prepare students for their final exams. We offer practice quizzes after each module to ensure students are confident before proceeding to the next topic.
• Social Learning & Networking – world class learning management system allows students to interact and collaborate with other students, form study groups, engage in discussions, rate different courses and stay up to date with all the latest industry knowledge.
• Flash Cards & Educational Games – allows students to train in ways that keep them engaged and focus.
• Navigation & Controls – allows you to study at your own pace.

HOW MUCH TIME DO I NEED? Our unique, flexible approach to learning means you don\'t have to put your life on hold to get certified.

MTA students structure their study to fit in with jobs, families, friends and leisure time. They study full time and part time; from home and work and on the move; online and on mobile devices.

Certificate of Completion

1. Architecture

• NIST Definitions
• Essential Characteristics
• Service Models
• Deployment Models
• Multi-Tenancy
• CSA Cloud Reference Model
• Jericho Cloud Cube Model
• Cloud Security Reference Model
• Cloud Service Brokers
• Service Level Agreements

2. Governance and Enterprise Risk Management

• Contractual Security Requirements
• Enterprise and Information Risk Management
• Third Party Management Recommendations
• Supply chain examination
• Use of Cost Savings for Cloud

3. Legal Issues: Contracts and Electronic Discovery

• Consideration of cloud-related issues in three dimensions
• eDiscovery considerations
• Jurisdictions and data locations
• Liability for activities of subcontractors
• Due diligence responsibility
• Federal Rules of Civil Procedure and electronically stored information
• Metadata
• Litigation hold

4. Compliance and Audit Management

• Definition of Compliance
• Right to audit
• Compliance impact on cloud contracts
• Audit scope and compliance scope
• Compliance analysis requirements
• Auditor requirements

5. Information Management and Data Security

• Six phases of the Data Security Lifecycle and their key elements
• Volume storage
• Object storage
• Logical vs physical locations of data
• Three valid options for protecting data
• Data Loss Prevention
• Detection Data Migration to the Cloud
• Encryption in IaaS, PaaS & SaaS
• Database Activity Monitoring and File Activity Monitoring
• Data Backup
• Data Dispersion
• Data Fragmentation

6. Interoperability and Portability

• Definitions of Portability and Interoperability
• Virtualization impacts on Portability and Interoperability
• SAML and WS-Security
• Size of Data Sets
• Lock-In considerations by IaaS, PaaS & SaaS delivery models
• Mitigating hardware compatibility issues

7. Traditional Security, Business Continuity, and Disaster Recovery

• Four D’s of perimeter security
• Cloud backup and disaster recovery services
• Customer due diligence related to BCM/DR
• Business Continuity Management/Disaster Recovery due diligence
• Restoration Plan
• Physical location of cloud provider

8. Data Center Operations

• Relation to Cloud Controls Matrix
• Queries run by data centre operators
• Technical aspects of a Provider’s data centre operations for customers
• Logging and report generation in multi-site clouds

9. Incident Response

• Factor allowing for more efficient and effective containment and recovery in a cloud
• Main data source for detection and analysis of an incident
• Investigating and containing an incident in an Infrastructure as a Service environment
• Reducing the occurrence of application level incidents
• How often should incident response testing occur
• Offline analysis of potential incidents

10. Application Security

• Identity, entitlement, and access management (IdEA)
• SDLC impact and implications
• Differences in S-P-I models
• Consideration when performing a remote vulnerability test of a cloud-based application
• Categories of security monitoring for applications
• Entitlement matrix

11. Encryption and Key Management

• Adequate encryption protection of data in the cloud
• Key management best practices, location of keys, keys per user
• Relationship to tokenization, masking, anonymization and cloud database controls

12. Identity, Entitlement, and Access Management

• Relationship between identities and attributes
• Identity Federation
• Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
• SAML and WS-Federation
• Provisioning and authoritative sources

13. Virtualization

• Security concerns for hypervisor architecture
• VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
• In-Motion VM characteristics that can create a serious complexity for audits
• How can virtual machine communications bypass network security controls?
• VM attack surfaces
• Compartmentalization of VMs

14.Security as a Service

• 10 categories
• Barriers to developing full confidence in security as a service (SECaaS)
• Deployment of Security as a Service in a regulated industry prior SLA
• Logging and reporting implications
• How can web security as a service be deployed?
• What measures do Security as a Service provider take to earn the trust of their customers?
• ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
• Isolation failure
• Economic Denial of Service
• Licensing Risks
• VM hopping
• Five key legal issues common across all scenarios
• Top security risks in ENISA research
• OVF
• Underlying vulnerability in Loss of Governance
• User provisioning vulnerability
• Risk concerns of a cloud provider being acquired
• Security benefits of cloud
• Risks
• Data controller vs data processor definitions in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring

MULTI-USER TRAINING PACKAGES

This online course can be integrated in your professional training plan. M.T.A. can provide you with a tailored learning solution, that can be customised to meet each team member’s requirements. Choosing a multi-user training package, you can get significant discounts for 5+ users and even further discounts for 10+ users – and an excellent return on your investment.

OUR MISSION: Our mission is to help you learn the skills you need to reach your full potential.

WHO WE ARE: We are one of the fastest growing online training providers. We offer engaging, effective and flexible online training solutions to both individuals and businesses.

We develop courses that help individuals to prepare for and complete their certification exams with ease. Our unique, flexible approach to learning means you don’t have to put your life on hold to get certified. You can study full time or part time, from home or work or on the move; either on your PC or on your mobile devices.

We provide world class education developed by highly skilled and experienced instructors. Our courses are upgraded regularly to ensure our learners are up-to-date with the latest industry requirements and best practices.

WHAT WE BELIEVE: We believe technology has paved the way for individuals and businesses all over the world to tap into high quality learning at their fingertips, in order to build new skills, update their expertise in a particular area, or develop their workforce to gain a competitive edge within the market place.

Select a course now and prepare for the future you deserve.