Cloud Computing Architectural Framework (Cloud computing evolution, Cloud vocabulary, Essential characteristics of cloud computing, Cloud deployment models, Cloud service models, Multi- Tenancy approaches to create a barrier between the Tenants, Cloud computing threats, Cloud Reference Model,
The Cloud Cube Model, Security for cloud computing)
Legal and Electronic Discovery Risk Management(Legal and Electronic Discovery Risk Management Security recommendations)
Information Lifecycle Management (Key challenges regarding data lifecycle security Data Security recommendations by ILM Phase)
Traditional Security, Business Continuity, and Disaster Recovery(Risk of insider abuse, Security baseline, Customers actions, Contract, Documentation, Recovery Time Objectives (RTOs), Customers responsibility, Vendor Security Process (VSP))
Incident Response, Notification, and Remediation(How to identify incidents, How to respond to security incidents, Security incident containment, Security incident response recommendations)
Encryption and Key Management(Encryption for confidentiality and integrity, Encrypting data at rest,
Key management lifecycle, Cloud encryption standards, Recommendations)
Virtualisation(Hardware Virtualisation, Software Virtualisation, Memory Virtualisation, Storage Virtualisation, Data Virtualisation, Network Virtualisation, Virtualisation Security recommendations)
Governance and Enterprise Risk Management(Information security governance processes,
Governance and enterprise risk management in cloud computing, Governance recommendations,
Enterprise Risk Management recommendations, Information Risk Management recommendations,
Third Party Management recommendations)
Compliance and Audit(Cloud customer responsibilities, Compliance Audit Security Recommendations.)
Portability and Interoperability(Changing providers reasons, Changing providers expectations, Recommendations all cloud solutions, IaaS Cloud Solutions, PaaS Cloud Solutions, SaaS Cloud Solutions)
Data Center Operations(Data Center Operations, Security challenge, Implement “Five Principal Characteristics of Cloud Computing”, Data center security recommendations)
Application Security(Web Application, Application Weaknesses, Attack Methods, What is Web Application Security, Application security layer, Vulnerability distribution, Why Web Application Risks Occur, Security solutions, Applications in cloud environments, Security recommendations)
Identity and Access Management(Identity and Access Management in the cloud, Identity and Access Management functions, Identity and Access Management (IAM) Model, Identity Federation, Identity provisioning recommendations, Authentication for SaaS and Paas customers, Authentication for IaaS customers, Introducing Identity Services, Enterprise Architecture with IDaaS, IDaaS security recommendations)
Enisa – Cloud Computing Risk Assessment (Guidelines)
30 – 31 Aug | Hong Kong City, Hong Kong
16 – 17 Nov | Makati, Philippines
21 – 22 Nov | Kuala Lumpur, Malaysia
23 – 24 Nov | Singapore City, Singapore
07 – 08 Nov | Sydney, Australia
14 -15 Nov | Brisbane, Australia
06 – 07 Nov | Dubai, UAE
08 – 09 Nov | Muscat, Oman
13 – 14 Nov | Manama, Bahrain
09 – 10 Nov | Moscow, Russia
17 – 18 Nov | Munich, Germany
28 – 29 Nov | London, Great Britain
How is the Examination conducted – Method, Number of Questions, Format?
1. The exam is web-based and consists of multiple choice questions examining your individual competency in key cloud security issues
2. There are 60 questions and it is a timed examination (must be completed within 90 minutes) without interruption
3. It is not possible to pause the exam, stop the exam or take the exam at a later time once you’ve started
4. Pass mark is 80% ie you must get 40 out of 50 questions correct to pass the test and obtain the certificate
5. You are allowed to consult the training material during the exam ie it is an open book exam.
Where does the Examination need to be taken?
1. The exam is an online examination taken directly at the Cloud Security Alliance (CSA) website. You can take the Examination at any place that has a computer and an internet connection.
2. There is no necessity to schedule your test in advance.
What body of knowledge does the Examination test you on?
1. The body of knowledge tested is The CSA Guidance V3.0, English language version and ENISA’s report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”.
2. 70% of the questions are based on the CSA Guidance whereas 20% of the questions are based on the ENISA report and 10% of the questions are applied knowledge questions related to the best practices in both documents.
3. The CSA recommends that the best way to prepare for the CCSK examination is to thoroughly read and understand the CSA Guidance and ENISA.
Exam fees are not included in the registration fees quoted and are to be purchased separately.
Certification by : The Cloud Security Alliance
The Cloud Security Alliance (CSA) is a not-for-profit organisation with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
1. Any IT professional who is planning to use cloud computing or who is already working in the cloud.
2. IT Professionals who want to understand more about the issues pertaining to security which are related to being in the cloud as well as recommendations as to how this can be dealt with.
3. The audience will include the likes of the Chief Information Officer (CIO), Chief Information Security Officer (CISO), IT and security professionals.
Laptops required. While presentation materials are provided including training materials and tests during the course, you are however, required to bring your own laptop. Laptop compatible OS are Windows, Linux or Mac.
Preparation.There is some preparation required before the course starts. You will be downloading some software and applying for an Amazon webservices account.
Webservices account. An Amazon web services account will need to be created ahead of the course at least two days in advance of the scheduled course date.
Cloud usage fees.These fees are also not included as part of the registration fee. However, it is estimated that these would not exceed a few US dollars.
It is advised that you have at least a basic understanding of security fundamentals such as firewalls, secure development, encryption and identity management.
This course is brought to you in partnership with Digital Infrastructures.