Certified Cloud Security Professional (CCSP)
Certified Cloud Security Professional
Cloud Application Security
Cloud Data Security
Cloud Service : Legal and Compliance
Cloud Service : Operations Management
Cloud System Architecture : Concepts and Design
Cloud System Security - Platform and Infrastructure

Cloud Application Security

Course Number:
cl_csip_a04_it_enus
Lesson Objectives

Cloud Application Security

  • start the course
  • describe awareness and required training to develop an understanding of security focus areas relating to cloud applications
  • describe common issues relating to the development of cloud-based applications
  • describe common security issues relating to Cloud-hosted applications. Define the importance of foreknowledge regarding cloud application vulnerabilities and OWASP research
  • describe the application development life cycle with reference to cloud security
  • define functional testing as it relates to cloud-based application software
  • describe application testing with reference to cloud security. Describe SAST, DAST, and Penetrative Testing methodologies
  • outline the deployment of verified and approved APIs
  • describe the significance of surfacing the Supply-Chain with reference to cloud-hosted application software
  • define the mechanics, phases, and methodologies associated with application development
  • define how business requirements impact on application development and throughout the application life time
  • describe requirements and best practices for application configuration, and version management
  • define known threats and security issues that must be considered when developing cloud-hosted applications
  • define cloud-specific risks, and assimilate to mitigate threat within the design and during the operational phases of cloud-hosted applications
  • define how to analyze security threats and risks to an application
  • describe associated hardware/software components related to the security of cloud applications
  • define security protocols and measures associated with application data and data packet protection
  • describe isolation and sandboxing as it applies to cloud-hosted applications
  • describe the virtualization technology associated with cloud-hosted applications
  • describe Federated Identity and its deployment for cloud-hosted application authorization and access
  • define Single Sign-On/Off and its place within the cloud service security framework
  • describe and deploy Multifactor Authentication within a cloud service security framework
  • describe the phase of NIST's SDLC and define the difference between SDLF and S-SDLC

Overview/Description
In a developing landscape where end user applications are moving to a cloud-hosted infrastructure, the traditional application development design life cycle is redefined. The application design process must be security-aware and must protect cloud-hosted applications and data from an increasing attack vector density. This course covers various aspects of cloud computing relating to the security of cloud-based application software and supporting hardware and services. The course outlines various aspects of application security and access, including designing in security, peripheral security components, and securing access to services and hosted applications. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 4 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Cloud Data Security

Course Number:
cl_csip_a02_it_enus
Lesson Objectives

Cloud Data Security

  • start the course
  • define the various life stages of cloud-hosted data assets
  • define the various technologies associated with data asset security and protection
  • define storage modes in a cloud computing environment, and be able to map data assets to appropriate storage mode
  • define and describe potential threats associated with storage types
  • define threat mitigation technology and techniques
  • define encryption as it applies to cloud-hosted data
  • describe key-pair management as it applies to cloud-hosted data
  • describe data masking and masking methodologies
  • describe data tokenization technologies
  • describe technology selection with respect to criteria
  • list active data privacy protection legislation by jurisdiction – Data Privacy Acts/Laws
  • describe data discovery and its implementation methodologies
  • outline data classification and the classification of discovered sensitive data
  • detail data asset mapping to data control types
  • define data rights objects in terms of user access control, managing roles, and role-based access options
  • define data retention policy principles and how to develop appropriate practices
  • outline principles, and how to define and manage data deletion procedure and methodologies
  • outline principles, and how to define and manage data archiving procedures and methodologies
  • list event sources and associated identity
  • detail event recording, analyzing event data, and aspects of storage and protection of event data
  • describe COC as it applies to data hosted on the cloud and understand how nonrepudiation is handled within a cloud hosting environment
  • describe common storage media threats, data protection techniques and failover architectures

Overview/Description
In a computing environment where client data assets are remotely hosted, data asset security becomes an important factor when considering the potential transition to cloud services. This course describes and explores issues relating to the management and protection of data assets hosted on a cloud platform, and data in transit to and from a cloud platform. In this course, you will learn about all aspects of data management: protection, auditing, access, legislative impact, storage, deletion, security, ownership, data rights management, encryption, classification, known threats to data assets, and threat mitigation. The course covers the essential topics for the ICS2’s Certified Cloud Security Professional examination – Domain 2 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Cloud Service – Legal and Compliance

Course Number:
cl_csip_a06_it_enus
Lesson Objectives

Cloud Service – Legal and Compliance

  • start the course
  • describe areas of legislative conflict with respect to cloud-hosted services
  • appraise legal risks associated with the provision of cloud services
  • describe how to apply control policy with respect to legal requirements
  • define eDiscovery and its impact on cloud service provision, requirements, and responsibilities
  • define the legislative requirement related to forensic data management
  • define PII, outline the difference between contractual and regulated PII, and describe the differences between confidentiality, integrity, availability, and privacy
  • describe the international variations that apply to PII and data privacy
  • define audit operations and auditor tasks with reference to cloud computing services, and outline distributed service issues with respect to auditing
  • describe audit requirements, scope, and reporting as they apply to cloud services
  • outline challenges associated with auditing the virtualized infrastructure of a cloud-based service
  • define audit reporting against a background of prevailing standards, and outline audit scope and audit regulation requirements with respect to highly regulated industries
  • define gap analysis and audit planning with reference to cloud service auditing
  • describe the deployment of Internal Information Security Management (ISMS) and Security Control Systems (ISCS) - ISO 27000 Series
  • describe the deployment of ISMS and ISCS with reference to ISO, ITIL, and NIST
  • describe issues with obtaining details of a CSP's risk management data
  • describe issues surrounding the importance of data ownership and define interrelationships between owner and custodian regarding responsibility
  • outline measures to mitigate risk
  • outline the integration of information security and risk management activities into a formal framework
  • outline the metrics that quantify and measure the extent of a risk associated with cloud service elements and components
  • define key areas of focus for risk assessment, including supplier, vendors, services, and so on
  • describe business requirements with reference to the Service Level Agreement, GAAP guidelines, and standards
  • describe the vendor and provider vetting process with reference to certifications, audit and event reporting, accreditations, and so on
  • describe the deployment of supply-chain management in the context of cloud services
  • detail current legislation relating to PII and define a number of widely adopted auditing compliance frameworks and report types; outline available auditing standards and frameworks, describe ISMS and applicable standards and guidance, and detail a number of cloud service adoption risks; and finally, outline some detail on available cloud service-related risk management frameworks

Overview/Description
Alongside the development and uptake of cloud services, comes a developing regulatory framework that compels cloud service providers to protect data and to secure the privacy, integrity, and confidentiality of client data and data assets. This course covers various topics associated with legal and compliance issues with cloud services which are governed within a regulatory framework. The course addresses investigative measures and techniques associated with crime investigation, including eDiscovery and forensic data management. The course also touches on privacy, auditing, and reporting as it applies to cloud technology and services including SAS, SSAE, and ISAE. In this course, you will also learn about risk management, outsourcing, and vendor\provider assessment with particular attention to certifications, access provider audit data, and data ownership issues. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 6 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Cloud Service – Operations Management

Course Number:
cl_csip_a05_it_enus
Lesson Objectives

Cloud Service – Operations Management

  • start the course
  • define the design and implementation of logical elements of a proposed cloud service, including tenant isolation, access control, etc.
  • define the design and implementation of physical aspects of a proposed cloud service, including build or rent, location, management
  • describe the deployment and configuration of secured hardware with reference to BIOS, TMP, storage controllers, network controllers, etc.
  • describe the deployment and configuration of secured hardware with reference to BIOS, TMP, storage controllers, network controllers, etc.
  • define local machine access controls, and deployment of secure KMV switches
  • define techniques to secure network configuration and network support tools, including VLAN, TLS, DHPC and Authorized DHCP, DNS and Secure, and IPSec
  • define techniques to secure the datacenter network and network access
  • define operating system hardening techniques with reference to OS: Windows, Linux, VMware, etc.
  • describe standalone and cluster host availability, backup, and failover, in addition to load balancing, dynamic optimization (DO), maintenance mode, and general high availability best practice adoption
  • describe the mechanisms for deploying Remote Access, including RDP, Secure Terminal Access
  • define the preservation of OS compliance with reference to monitoring and remediation
  • describe requirements and best practices with reference to fixes, patches, and updates
  • describe requirement to continuously monitor and report on host component performance
  • describe requirement to continuously monitor and report on host component performance
  • describe the implementation of back and restore policy with reference to cloud components, including data, configurations, etc.
  • define the deployment of network security-related controls, including firewalls, IDS, IPS, honeypot deployment, and vulnerability assessment/threat mitigation
  • define requirement for hardware event logging and reporting #1
  • define requirement for hardware event logging and reporting #2
  • describe host maintenance, scheduled preventive hardware maintenance, planned backups, hardware redundancy strategy, and notification/continuity
  • define the secure configuration of the virtual hardware, including network, storage and elastic expansion, memory, and external devices
  • describe the tolls associated with VM OS installation on the physical host
  • describe compliance and control principles and standards: Change and Continuity Management
  • describe compliance and control principles and standards: Information Security, Service Improvement, Incident, Problem, and Release Management
  • describe compliance and control principles and standards: Configuration, Service Level, Availability and Capacity Management
  • describe and implement risk management
  • describe best practice approach to the deployment of proactive and reactive forensic data collection methods
  • describe and deploy best practice systems that guarantee essential and open contact and communications with cloud system providers, vendors, cloud system consumers and users, partners, auditors, regulators, and any other key stakeholders
  • detail datacenter operational design factors and define network component security control, define four system management categories and the NIST Forensic Evidence process, describe Cloud Service Actor communications

Overview/Description
Fundamental to cloud service security are the construction and design of secure datacenters and their hosted hardware and systems. This course covers the best practice management approach to designing, deploying, and administrating a cloud datacenter and service. In addition, the course will cover the techniques that can be deployed to configure and protect hardware assets – physical and virtualized, manage and protect configuration settings, and keep network data moving in and out of, and hosted within the domain of the datacenter. Topics include regulation compliance, protection techniques, and controlled access to the various components of a cloud data center infrastructure. In this course, you will learn about the deployment of auditing and monitoring techniques, event logging and reporting, and other aspects of management techniques associated with cloud-hosted services. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 5 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Cloud System Architecture – Concepts and Design

Course Number:
cl_csip_a01_it_enus
Lesson Objectives

Cloud System Architecture – Concepts and Design

  • start the course
  • define and describe cloud components
  • define cloud system participants: consumers, providers, partners, auditors, regulators
  • outline the operational characteristics of cloud computing
  • outline the supporting architectural components and infrastructure of cloud computing
  • detail Cloud Computing Activities with reference to ISO/IEC 17789, Clause 9
  • define how cloud services are categorized based on supported services and capabilities
  • describe the industry-defined standard categories of cloud computing
  • describe the defined deployment models of the cloud services
  • describe the additional operational aspects of the cloud service environment
  • describe the encryption of cloud-hosted assets
  • define access and access control to cloud-hosted assets (data, files, and resources)
  • outline asset and media management with respect to deletion/removal/overwrite on a cloud platform
  • define issues and solutions relating to cloud network structures
  • define issues and solutions relating to cloud virtualization infrastructures
  • list and describe known and common threats to cloud infrastructure and data assets
  • define security considerations and responsibilities on a per Cloud Model (Category basis – IaaS, PaaS, and SaaS plus their various derivatives)
  • detail the security-based data life cycle of cloud-hosted assets (data, files, features)
  • describe business continuity and disaster recovery as it applies to a cloud service
  • define how a cloud deployment might be analyzed on a cost basis
  • define and describe focus areas relating to the functional security of the cloud service including vendor lock-in, interoperability, portability, migration, etc.
  • describe methodologies for mapping cloud service requirements to service provider certification and product certifications
  • outline methodologies for mapping cloud components to appropriate or required industry certifications or industry standards
  • define Cloud Service roles, categories, and services; describe data state and data asset classification with reference to security; and outline the purpose of Common Criteria

Overview/Description
Cloud services vary in size and complexity, and the deployed architecture impacts directly on service and data asset security. This course describes and explores aspects of cloud computing architectural design, and defines associated cloud systems and cloud components. In addition to Cloud Reference Architecture, the course outlines definitions and roles, computing characteristics, and cloud deployment models. In this course, you will learn about cloud security, cloud networks, virtualization within the cloud system, data encryption and aspects of cloud interoperability, trusted cloud services, cloud system management, and operational considerations. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 1 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Cloud System Security - Platform and Infrastructure

Course Number:
cl_csip_a03_it_enus
Lesson Objectives

Cloud System Security - Platform and Infrastructure

  • start the course
  • recognize the physical and virtual components within a cloud platform
  • define the networking and communication architecture of a cloud platform
  • define the compute service as it applies to the cloud platform
  • define the available virtualization options within a cloud platform
  • define storage and Storage as a Service (STaaS) within a cloud platform
  • describe and define risk as it applies to cloud services and underlying infrastructure, and adopt a risk analysis and management posture regarding cloud computing
  • describe and define known threats and attack vectors associated with cloud services and infrastructure
  • define virtualization-specific areas of focus with reference to security such as Hypervisor, VM files, and VM deletion
  • define and describe threat mitigation and attack handling techniques including ACL, designing in security, and adopting security measures
  • design and deploy physical and environmental security mechanisms
  • design and deploy security mechanisms to mitigate failure and threats, and avoid attack to the systems and communication hardware within a cloud platform
  • describe and manage identification, system, and data access in addition to authentication and authority within the cloud service
  • define auditing techniques and responsibilities within key areas of focus, including asset access, asset status, deletions, archiving, and reporting
  • describe and deploy DR and BC with respect to the cloud environment
  • describe and deploy DR and BC with respect to operations and business requirements
  • define and describe relevant DR and BC strategies
  • deploy DR and BC mechanisms
  • describe cloud device platforms and associated risks; discuss vulnerabilities within the virtualized infrastructure and attack vectors in general; and finally, discuss available disaster recovery architectures

Overview/Description
The security of the cloud services platform and infrastructure is a fundamental driver in the uptake of cloud services and the transition away from Enterprise structures. This course describes issues relating to the security of the supporting components of the cloud infrastructure – both physical and virtual components. The course promotes/outlines a risk management approach in developing and employing security measures to protect cloud components; describes key risk management focus areas – identification, measurement, and control; and covers known threats and the key areas of cloud component vulnerability. In this course, you will learn about security management/measures and auditing, including authentication, authorization, Business Continuity (BC), Disaster Recovery (DR), and failover. The learner will be expected to display knowledge of Cloud Service Business Continuity and Disaster Recovery planning, to identify areas requiring specific security protection, and how to recover lost or damaged data and components hosted on a cloud platform. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 3 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Close Chat Live