Highlights
- Learn cloud security assessment methods and techniques, and how to use them to evaluate a cloud service prior to and during the provision of the service.
- Learn to ensure cloud service compliance with company requirements and aligned with organisation's governance approach.
Course Details
Module 1: Introductions, course orientation and starting surveys
Multiple quizzes with instant feedback to activate your learning
Reminding you what you already know & establishing what you need to
Module 2: Cloud Security Roles and Responsibilities
Cloud reference models (NIST, CSA, Jericho, ENISA etc)
Cloud governance, legal, trust, transparency, enterprise risk management
Module 3: Cloud Security Life-Cycles
Recognising life-cycles: data, software, procurement, management, audit
Establishing life-cycle coordination spanning cloud consumers and providers
Module 4: Cloud Security Architecture
Fundamental service patterns: IaaS, PaaS, SaaS, BPaaS
Multi-tenancy, separation requirements & architectural controls
Module 5: Cloud Security Engineering
Designing, implementing & testing trusted cloud security components
Engineering cloud security solutions based on trusted components
Module 6: Cloud Standards and Controls
Reviewing the CSA’s Cloud Control Matrix (CCM) & how to harness it
Understanding the significance & benefits of CCM compliance
Module 7: Preparing for Cloud Security Audits
Considering Cloud Security Audits from a Cloud Service Provider perspective
Understanding the Cloud Service Consumer & Cloud Auditor perspectives
Module 8: CCAK Concepts and Terminology
Ensuring that CCAK acronyms and glossary terms are familiar from the outset
Using interactive quizzes to accelerate learning of core concepts
Module 9: Threat Modelling for Cloud Environments
Understanding the value of Threat Modelling in Security Audit planning
Applying the CSA’s Threat Analysis Methodology in Cloud Security Audits
Module 10: Cloud Auditing Practices (1)
Cloud audit characteristics, criteria & principles
Cloud auditing standards
Module 11: Cloud Auditing Practices (2)
Comparing & contrasting cloud audit practices with on-premises auditing
Cloud audit program planning, control & execution
Module 12: Role of CCM Controls in Cloud Audits
CCM Audit Scoping & risk evaluation guidance
Use of CCM Audit workbook
Module 13: Reflecting on Learnings from Day 2
Articulating cloud audit benefits & aspects that could be tested in CCAK exam
Considering cloud audit challenges & how CCAK exam could test this
Module 14: Evaluating a Cloud Compliance Programme
Harnessing cloud security standards for compliance evaluation engagements
Tailoring cloud security audit evaluations to the cloud deployment model
Module 15: Continuous Cloud Assurance and Compliance
Integrating security assurance “touchpoints” through multiple life-cycles
Continuous Integration / Continuous Deployment (CI/CD) auditing
Module 16: CSA’s Security Trust Assurance and Risk (STAR) Programme
Explain the security and privacy implications of STAR
Become familiar with CSA STAR attestation and certification
Module 17: Preparing for the CCAK Examination
Reviewing the learning objectives (LOs) & knowledge required by the CCAK
Understanding the exam format & building effective exam techniques
Module 18: End of Course Discussions, Surveys and Feedbacks
Preparing for the CCAK v4 examination: identifying key focus areas
Reflecting on this CCAK course & using feedback to reinforce learning
Who should attend
Certificate of Cloud Security Knowledge (CCSK) qualification from the Cloud Security Alliance (CSA) but need not necessarily have already taken and passed the CCSK exam.
Feedback
4.8 out of 5 average
"Our tailored course provided a well rounded introduction and also covered some intermediate level topics that we needed to know. Clive gave us some best practice ideas and tips to take away. Fast paced but the instructor never lost any of the delegates"
Brian Leek, Data Analyst, May 2022
“JBI did a great job of customizing their syllabus to suit our business needs and also bringing our team up to speed on the current best practices. Our teams varied widely in terms of experience and the Instructor handled this particularly well - very impressive”
Brian F, Team Lead, RBS, Data Analysis Course, 20 April 2022