CCSK Training

Cloud Computing Security Knowledge - Foundation

The CCSK - Foundation course is based on V3.0 of the CCSK exam and the CSA Security Guidance for Critical Areas of Cloud Computing V3.0.

The Cloud Computing Security Knowledge- Foundation class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK v3.0 certificate exam. Starting with a detailed description of cloud computing, the course covers all major domains in the Guidance v3.0 document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA).

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).

Certificate of Cloud Security Knowledge - Plus

The CCSK- Plus class builds upon the CCSK Foundation class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.

This second day of training includes additional lecture, although student’s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

CCSK Training Partner Program

For organizations wishing to be partners to provide training for the above courses.

PCI DSS in the Cloud Training

The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios where PCI DSS and clouds overlap in the real world. You will learn where to look while assessing such environments and what pitfalls and mistakes to avoid. It will also cover the shared responsibility between service providers and merchants in implementing PCI DSS controls. Specifically, we will discuss how PCI DSS Requirement 12.8 applies to various cloud scenarios.

The class would be most useful to PCI DSS QSA, organizations offering PCI DSS consulting as well as merchants planning or implementing PCI compliance.

Cloud Control Matrix (CCM) Foundation Training

Training Course Overview

This training course is designed to provide training for CSA's Cloud Controls Matrix (CCM), which is a part of CSA’s GRC Stack toolkit. The course will also provide an introduction to the Consensus Assessments Initiative Questionnaire (CAIQ) and CSA Security, Trust & Assurance Registry (STAR).

Course curriculum will center on:

  • Introduction to Cloud
  • Introduction & Purpose of Cloud Controls Matrix
  • Cloud Controls Matrix Structure
  • Cloud Controls Matrix Domains
  • Intro to CAIQ and STAR, the Future, Summary

KEY LEARNING OBJECTIVES

Upon completion of this training, the attendee should be able to use the CCM and CAIQ to be able to:

For a cloud vendor:

  • Comply with fundamental cloud security principles and requirements included in relevant security standards and legislations
  • Assess the security posture
  • Compare yourself with competitors and industry benchmark

For a cloud customer or cloud auditor:

  • Assess the overall level of security offered by cloud provider
  • Build the necessary assessment processes for engaging with cloud providers
  • Leverage the mapping with other industry-accepted security standards, regulations, and controls frameworks (such as ISACA COBIT, FERPA, AICPA, ISO/IEC 27001/27002, NIST, Jericho Forum, NERC CIP, PCI DSS and the CSA Guidance document) to reduce audit complexity
  • Normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud

CCM Training is currently being offered upon request. Please email us for more information.