Overview
The complete Certified Cloud Security Professional video course with CCSK extras by Dean Bushmiller
Domain 1 Cloud Concepts, Architecture and Design
1.1 Understand cloud computing concepts
Cloud computing definitionsCloud computing roles and responsibilitiesKey cloud computing characteristicsBuilding block technologies1.2 Describe cloud reference architecture
Cloud computing activitiesCloud service capabilities Cloud service categories IaaS, PaaS, SaaSCloud deployment models Cloud shared considerations , auditability, regulatory, outsourcing1.3 Understand security concepts relevant to cloud computing
Cryptography and key managementIdentity and access control Data and media sanitization Network security Virtualization security Common threatsSecurity hygiene1.4 Understand design principles of secure cloud computing
Cloud secure data lifecycleCloud-based business continuity and disaster recovery planBusiness impact analysis Functional security requirements Security considerations and responsibilities for different cloud categoriesCloud design patterns Enterprise ArchitectureDevOps security1.5 Evaluate cloud service providers
Verification against criteria System/subsystem product certificationsDomain 2 Cloud Data Security
2.1 Describe cloud data concepts
Cloud data life cycle phasesData dispersionData flows2.2 Design and implement cloud data storage architectures
Storage types Threats to storage types
2.3 Design and apply data security technologies and strategies
Encryption and key management
Hashing
Data obfuscation
Tokenization
Data loss prevention
Keys, secrets and certificates management
2.4 Implement data discovery
Structured data
Unstructured data
Semi-structured data
Data location
2.5 Plan and implement data classification
Data classification policies
Data mapping
Data labeling
2.6 Design and implement Information Rights Management
Legal hold
2.7 Design and implement auditability, traceability and accountability of data events
Definition of event sources and requirement of event attributes address, geolocation
Logging, storage and analysis of data events
Chain of custody and non repudiation
Domain 3 Cloud Platform and Infrastructure Security
3.1 Comprehend cloud infrastructure and platform components
Physical environment
Network and communications
Compute
Virtualization
Storage
Management plane
3.2 Design a secure data center
Logical design
Physical design
Environmental design
Design resilient
3.3 Analyze risks associated with cloud infrastructure and platforms
Risk assessment
Cloud vulnerabilities, threats and attacks
Risk mitigation strategies
3.4 Plan and implementation of security controls
Physical and environmental protection
System, storage and communication protection
Identification, authentication and authorization in cloud environments
Audit mechanisms correlation, packet capture
3.5 Plan business continuity and disaster recovery
Business continuity and disaster recovery strategies
Business requirements , Recovery Point Objective
Creation, implementation and testing of plan
Domain 4 Cloud Application Security
4.1 Advocate training and awareness for application security
Cloud development basics
Common pitfalls
Common cloud vulnerabilities OWASP Top 10
4.2 Describe the Secure Software Development Life Cycle process
Business requirements
Phases and methodologies
4.3 Apply the Secure Software Development Life Cycle
Cloud specific risks
Threat modeling STRIDE and DREAD
Avoid common vulnerabilities during development
Secure coding Application Security Verification Standard
Software configuration management and versioning
4.4 Apply cloud software assurance and validation
Functional and non functional testing
Security testing methodologies SAST DAST
Quality assurance
Abuse case testing
4.5 Use verified secure software
Securing application programming interfaces
Supply chain management
Third party software management
Validated open source software
4.6 Comprehend the specifics of cloud application architecture
Supplemental security components , Database Activity Monitoring, Extensible Markup Language firewalls, application programming interface gateway
Cryptography
Sandboxing
Application virtualization and orchestration
4.7 Design appropriate identity and access management solutions
Federated identity
Identity providers
Single sign on
Multi factor authentication
Cloud access security broker
Secrets management
Domain 5 Cloud Security Operations
5.1 Build and implement physical and logical infrastructure for cloud environment
Hardware specific security configuration requirements and Trusted Platform Module
Installation and configuration of management tools
Virtual hardware specific security configuration requirements , Hypervisor types
Installation of guest operating system virtualization toolsets
5.2 Operate and maintain physical and logical infrastructure for cloud environment
Access controls for local and remote access , secure terminal access, Secure Shell, console based access mechanisms, jumpboxes, virtual client
Secure network configuration , Transport Layer Security, Dynamic Host Configuration Protocol, Domain Name System Security Extensions, virtual private network
Network security controls , intrusion prevention systems, honeypots, vulnerability assessments, network security groups, bastion host
Operating system hardening through the application of baselines, monitoring and remediation
Patch management
Infrastructure as Code strategy
Availability of clustered hosts
Availability of guest operating system
Performance and capacity monitoring
Hardware monitoring
Configuration of host and guest operating system backup and restore functions
Management plane
5.3 Implement operational controls and standards
Change management
Continuity management
Information security management
Continual service improvement management
Incident management
Problem management
Release management
Deployment management
Configuration management
Service level management
Availability management
Capacity management
5.4 Support digital forensics
Forensic data collection methodologies
Evidence management
Collect, acquire, and preserve digital evidence
5.5 Manage communication with relevant parties
Vendors
Customers
Partners
Regulators
Other stakeholders
5.6 Manage security operations
Security operations center
Intelligent monitoring of security controls , intrusion prevention systems, honeypots, network security groups, artificial intelligence
Log capture and analysis , log management
Incident management
Vulnerability assessments
Domain 6 Legal, Risk and Compliance
6.1 Articulate legal requirements and unique risks within the cloud environment
Conflicting international legislation
Evaluation of legal risks specific to cloud computing
Legal framework and guidelines
eDiscovery
Forensics requirements
6.2 Understand privacy issues
Difference between contractual and regulated private data , personally identifiable information
Country specific legislation related to private data , personally identifiable information
Jurisdictional differences in data privacy
Standard privacy requirements
Privacy Impact Assessments
6.3 Understand audit process, methodologies, and required adaptations for a cloud environment
Internal and external audit controls
Impact of audit requirements
Identify assurance challenges of virtualization and cloud
Types of audit reports
Restrictions of audit scope statements
Gap analysis
Audit planning
Internal information security management system
Internal information security controls system
Policies
Identification and involvement of relevant stakeholders
Specialized compliance requirements for highly regulated industries
Impact of distributed information technology model
6.4 Understand implications of cloud to enterprise risk management
Assess providers risk management programs
Difference between data owner/controller vs. data custodian/processor
Regulatory transparency requirements , General Data Protection Regulation
Risk treatment
Different risk frameworks
Metrics for risk management
Assessment of risk environment
6.5 Understand outsourcing and cloud contract design
Business requirements , master service agreement, statement of work
Vendor management
Contract management
Supply chain managementBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Watch now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.Mark W.
Publisher Resources
ISBN: 9780996619165
