Cloud Computing Security Knowledge Foundation (H8P75S)

There is a lot of hype and confusion around cloud security. This 2-day course slices through the hyperbole and provides students with the practical knowledge they need to understand the real cloud security issues and solutions. The training gives students a comprehensive review of cloud security fundamentals and prepares them for the Cloud Security Alliance CCSK certification exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). Alternatively, take the 3-day H8P76S CCSK Plus course that adds an additional day for hands-on labs. Included: Each course includes an exam voucher from the Cloud Security Alliance for the CCSK certification exam


Audience

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security


Prerequisites

We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management

For security foundations training, refer to the Information Security Essentials course at hpe.com/ww/learnsecurity


Course objectives

To provide students with a base of knowledge on cloud computing security theory and practice and assist students in taking the CCSK exam.


Certifications and related examinations

  • Cloud Security Alliance—CCSK
Details anzeigen


Detailed course outline

Module 1: Introduction and cloud architectures

  • Define cloud computing and its business benefits
  • List the attributes that define cloud computing
  • Identify pros and cons of cloud computing choices
  • Discuss the different components of the cloud computing stack
  • Differentiate service models and deployment models
  • Describe individual service models and how they operate
  • Describe individual deployment models and how they operate
  • Discuss shared responsibility for security across models
  • Identify cloud impact on related technologies that rely on cloud or are commonly seen in cloud deployments


Module 2: Adapting governance and information risk management

  • List the key elements of information security governance related to cloud operations
  • Identify strategies to manage provider governance
  • Describe the steps in risk management lifecycle specifically for moving to the cloud
  • List alternatives for risk treatment used by CSA
  • Differentiate risk treatment implementation responsibility across service models
  • List key aspects of business continuity and disaster recovery planning for cloud
  • Describe how incidents change in cloud
  • Identify challenges in incident response when working with a cloud provider at various service levels


Module 3: Compliance and audit in the cloud

  • Identify legal responsibilities based on business compliance, regulations, and geography
  • Discuss contractual elements that support compliance and verification
  • Identify jurisdiction and regulation requirements
  • Describe legal ramifications and procedures for legal accountability
  • Describe types of audit and how to plan for them
  • List required artifacts for auditing
  • Describe how to handle the results of an audit


Module 4: Infrastructure technology

  • Identify architectural layers in a cloud environment
  • Provide a high-level description of the operation of hypervisors in creating, updating, and destroying virtual machines
  • Discuss operation of the cloud management plane
  • List elements of virtual networking
  • Give a general description of the operation of shared storage
  • List additional infrastructure elements required in the operation of a cloud architecture
  • Differentiate the infrastructure delivery for different service models


Module 5: Securing cloud infrastructure

  • Discuss the security advantages and disadvantages of working with virtual infrastructure
  • List elements to secure the host and hypervisor levels
  • Discuss how to secure the cloud management plane
  • Describe how to secure virtual networking
  • Describe how to secure virtual machines during creation, use, movement, and destruction
  • List ways to secure API interfaces
  • Identify the security basics for the difference service models
  • Assess the security implications of different deployment Models


Module 6: Data security for cloud computing

  • Describe different cloud storage models
  • Define security issues for data in the cloud
  • Assess the role and effectiveness of access controls
  • Describe data security lifecycle
  • Use functions, actors, and locations to identify cloud security issues, and specific controls to address security and governance
  • Discuss data encryption and key management
  • Describe forms of data loss prevention


Module 7: Cloud identity and access management

  • Define identity, entitlement, and access management terms
  • Differentiate between identity and access management
  • List best practices in provisioning identity and entitlement
  • Describe how to build an entitlement matrix
  • Differentiate between authentication, authorization, and access control
  • Describe architectural models for provisioning and how to integrate them
  • Describe the operation of federated identity management
  • List key identity management standards and how they facilitate interoperation


Module 8: Developing and securing cloud Applications

  • Define application architecture, design, and operations lifecycle
  • Discuss impact of cloud operations on SDLC and identify threat-modeling requirements
  • Differentiate static and dynamic testing methods and give examples of each
  • Examine application security tools and vulnerability management processes
  • Discuss the role of compliance in cloud applications
  • Describe methods of ongoing application monitoring


Module 9: Security as a Service

  • Define SECaaS
  • List advantages and concerns for SECaaS
  • Describe various forms of security offered as services


Module 10: Vendor relationships

  • List elements of risk management planning and implementation to look for in a cloud service provider
  • Identify strategies to manage provider governance
  • Advocate for contractual clarity in all phases of risk management and information security
  • Describe elements of supplier assessment for cloud provider