About The Certificate of Cloud Security Knowledge (CCSK)

  • About The Certificate of Cloud Security Knowledge (CCSK)

    The Cloud Security Alliance has developed a widely adopted catalogue of security best practices, the “Security Guidance for Critical Areas of Focus in Cloud Computing, V3.0“. In addition, the European Network and Information Security Agency (ENISA) whitepaper “Cloud Computing: Benefits, Risks and Recommendations for Information Security” is an important contribution to the cloud security body of knowledge.

    The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA guidance and ENISA whitepaper. More information from CSA.

    Book now
  • Key exam areas and concepts

    CSA Guidance for Critical Areas of Focus in Cloud Computing V3.0 English

    Domain 1: Cloud Computing Architectural Framework

    • NIST Definition of Cloud Computing (Essential Characteristics, Cloud Service Models, Cloud Deployment Models) Multi-Tenancy
    • Cloud Reference Model
    • Jericho Cloud Cube Model
    • Cloud Security Reference Model
    • Cloud Service Brokers

    Domain 2: Governance and Enterprise Risk Management

    • Contractual Security Requirements
    • Enterprise and Information Risk Management
    • Third Party Management Recommendations

    Domain 3: Legal issues: Contracts and Electronic Discovery

    • Cloud versus outsourcing
    • Three dimensions of legal issues
    • Contract enforceability
    • eDiscovery considerations
    • Jurisdictions and data locations

    Domain 4: Compliance and Audit Management

    • Compliance impact on cloud contracts
    • SAS 70 Type II / SSAE 16
    • ISO 27001/27002
    • Compliance analysis requirements
    • Auditor requirements

    Domain 5: Information Management and Data Security

    • Six phases of the Data Security Lifecycle and their key elements
    • Data Remanence
    • Data Commingling
    • Data Backup
    • Data Discovery
    • Data Aggregation

    Domain 6: Interoperability and Portability

    • Key Portability Objectives of S-P-I
    • Lock-In risk mitigation techniques by cloud delivery model

    Domain 7: Traditional Security, Business Continuity, and Disaster Recovery

    • Insider Abuse
    • Business Continuity Management/Disaster Recovery due diligence
    • Provider employee considerations

    Domain 8: Data Centre Operations

    • Provider selection
    • Resource sharing
    • Patch management
    • Technical support

    Domain 9: Incident Response

    • Recommended provider tools and capabilities
    • Response trade-offs
    • Questionable provider offerings

    Domain 10: Application Security

    • SDLC impact and implications
    • Differences in S-P-I models
    • Managing Application Security

    Domain 11: Encryption and Key Management

    • Key management best practices
    • Key management standards
    • Encryption practices in S-P-I models

    Domain 12: Identity, Entitlement, and Access Management

    • Identity Federation
    • Authorisation
    • Access Control
    • Provisioning

    Domain 13: Virtualization

    • Virtual Machine security features
    • VM attack surfaces
    • Compartmentalisation of VMs

    Domain 14: Security as a Service

    • Types of security as a service
    • Advantages and concerns of security as a service

    ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security

    • Security benefits of cloud
    • Risks R.1 – R.35 and underlying vulnerabilities
    • Information assurance framework
    • Division of liabilities
    • Key legal issues

    Applied Knowledge

    • Classify popular cloud providers into S-P-I model
    • Redundancy
    • Securing popular cloud services
    • Vulnerability assessment considerations
    • Practical encryption use cases

Media Partners

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.