Cloud computing is the future for the Information Technology sector. It is important to consider its security. CCSK is an acronym for Certificate of Cloud Security Knowledge. It is the first certification that can be used to ensure secure Cloud computing. CCSK is designed to ensure awareness of security threats and best practices in securing Cloud computing. The CCSK is a structured way to learn about security in the Cloud. It also validates your learnings. This certification covers all aspects of Cloud security. This certification will give you a better understanding about the technical and non-technical considerations involved in moving a company or organization to the Cloud platform. It will give you a better understanding of the Cloud platform, and help you to identify any vulnerabilities that you may not have been exposed.
Domains of CCSK
The knowledge of CCSK is divided into 14 domains, which are listed below.
Domain 1: Cloud Architecture
Definition of cloud computing
Essential characteristics
Cloud Service Models
Cloud Deployment Models
Multi-Tenancy
CSA Cloud Reference Model
Jericho Cloud Cube Model
Cloud Security Reference Model
Cloud Service Brokers
Service Level Agreements
Domain 2: Governance & Enterprise Risk Management
Contractual Security Requirements
Enterprise and Information Risk Management
Recommendations for Third-Party Management
Examining the supply chain
Cloud Computing: Cost Savings
Domain 3: Legal Issues and Contracts. Electronic Discovery
Considerations for eDiscovery
Jurisdictions & Data Locations
Subcontractors are liable for their activities
Due diligence responsibility
Federal Rules of Civil Procedure, electronically stored information
Metadata
Litigation held
Domain 4: Compliance & Audit Management
Audits available right away
Cloud contracts and compliance
Audit scope and Compliance scope
Compliance analysis requirements
Auditor requirements
Domain 5: Information Management & Data SecuritySix phases and their key elements of the Data Security Lifecycle are covered in Domain 5.
Volume Storage
Object Storage
Logical vs. Physical locations of data
There are three options available to protect data
Data loss prevention
Detection Data Migration to Cloud
Encryption in IaaS and PaaS
Database Activity Monitoring and File Activity Monitor
Data Backup
Data Dispersion
Data Fragmentation
Domain 6: Interoperability and PortabilityDefinitions of Portability and interoperability
Virtualization has an impact on portability and interoperability
SAML (Security Assertion Markup Language), and WS-Security
Size of data sets
Lock-In considerations for Iaas, PaaS and SaaS delivery models
Hardware compatibility issues can be mitigated
Domain 7: Traditional Security and Business Continuity.
Cloud Backup and Disaster Recovery Services
BCM/DR: Customer due diligence
Due diligence in Business Continuity Management/Disaster Recovery
Plan for Restoration
The physical location of the Cloud provider
Domain 8: Data Center OperationsRelationship to the Cloud control matrix
Datacenter operators can run queries
Customers should be able to understand the technical aspects of data center operations provided by a provider
Multisite Clouds: Logging and Report Generation
Domain 9: Incident ResponseFactors that allow for more efficient, effective containment in a cloud.
The primary source of data for analysis and detection of an incident
Investigating and containing an Infrastructure as a Service incident
Reduce the incidence of application-level incidents
How often should incident response testing be performed?
Analyse potential incidents offline
Domain Security 10
Identity, entitlement, & access management (IdEA).
Impact of SDLC and its implications
The difference between S-P-I models
Considerations when performing remote vulnerability testing of a Cloud-based app
Security monitoring categories for applications
Entitlement
Domain 11: Key Management and Encryption
Adeq