Skip to main content

Certified Cloud Security Professional (CCSP)

Course

Intro Video

Photo of Bob Salmans

Bob Salmans

Training Architect

Length

19:04:52

Difficulty

Intermediate

Videos

125

Hands-on Labs

10

Quizzes/Exams

1

Course Details

The Certified Cloud Security Professional (CCSP) certification ensures cloud security professionals have the necessary knowledge and skills in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. This course is designed to prepare you for the CCSP exam, as well as provide you with the skills you need to succeed as a security professional. https://interactive.linuxacademy.com/diagrams/CCSP.html

Syllabus

Introduction

Getting Started

About the Author

00:01:10

Lesson Description:

In this video, you'll meet Bob Salmans, the security training architect for this course.

About the Course

00:01:23

Lesson Description:

In this video, we'll be discussing the Certified Cloud Security Professional (CCSP) certification and what you can expect from this course. There are 6 domains in the CCSP, and we'll cover each of them from the basics on up to the most complicated of topics. After completing this course, you'll be prepared to take the CCSP exam. Good luck!

Course Prerequisites

00:01:19

Lesson Description:

In this video, we'll discuss the prerequisites for the certified cloud security professional (CCSP) course. These prerequisites are defined by ISC2, who is the officiating organization over the CCSP certification.

Cloud Concepts, Architecture, and Design

Cloud Computing Concepts

Roles, Characteristics and Building Block Technologies

00:09:55

Lesson Description:

In this video, we'll discuss the roles and characteristics of cloud environments. Then we'll move on to the technology building blocks used to create cloud-based environments.

Cloud Reference Architecture

Cloud Computing Activities and Service Categories

00:15:59

Lesson Description:

In this video, we'll be taking a look at cloud computing activities such as providing and using cloud services. Then we'll move onto cloud service categories and discuss the three main categories, which are IaaS, PaaS, and SaaS.

Cloud Deployment Models

00:08:50

Lesson Description:

In this video, we'll take a look at the four cloud deployment models private, public, community, and hybrid. We'll discuss the benefits of each and when one would be better than another.

Cloud Shared Considerations

00:07:00

Lesson Description:

In this video, we'll cover some topics which should be considered across every cloud solution or platform. Some of these topics include auditability, portability, and security.

Impact of Related Technologies

00:08:08

Lesson Description:

In this video, we'll discuss some up and coming technologies and how they may impact cloud vendor services. Some of these technologies include block chain, quantum computing, and machine learning.

Lab Preparation Video (Important)

00:01:31

Lesson Description:

In this video we will discuss how labs are used in this course. You will not be tested on these lab actions on the official CCSP exam. These labs are here to help you better understand how the topics we discuss in this course are used in live cloud environments.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Cloud Security Concepts

Cryptography and Key Management

00:08:00

Lesson Description:

In this video, we'll discuss cryptography and key management as it pertains to the cloud. Data at rest and data in motion must be protected with different technology which we'll discuss in this video.

Data and Media Sanitization

00:03:19

Lesson Description:

In this video, we'll discuss the best ways to sanitize media in the cloud. We'll also review why simply deleting data isn't an acceptable practice when dealing with sensitive data such as PII and PCI.

Access Control

00:06:12

Lesson Description:

In this video, we're going to take a look at access control and the role it plays in the cloud. Access control is a combination of several features which combine into Identity and Access Management (IAM).

Network Security and Virtualization Security

00:08:49

Lesson Description:

In this video, we'll cover how network security plays a role in a cloud environment. We'll also discuss virtualization security and the different types of attacks that are associated with virtualization.

Common Threats

00:13:04

Lesson Description:

In this video, we're going to review common threats present in cloud environments. These threats range from data breaches to data loss and a few others. As CCSP's, we need to understand how common threats occur in cloud environments so we can work to protect our environments.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Design Principles

Secure Cloud Data Lifecycle

00:04:33

Lesson Description:

In this video, we'll discuss the six phases of the cloud secure data lifecycle. We will also be reviewing some terms associated with data governance.

Cloud-Based Disaster Recovery (DR) and Business Continuity (BC)

00:09:33

Lesson Description:

In this video, we'll be discussing Business Continuity Management (BCM) and Disaster Recovery (DR) and the roles they play within our organizations. We'll also cover some critical factors that should be taken into consideration when planning for BCM and DR.

Cost-Benefit Analysis

00:06:23

Lesson Description:

In this video, we'll discuss cost benefit analysis and the role it plays in deciding whether or not to move to the cloud. We'll also take a look at additional requirements you'll need if moving to the cloud such as training and legal assistance.

Functional Security Requirements

00:04:00

Lesson Description:

In this video, we'll be discussing functional security requirements which are security requirements required for your organization to function. These are important as you consider a move to the cloud because you must be able to ensure your organization can function once the move to the cloud is complete.

Security Considerations for Different Cloud Categories

00:05:47

Lesson Description:

In this video, we'll take a look at the three cloud categories and the security considerations for each of them. You should begin to notice a pattern in this video as some of the necessary security considerations are shared amongst the cloud categories.

Evaluate Cloud Service Providers

Verification Against Criteria

00:13:05

Lesson Description:

In this video, we'll talk about the different cloud schemes and certifications and why it's important that we choose a cloud vendor that meets the standards for these certifications.

System and Subsystem Product Certifications

00:05:16

Lesson Description:

In this video, we'll discuss the importance of system and subsystem product certifications as well as some of the certifications they should meet. Two of these certifications we'll discuss are Common Criteria (CC) and FIPS 140-2.

Cloud Data Security

Describe Cloud Data Concepts

Cloud Data Lifecycle Phases

00:06:38

Lesson Description:

In this video, we'll discuss the six stages of cloud data lifecycle security and what to expect at each level. We'll also be taking a look at three key data functions and how we can control those functions.

Data Dispersion

00:04:47

Lesson Description:

In this video, we'll discuss data dispersion and how it affects data in cloud environments. We'll also talk about storage slicing and how it's similar to hard drive RAID, but for the cloud.

Design and Implement Cloud Data Storage Architecture

Storage Types

00:04:54

Lesson Description:

In this video, we'll cover the different storage types associated with each of the different cloud service types. Some of the storage types we'll discuss are volume, object, Content Delivery Network (CDN), and ephemeral storage.

Threats to Storage Types

00:07:22

Lesson Description:

In this video, we'll take a look at a list of threats to different storage along with the cause of the threats and possible resolutions. We'll also review proper media sanitization and the process of crypto shredding.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Design and Apply Data Security Technologies and Strategies

Encryption and Key Management

00:13:33

Lesson Description:

In this video, we will be discussing the use of encryption to protect data while at rest, in motion, and in use. We'll also discuss the important points of key management and best practices for key management in the cloud.

Hashing, Masking, and Obfuscation

00:05:00

Lesson Description:

In this video, we'll discuss ways to alter sensitive data, so it is no longer classified as sensitive data. A few ways to accomplish this is by using hashing, masking, and obfuscation. We'll also discuss the practice of altering production data so it can be used as test data.

Tokenization

00:04:15

Lesson Description:

In this video, we'll review tokenization, which is a way to safely replace sensitive data with non-sensitive data known as a token. We'll walk through the process of how tokenization works and discuss the benefits tokenization provides.

Data Loss Prevention (DLP)

00:08:02

Lesson Description:

In this video, we'll discuss Data Loss Prevention (DLP) and what it is. We'll identify different types of DLP systems and the various types of communications it can protect.

Data De-identification

00:03:21

Lesson Description:

In this video, we'll discuss the process of data de-identification, also known as anonymization. The process of anonymization makes it difficult for someone to identify a single person from a set of data, which plays into data privacy.

Implement Data Discovery and Classification

Structured and Unstructured Data

00:05:15

Lesson Description:

In this video, we'll discuss data discovery and why we would use it, along with structure and unstructured data types. We're probably already familiar with structured data, but unstructured data is a more recently developed data type and comes into play in many cloud services.

Mapping, Labeling, and Sensitive Data

00:03:54

Lesson Description:

In this video, we'll take a look at the process of data classification, which includes mapping and labeling sensitive data. We'll also discuss the importance of a good relationship between classifications and labels. Lastly, we'll look at some of the more common types of sensitive data.

Design and Implement Information Rights Management (IRM)

IRM Objectives and Tools

00:08:40

Lesson Description:

In this video, we'll discuss Information Rights Management (IRM), and what it is and how it works. We'll also take a look at the common access models and challenges of using IRM in the cloud.

Plan and Implement Data Retention, Deletion, and Archival Policies

Data Retention Policies

00:05:06

Lesson Description:

In this video, we'll discuss data retention policies and some regulatory and legal retention requirements. We'll identify some specific attributes to be considered when planning a data retention policy and also look at one cloud vendor's data retention solution.

Data Deletion Procedures and Mechanisms

00:03:39

Lesson Description:

In this video, we'll discuss acceptable data deletion procedures and review the steps of crypto shredding. We'll also review the need to have a data disposal policy and look at one cloud vendor's sanitization procedures.

Data Archival Procedures and Mechanisms

00:06:12

Lesson Description:

In this video, we'll discuss data archival procedures and policies. We'll identify attributes a data archiving policy should contain. Data archival also plays a part in business continuity and disaster recovery planning and can have a negative impact on restoration timeframes.

Legal Hold

00:02:24

Lesson Description:

In this video, we'll take a look at what legal hold is and the implications it has on an organization. We'll discuss how one vendor allows it's customers to implement rules to enforce legal hold.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Design and Implement Auditability, Traceability, and Accountability of Data Events

Definition of Event Sources and Requirements

00:08:15

Lesson Description:

In this video, we'll discuss what event sources are and what types of event data may be available from different cloud service types such as IaaS, PaaS, and SaaS. We'll also look at specific event attributes we should look for in a logged event and then take a look at cloud vendors' logging offerings.

Logging, Storage, and Analysis of Data Events

00:06:42

Lesson Description:

In this video, we'll take a look at Security Information and Event Management (SIEM) systems. SIEMS are used to store and analyze log data as well as provide reports and alerting functions. We'll discuss many of the features SIEMs provide to us as it pertains to log analysis and security.

Chain of Custody and Non-Repudiation

00:04:16

Lesson Description:

In this video we'll discuss the purpose of a chain of custody form. We'll take a look at an example of a chain of custody form to gain a better understanding of what they look like. Then we'll discuss non-repudation and how it can be achieved.

Cloud Platform and Infrastructure Security

Cloud Infrastructure Components

Physical Environment

00:07:20

Lesson Description:

In this video, we'll discuss some of the pieces of the physical environment of a datacenter. We'll also talk about the idea of "shared responsibility" as it pertains to security in the cloud.

Network and Communications

00:05:17

Lesson Description:

In this video, we'll discuss network and communications as it pertains to datacenters. We'll look at network services such as DHCP and routing, as well as a review of Software Defined Networking (SDN).

Compute and Virtualization

00:09:46

Lesson Description:

In this video, we'll start by analyzing what compute consists of in a datacenter environment and how we deal with regulating the consumption of compute resources. Then we'll take a look at virtualization and the different types of hypervisors and some risks associated with them.

Storage and Management Plane

00:07:58

Lesson Description:

In this video, we'll identify two main types of storage in the cloud and what role each of them plays. Then we'll review the importance of the management plane and what a high risk it is if not properly secured.

Design a Secure Datacenter

Logical Design

00:10:10

Lesson Description:

In this video, we'll discuss some datacenter resources such as power, pipe, and ping. We'll identify how to achieve tenant isolation with VLAN's and the importance of activity logging from all services.

Physical Design

00:09:16

Lesson Description:

In this video, we'll take a look at the physical design aspects of a datacenter. We'll discuss why location is so very important and look at some datacenter design standards. Lastly, we'll discuss datacenter certification levels and what is required for the different levels.

Environmental Design

00:14:22

Lesson Description:

In this video, we'll talk about the environmental design aspects of datacenters. We'll discuss the importance of air management and what all it entails. We'll identify standards that define the proper temperature and humidity within a datacenter as well and the use of hot and cold aisles.

Analyze Risks Associated with Cloud Infrastructure

Risk Assessment and Analysis

00:08:16

Lesson Description:

In this video, we'll discuss some of the more common risks associated with cloud environments such as vendor lock-in and lock-out, loss of governance, and compliance risks. We'll also take a look at some general and legal risks and how we might deal with some of them.

Cloud Vulnerabilities, Risks, Threats, and Attacks

00:06:08

Lesson Description:

In this video, we'll discuss some cloud-specific risks which include types of attacks such as Man-in-the Middle. We'll also take a look at some virtualization risks associated with the could and security.

Countermeasure Strategies

00:05:15

Lesson Description:

In this video, we'll discuss some security strategies and countermeasures that can be used to help protect an environment such as the practice of a layered defense. We'll define what compensating controls are and provide several examples. Lastly, we'll analyze the benefits of automation in our environments and how it can provide great benefits.

Design and Plan Security Controls

Physical and Environmental Protection

00:03:45

Lesson Description:

In this video, we will discuss physical security standards and key regulations for CSP facilities such as PCI-DSS, HIPAA, and NERC CIP. We'll also review using multi-layer security and look at environmental protection.

System and Communication Protection

00:06:53

Lesson Description:

In this video, we'll discuss what a trust zone is and why you would use one. We'll also revisit protecting data in motion and add a new way to accomplish this as well as a quick discussion on backup options.

Identification, Authentication, and Authorization in Cloud Infrastructure

00:04:13

Lesson Description:

In this video, we'll discuss what an identity federation is and what benefits it can offer. We'll also review authentication versus authorization and take a look at identity and access management.

Audit Mechanisms

00:05:44

Lesson Description:

In this video, we'll discuss audit mechanisms and the role they play in an audit. We'll talk about the purpose of risk audits and different reasons you may need to have an audit performed. Lastly, we'll see who is authorized to perform a compliance audit.

Plan Disaster Recovery (DR) and Business Continuity (BC)

Risks Related to the Cloud Environment

00:07:33

Lesson Description:

In this video, we look at specific risks related to the cloud environment and risks that threaten BCDR practices. We also discuss three separate BCDR scenarios and some common pitfalls for each of them.

Business Requirements

00:06:20

Lesson Description:

In this video, we discuss the business requirements surrounding BCDR practices. These requirements include RTO, RPO, and RSL. We'll also look at what process is used to determine the RTO and RPO objectives.

Business Continuity/Disaster Recovery Strategy

00:05:31

Lesson Description:

In this video, we will be taking a look at BCDR strategies which include location, data replication, and functionality replication which all must be considered when planning for BCDR events. We'll also discuss some other considerations which have a great impact on BCDR activities such as personal safety and monitoring.

Creating a BCDR Plan

00:14:29

Lesson Description:

In this video, we're going to discuss what all is involved in creating a BCDR plan. This includes topics such as how to switch over to services and applications at a secondary site and the importance of testing before failing back to the primary site. We'll also review several phases of creating the plan itself.

Testing a BCDR Plan

00:11:18

Lesson Description:

In this video, we will discuss the creation of a BCDR testing policy and the purpose of the policy. Then we'll take a look at four different BCDR testing methodologies and when each of them should be used.

Cloud Application Security

Advocate Training and Awareness for Application Security

Cloud Development Basics

00:03:30

Lesson Description:

In this video, we discuss some basics of cloud development including IDE's and API. We'll review the role that APIs play and the most common API formats. Then we'll look at REST API vs SOAP APIs and how they differ.

Common Pitfalls and Vulnerabilities

00:03:52

Lesson Description:

In this video, we'll discuss some common pitfalls when working with cloud development such as non-compatibility and lack of training. We'll also look at some other challenges that you may experience, such as working in a multitenancy environment and working with third-party administrators.

Describe the Secure Software Development Life Cycle (SDLC) Process

Business Requirements and Phases/Methodologies

00:11:04

Lesson Description:

In this video, we'll review the SDLC process and how business requirements play a role in the development of applications using an SDLC. Then we'll look at the various phases of SDLC's and ONF's and ANF's outlined in ISO 27034 and how to play together in managing the security of applications.

Apply the Secure Software Development Life Cycle (SDLC)

Avoid Common Vulnerabilities During Development

00:06:25

Lesson Description:

In this video, we're going to dive into the top 10 application vulnerabilities as identified by OWASP. We'll look at each one, what it is, and how to prevent the vulnerabilities in the first place.

Cloud-Specific Risks and Quality Assurance

00:05:27

Lesson Description:

In this video, we look at risks associated with cloud activities which include the possibility of the lack of features that you may need to overcome. We'll also discuss the "Notorious Nine" which is a list of the top nine cloud computing threats. Then we'll wrap up with discussing quality assurance in the cloud and why we need to have measurable variables to validate the quality of services.

Threat Modeling and Configuration Management

00:05:02

Lesson Description:

In this video, we'll discuss threat modeling, what it is, and how we use it. We'll take a look at a simplified example of a threat model so you can get a better idea of how they're used. Then we'll review the STRIDE threat model and the six threats which it tests for. Lastly, we'll look at two popular tools used in configuration management and discuss the importance of configuration management.

Apply Cloud Software Assurance and Validation

Functional Testing and Security Testing Methodologies

00:07:58

Lesson Description:

In this video, we'll discuss the importance of functional testing and what it is. Then we'll take a look at some different testing methodologies to include static analysis, dynamic analysis, and penetration testing.

Use Verified Secure Software

Approved APIs and Third-Party Software

00:04:40

Lesson Description:

In this video, we'll discuss what an API is and how it's used. Then we'll review why it's so important that APIs be approved and security tested. We'll also take a look at third-party software and the need to ensure all pieces are properly validated.

Comprehend the Specifics of Cloud Application Architecture

Supplemental Security Components

00:03:54

Lesson Description:

In this video, we're taking a look at supplemental security components such as WAF's, DAM's, and XML and API gateways. We need to identify the roles they play in a security program and what problems they address.

Cryptography

00:06:59

Lesson Description:

In this video, we'll discuss protecting data while it's in different states such as data in motion and data at rest. We'll look at some of the different protocols that can be used to encrypt and secure our data. Lastly, we'll review different types of disk encryption and when they should be used.

Sandboxing and Application Virtualization

00:03:15

Lesson Description:

In this video, we'll discuss the idea of sandboxing, and when we would use it. We'll also look at application virtualization and some commercial examples of the technology.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Design Appropriate Identity and Access Management (IAM) Solutions

Federated Identity and Identity Providers

00:03:47

Lesson Description:

In this video, we'll discuss what identity federation is, what roles are involved, and why we would want to use it. Then we'll take a look at some of the different identity federation standards in use today and the differences between them.

Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

00:05:07

Lesson Description:

In this video, we'll explore what Single Sign-On (SSO) is and why it's so convenient for users. Then we'll take a look at Multi-Factor Authentication (MFA), what it requires, and why it's a good solution for public-facing services. Lastly, we'll discuss what step-up authentication is and when it is used.

Cloud Access Security Broker (CASB)

00:03:17

Lesson Description:

In this video, we'll enter into the world of the Cloud Access Security Broker (CASB). We'll take a look at what a CASB is and why we might want to use one. We'll also review the idea of an identity federation and how that can use a web of trust model or a CASB.

Cloud Security Operations

Implement and Build Physical and Logical Infrastructure for a Cloud Environment

Hardware-Specific Security Configuration Requirements

00:03:15

Lesson Description:

In this video, we'll take a look at how to secure servers from a best practice perspective. This includes following vendor recommendations, patching, locking down root access, and more.

Virtualization Management Toolsets

00:05:24

Lesson Description:

In this video, we're going to discuss some tools provided by virtualization vendors that can provide increased security and features. We'll also take a look at the required management for these toolsets and what that entails.

Operate Physical and Logical Infrastructure for the Cloud Environment

Configure Access Control for Local and Remote Access

00:06:31

Lesson Description:

In this video, we'll take a look at how we can control remote access to physical hosts through the use of KVM. We'll also discuss some of the important requirements for a properly secured KVM solution.

Secure Network Configuration

00:09:39

Lesson Description:

In this video, we're taking a look at secure network configuration and what it consists of. We start by reviewing VLAN's and discussing how we can increase VLAN and layer 2 security. Then we'll discuss DNSsec, threats to DNS, and the role IPSec plays in network security.

Operating System (OS) Hardening through the Application of Baselines

00:03:58

Lesson Description:

In this video, we're taking a look at what role baselines play in OS hardening. Then we'll discuss the importance of configuration and compliance management for not only operating systems but for network devices as well.

Stand-Alone Hosts

00:03:50

Lesson Description:

In this video, we'll discuss stand-alone hosts in cloud environments. We'll take a look at both the benefits and disadvantages of using stand-alone hosts in the cloud and what the driving factors for requiring a stand-alone host might be.

Availability of Clustered Hosts and Guest OSs

00:08:46

Lesson Description:

In this video, we're going to take a look at virtualization and the benefits it can provide in a cloud environment. Some of those benefits are clustering, high availability (HA), and distributed resource scheduling (DRS). We'll discuss how these benefits can help increase the availability of services in a clustered environment.

Manage Physical and Logical Infrastructure for the Cloud Environment

Access Controls for Remote Access

00:04:13

Lesson Description:

In this video we're going to take a look at what makes a secure remote access solution. Some of the features we need in a secure remote access solution includes auditing, session control, monitoring, and isolation. We'll discuss an example of why we should use a VDI or remote desktop solution to increase security.

Patch Management

00:11:25

Lesson Description:

In this video, we're going to discuss what the patch management process entails. We're going to look at some patch management best practices and standards surrounding patch management.

Performance, Capacity, and Hardware Monitoring

00:04:23

Lesson Description:

In this video, we're discussing why it's important to monitor performance, capacity, and hardware. Each of these plays an important role in our cloud environment's availability and must be monitored. We'll take a look at some specific hardware that should be monitored as well as environmental features to be monitored.

Backup and Restore Functions

00:04:39

Lesson Description:

In this video, we're diving into backup and restore functions and what an important role they play in our cloud environment. We'll discuss the importance of testing and how it increases the likelihood of a successful BCDR failover. We'll also take a look at some challenges we face when it comes to backup and recovery in a cloud environment.

Network Security Controls and Management Plane

00:07:37

Lesson Description:

In this video, we're reviewing the importance of network security controls such as security groups, VLAN's, access control, and firewalls. Then we'll take a look at the management plane and what should be done to secure it properly.

Implement Operational Controls and Standards

Change and Continuity Management

00:06:49

Lesson Description:

In this video we'll discuss ISO 9001 and the objectives of change management. We'll also cover continuity management and why business continuity is so important.

Information Security and Incident Management

00:03:20

Lesson Description:

In this video, we'll discuss the importance of ISO 27001 and an information security management plan. We'll also look at what goes into an information security management plan. Then we'll review the goal of incident management, which is covered by ISO 27035.

Problem and Deployment Management

00:03:30

Lesson Description:

In this video, we'll discuss ISO 20000 and problem management. We'll define some key terms as it relates to problems, and discuss having a system in place to document problems and their solutions. Then we'll talk about deployment management and the role it plays in maintaining the integrity of our production environments.

Additional Operational Management

00:06:14

Lesson Description:

In this video, we'll look at quality management and the quality management process. Then we'll discuss some common agreements such as SLA's and OLA's that you'll work with as a CCSP. Then we'll discuss availability and capacity management and the importance of monitoring.

Support Digital Forensics

Forensic Data Collection Methodologies

00:12:11

Lesson Description:

In this video, we'll discuss the forensic data collection process and each of the four steps in the process, which includes data collection, data examination, analysis, and reporting. Then we'll cover the challenges with collecting evidence in cloud environments.

Evidence Management

00:02:27

Lesson Description:

In this video, we'll be covering evidence management, which includes the use of a chain of custody document, and we'll look at the standards governing evidence collection and management.

Manage Communication with Relevant Parties

Managing Communications

00:06:41

Lesson Description:

In this video, we'll discuss the importance of managing communications with vendors, partners, and customers. This includes not only verbal and electronic communications but the necessity to understand the relationships between each of them and how they interact with your environment.

Manage Security Operations

Security Operations Center (SOC) and Monitoring Security Controls

00:03:34

Lesson Description:

In this video, we'll look at the role of a security operations center (SOC) and what tasks are handled by those working in a SOC. Then we'll discuss the importance of monitoring security controls. These controls are software and hardware and will eventually fail, and we need to minimize control downtime as it increases our exposure to risk.

Log Capture and Analysis

00:03:54

Lesson Description:

In this video, we'll discuss what an event source is and the importance of centralized logging. We'll review what a SIEM is and the role it plays in a security program. Then we'll talk about the importance of log management and analysis.

Incident Management

00:05:34

Lesson Description:

In this video, we'll take a look at the incident management objectives and what an incident management plan consists of. Then we'll discuss how to prioritize incidents when there is more than one at a given time.

Legal, Risk, and Compliance

Articulate Legal Requirements and Unique Risks with the Cloud Environment

Conflicting International Legislation

00:04:35

Lesson Description:

In this video, we'll discuss dealing with conflicting international legislation and how it can be confusing to know which laws apply. We'll review different types of international laws and several legal terms describing types of laws. We'll also look at what happens when there are conflicting laws due to the jurisdiction in which data resides.

Legal Risks Specific to Cloud Computing

00:01:47

Lesson Description:

In this video, we'll discuss legal risks specific to cloud computing and working in the cloud. We'll look at the possibility of losing control of your data in the cloud due to legal actions against the cloud vendor or another tenant in the cloud environment. We'll then review how best to prevent this from happening.

Legal Frameworks and Guidelines

00:13:17

Lesson Description:

In this video, we'll take a look at several legal frameworks, and guidelines including OECD, APEC, EU Data Protection Directive, GDPR, and many others. We'll also review US federal laws including, GLBA, HIPAA, COPPA, and SOX. Then we'll finish up with the silver platter doctrine and the role it plays in legal actions.

eDiscovery

00:03:32

Lesson Description:

In this video, we'll review ISO 27050 and the process of e-discovery. Then we'll discuss some e-discovery challenges when working with data in cloud environments and some points of interest when conducting e-discovery investigations in the cloud.

Forensics Requirements

00:02:29

Lesson Description:

In this video we'll discuss cloud forensics and some difficulties found in the process. We'll also talk about the importance of being trained and certified in forensic tools used to collect data as it lends credibility to the findings.

Understand Privacy Issues

Contractual vs. Regulated Private Data

00:05:08

Lesson Description:

In this video, we'll discuss the difference between contractual and regulated private data. We'll look at who's ultimately responsible for the safekeeping of sensitive data. Lastly, we'll look at some key points related to contractual PII.

Country-Specific Legislation Related to Private Data

00:08:29

Lesson Description:

In this video, we'll dive into country-specific legislation related to private data. This includes several regulations pertaining to the protection of EU citizen's private data and those laws regulating the protection of this data. Then we'll look at how the federal trade commission (FTC) oversees laws protecting regulated data in the US. We'll also review the Safe Harbor Program and the Privacy Shield Framework and the role they play in complying with EU privacy laws.

Jurisdictional Differences and Standard Privacy Requirements

00:04:58

Lesson Description:

In this video, we'll discuss jurisdictional differences in various countries and seeking legal counsel as a CCSP to ensure a proper understanding of laws in unfamiliar jurisdictions. Then, we'll look at some privacy requirements such as ISO 27018 and GAPP.

Understand Audit Processes, Methodologies, and Required Adaptations for a Cloud Environment

Audit Controls and Requirements

00:05:18

Lesson Description:

In this video, we'll discuss the need for audits within a security program and the role they play. Then we'll take a look at the different goals of internal audits versus external audits. Lastly, we'll identify some challenges of auditing in cloud environments.

Assurance Challenges of Virtualization and Cloud

00:03:55

Lesson Description:

In this video, we'll discuss the challenges of assurance when auditing cloud environments. For example, how do you know the hypervisor you audit today is the same underlying hardware and hypervisor you audited last time? This is one example of assurance challenges we face when auditing cloud environments.

Types of Audit Reports

00:05:01

Lesson Description:

In this video, we'll discuss several different types of audit reports. We'll look at the Service Organizational Control (SOC) reports, ISAE, CSA Stat, and the EuroCloud Star Audit program. We'll look at each of them and when they might be used.

Restrictions of Audit Scope Statements

00:04:47

Lesson Description:

In this video, we'll discuss the practice of restricting audit scope and why this is necessary. We'll look at some examples of audit scope restrictions and why they help protect production environments from risky audit activities.

Gap Analysis and Audit Planning

00:05:15

Lesson Description:

In this video, we'll review gap analysis and its uses. We'll discuss how a gap analysis will help us identify where we are not meeting compliance requirements so we can address those areas and meet compliance. Lastly, we'll talk about who should perform the gap analysis.

Internal Security Management System (ISMS)

00:03:57

Lesson Description:

In this video, we'll discuss the need for an Internal Security Mangement System (ISMS), also known as a security program. We'll talk about ISO 27001, which outlines the ISMS and its domains and the need for internal audits.

Policies and Involvement of Relevant Stakeholders

00:07:01

Lesson Description:

In this video, we'll start by taking a look at policies and the role they play in our security programs. Then we'll discuss the importance of having the right people involved at the beginning of a discussion about a movement to the cloud.

Specialized Compliance Requirements for Highly Regulated Industries

00:02:15

Lesson Description:

In this video, we'll review some compliance requirements for heavily regulated industries. We'll take a look at NERC CIP, HIPAA, and PCI DSS and discuss their specific industries.

Impact of Distributed Information Technology (IT) Model

00:03:06

Lesson Description:

In this video, we'll discuss the challenges associated with a distributed IT model. Having IT personnel geographically separated introduces many challenges, and when you include a CSP and their administrators, it only complicates things more.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Understand the Implications of Cloud-to-Enterprise Risk Management

Assess Providers' Risk Management Programs

00:05:35

Lesson Description:

In this video, we'll take a look at how we can safely assess a cloud provider and its risk management framework. We will review the helpfulness of the CSA STAR program and also look at some terms related to risk.

Data Owner/Controller vs. Data Custodian/Processor

00:02:38

Lesson Description:

In this video, we'll be comparing some terms related to dealing with data such as who owns and uses that data. We'll also explore some responsibilities of data custodians and the idea that some organizations outsource data processing and that we need to be aware of this.

Regulatory Transparency Requirements

00:02:05

Lesson Description:

In this video, we'll discuss the data transparency required by several regulations. We'll also look at the breach notification timelines defined by data privacy regulations. Lastly, we'll review GLBA, SOX, and GDPR and the fact that they require transparency when it comes to the way they use data.

Risk Treatment and Frameworks

00:06:56

Lesson Description:

In this video, we'll look at the four different ways we handle risk. We'll then discuss security controls, their role, and the three different types of security controls. Lastly, we'll review ISO 27002, which is the code of practice for information security controls.

Metrics for Risk Management

00:04:13

Lesson Description:

In this video, we'll take a look at the process of defining severity levels that are assigned to identified risks. We'll also discuss risk metrics and what we should be monitoring when it comes to risk management.

Assessment of Risk Environment

00:03:05

Lesson Description:

In this video, we'll discuss how to identify risks in an environment. These risks will be dependant on the different services an organization uses, the vendors it does business with, and whether or not the business follows best practice. Lastly, we'll revisit security controls and the important role they play in addressing risk.

Understand Outsourcing and Cloud Contract Design

Business Requirements

00:03:10

Lesson Description:

In this video, we're going to focus on the needs of the business as it relates to moving to the cloud. We'll discuss defining a scope to give us direction and then look at some of the different types of contracts a CCSP needs to be familiar with.

Vendor Management

00:05:43

Lesson Description:

In this video, we're going to dive into vendor management. We'll discuss the challenges and risks with vendors, and then we'll review some standards that a CCSP should be familiar with.

Contract Management

00:03:47

Lesson Description:

In this video, we'll discuss the importance of contract management. We'll look at the tasks contract management consists of because it's much more than just signing a piece of paper. Then we'll review some key components which need to be tracked to ensure contractual obligations are being met.

Supply Chain Management

00:03:30

Lesson Description:

In this video, we're going to look at the importance of supply chain management. As you allow vendors and their wares into your environment, you take on added risk. We'll discuss the need to be familiar with each vendor and the role they play in your organization. Lastly, we'll take a look at some supply chain standards that can help clarify best practices.

Conclusion

Next Steps

How to Prepare for the Exam

00:03:02

Lesson Description:

In this video, we'll discuss how to prepare for the certified cloud security professional (CCSP) exam. We'll also look at the exam format and how to register to take the exam.

Get Recognized

00:01:01

Lesson Description:

Here at Linux Academy, we want to celebrate your success with you. Let us know when you pass a certification, complete a course, or have any other big wins so we can recognize your achievements!

What's Next After Certification

00:01:51

Lesson Description:

Now that you've taken the CCSP certification, what's next? After you provisionally pass the exam, you do need to go through a couple more steps before receiving your certification, and we'll discuss exactly what that entails. While you wait on the certification process to happen, take advantage of the spare time and continue to increase your knowledge through the available hands-on training here at Linux Academy.