Advertisement
opexxx

CCSK Certification

May 2nd, 2016
245
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.79 KB | None | 0 0
  1.  
  2. The following are the key exam areas and concepts of the CCSK certification (this information is based on the Cloud Security Alliance CCSK FAQ):
  3. CSA Guidance For Critical Areas of Focus in Cloud Computing V3.0 English
  4.  
  5. Domain 1: Cloud Computing Architectural Framework
  6.  
  7. NIST Definition of Cloud Computing (Essential Characteristics, Cloud Service Models, Cloud Deployment Models)
  8. Multi-Tenancy
  9. CSA Cloud Reference Model
  10. Jericho Cloud Cube Model
  11. Cloud Security Reference Model
  12. Cloud Service Brokers
  13. Service Level Agreements
  14.  
  15. Domain 2: Governance and Enterprise Risk Management
  16.  
  17. Contractual Security Requirements
  18. Enterprise and Information Risk Management
  19. Third Party Management Recommendations
  20. Supply chain examination
  21. Use of Cost Savings for Cloud
  22.  
  23. Domain 3: Legal Issues: Contracts and Electronic Discovery
  24.  
  25. Consideration of cloud-related issues in three dimensions
  26. eDiscovery considerations
  27. Jurisdictions and data locations
  28. Liability for activities of subcontractors
  29. Due diligence responsibility
  30. Federal Rules of Civil Procedure and electronically stored information
  31. Metadata
  32. Litigation hold
  33.  
  34. Domain 4: Compliance and Audit Management
  35.  
  36. Definition of Compliance
  37. Right to audit
  38. Compliance impact on cloud contracts
  39. Audit scope and compliance scope
  40. Compliance analysis requirements
  41. Auditor requirements
  42.  
  43. Domain 5: Information Management and Data Security
  44.  
  45. Six phases of the Data Security Lifecycle and their key elements
  46. Volume storage
  47. Object storage
  48. Logical vs physical locations of data
  49. Three valid options for protecting data
  50. Data Loss Prevention
  51. Detection Data Migration to the Cloud
  52. Encryption in IaaS, PaaS & SaaS
  53. Database Activity Monitoring and File Activity Monitoring
  54. Data Backup
  55. Data Dispersion
  56. Data Fragmentation
  57.  
  58. Domain 6: Interoperability and Portability
  59.  
  60. Definitions of Portability and Interoperability
  61. Virtualization impacts on Portability and Interoperability
  62. SAML and WS-Security
  63. Size of Data Sets
  64. Lock-In considerations by IaaS, PaaS & SaaS delivery models
  65. Mitigating hardware compatibility issues
  66.  
  67. Domain 7: Traditional Security, Business Continuity, and Disaster Recovery
  68.  
  69. Four D’s of perimeter security
  70. Cloud backup and disaster recovery services
  71. Customer due diligence related to BCM/DR
  72. Business Continuity Management/Disaster Recovery due diligence
  73. Restoration Plan
  74. Physical location of cloud provider
  75.  
  76. Domain 8: Data Center Operations
  77.  
  78. Relation to Cloud Controls Matrix
  79. Queries run by data center operators
  80. Technical aspects of a Provider’s data center operations customer should understand
  81. Logging and report generation in multi-site clouds
  82.  
  83. Domain 9: Incident Response
  84.  
  85. Factor allowing for more efficient and effective containment and recovery in a cloud
  86. Main data source for detection and analysis of an incident
  87. Investigating and containing an incident in an Infrastructure as a Service environment
  88. Reducing the occurrence of application level incidents
  89. How often should incident response testing occur
  90. Offline analysis of potential incidents
  91.  
  92. Domain 10: Application Security
  93.  
  94. identity, entitlement, and access management (IdEA)
  95. SDLC impact and implications
  96. Differences in S-P-I models
  97. Consideration when performing a remote vulnerability test of a cloud-based application
  98. Categories of security monitoring for applications
  99. Entitlement matrix
  100.  
  101. Domain 11: Encryption and Key Management
  102.  
  103. Adequate encryption protection of data in the cloud
  104. Key management best practices, location of keys, keys per user
  105. Relationship to tokenization, masking, anonymization and cloud database controls
  106.  
  107. Domain 12: Identity, Entitlement, and Access Management
  108.  
  109. Relationship between identities and attributes
  110. Identity Federation
  111. Relationship between Policy Decision Point (PDP) and Policy Enforcement Point (PEP)
  112. SAML and WS-Federation
  113. Provisioning and authoritative sources
  114.  
  115. Domain 13: Virtualization
  116.  
  117. Security concerns for hypervisor architecture
  118. VM guest hardening, blind spots, VM Sprawl, data comingling, instant-on gaps
  119. In-Motion VM characteristics that can create a serious complexity for audits
  120. How can virtual machine communications bypass network security controls
  121. VM attack surfaces
  122. Compartmentalization of VMs
  123.  
  124. Domain 14: Security as a Service
  125.  
  126. 10 categories
  127. Barriers to developing full confidence in security as a service (SECaaS)
  128. When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA
  129. Logging and reporting implications
  130. How can web security as a service be deployed
  131. What measures do Security as a Service providers take to earn the trust of their customers
  132.  
  133. ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
  134.  
  135. Isolation failure
  136. Economic Denial of Service
  137. Licensing Risks
  138. VM hopping
  139. Five key legal issues common across all scenarios
  140. Top security risks in ENISA research
  141. OVF
  142. Underlying vulnerability in Loss of Governance
  143. User provisioning vulnerability
  144. Risk concerns of a cloud provider being acquired
  145. Security benefits of cloud
  146. Risks R.1 – R.35 and underlying vulnerabilities
  147. Data controller vs data processor definitions
  148. in Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring
  149.  
  150. Applied Knowledge
  151.  
  152. Classify popular cloud providers into S-P-I model
  153. Redundancy
  154. Securing popular cloud services
  155. Vulnerability assessment considerations
  156. Practical encryption use cases
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement