Certified Cloud Security Professional (CCSP) (CS8527)

Cloud computing has been transforming the way the world conducts business for some time now. Organizations are rethinking their IT strategies and embracing the concepts and practices of cloud computing as a way to be competitive in today's global markets. In addition, the information security industry has begun to recognize the uniqueness of this specialized, new, disruptive force and the need for trained professionals with the right cloud security knowledge and skill sets.

The Certified Cloud Security Professional (CCSP) certification was developed by (ISC)² in partnership with the Cloud Security Alliance (CSA) to satisfy the growing demand for trained and qualified cloud security professionals.

The CCSP (ISC2²) Certified Cloud Security Professional course offers the cloud professional a solid foundation for taking and passing the Certified Cloud Security Professional (CCSP) exam. 

Pohađajte naše obuke iz oblasti informatičke bezbednosti u Beogradu, putem virtuelne učionice (online, uživo) ili u vašim prostorijama (on-site).

Specijalni popusti se odobravaju prilikom prijave više učesnika koji istovremeno pohađaju obuku iz vaše kompanije, državni i neprofitni sektor, itd. Kontaktirajte nas da biste saznali više.

Termini obuke

Grupa u formiranjuGrupa u formiranju
Datum na upit
Novi Sad
Grupa u formiranjuGrupa u formiranju
Datum na upit
Virtuelna učionica
Grupa u formiranjuGrupa u formiranju
Datum na upit
Trajanje obuke: 
5 dana / 35 sati

Privatni trening

On-site / Online
Minimalan broj polaznika: 3
5 dana / 35 sati
Cena na zahtev
srpski ili engleski
Plan obuke: 

Module 1: Architectural Concepts and Design Requirements

  • Cloud Computing Definitions
  • Cloud Computing Roles
  • Key Cloud Computing Characteristics
  • Cloud Transition Scenario
  • Building Blocks
  • Cloud Computing Functions
  • Cloud Service Categories
  • Cloud Deployment Models
  • Cloud Cross-Cutting Aspects
  • Network Security and Perimeter
  • Cryptography
  • IAM and Access Control
  • Data and Media Sanitization
  • Virtualization Security
  • Common Threats
  • Security Considerations for Different Cloud Categories
  • Open Web Application Security Project Top Ten Security Threats
  • Cloud Secure Data Lifecycle
  • Information and Data Governance Types
  • Business Continuity and Disaster Recovery Planning
  • Cost-Benefit Analysis
  • Certification Against Criteria
  • System and Subsystem Product Certification

Module 2: Cloud Data Security

  • The Cloud Data Lifecycle Phases
  • Location and Access of Data
  • Functions, Actors, and Controls of the Data
  • Cloud Services, Products, and Solutions
  • Data Storage
  • Relevant Data Security Technologies
  • Application of Security Strategy Technologies
  • Emerging Technologies
  • Data Discovery
  • Data Classification
  • Data Privacy Acts
  • Typical Meanings for Common Privacy Terms
  • Privacy Roles for Customers and Service Providers
  • Responsibility Depending on the Type of Cloud Services
  • Implementation of Data Discovery
  • Classification of Discovered Sensitive Data
  • Mapping and Definition of Controls
  • Privacy Level Agreement
  • PLA Versus Essential P&DP Requirements Activity
  • Application of Defined Controls for PII
  • Data Rights Management Objectives
  • Data-Protection Policies
  • Events
  • Supporting Continuous Operations
  • Chain of Custody and Nonrepudiation

Module 3: Cloud Platform and Infrastructure Security

  • Network and Communications in the Cloud
  • The Compute Parameters of a Cloud Server
  • Storage Issues in the Cloud
  • Management of Cloud Computing Risks
  • Countermeasure Strategies Across the Cloud
  • Physical and Environmental Protections
  • System and Communication Protections
  • Virtualization Systems Controls
  • Managing Identification, Authentication, and Authorization in the Cloud Infrastructure
  • Risk Audit Mechanisms
  • Understanding the Cloud Environment Related to BCDR
  • Understanding the Business Requirements Related to BCDR
  • BCDR Strategies
  • Creating the BCDR Plan

Module 4: Cloud Application Security

  • Determining Data Sensitivity and Importance
  • Understanding the API Formats
  • Common Pitfalls of Cloud Security Application Deployment
  • Awareness of Encryption Dependencies
  • Understanding the Software Development Lifecycle Process for a Cloud Environment
  • Assessing Common Vulnerabilities
  • Cloud-Specific Risks
  • Threat Modeling
  • Identity and Access Management
  • Federated Identity Management
  • Multifactor Authentication
  • Supplemental Security Devices
  • Cryptography
  • Tokenization
  • Data Masking
  • Sandboxing
  • Application Virtualization
  • Cloud-Based Functional Data
  • Cloud-Secure Development Lifecycle
  • Application Security Testing

Module 5: Operations

  • Modern Data Centers and Cloud Service Offerings
  • Factors That Affect Data Center Design
  • Enterprise Operations
  • Secure Configuration of Hardware: Specific Requirements
  • Installation and Configuration of Virtualization Management Tools for the Host
  • Securing the Network Configuration
  • Identifying and Understanding Server Threats
  • Using Standalone Hosts
  • Using Clustered Hosts 
  • Accounting for Dynamic Operation
  • Using Storage Clusters
  • Using Maintenance Mode
  • Providing HA on the Cloud
  • The Physical Infrastructure for Cloud Environments
  • Configuring Access Control for Remote Access
  • Performing Patch Management
  • Performance Monitoring
  • Backing Up and Restoring the Host Configuration
  • Implementing Network Security Controls: Defense in Depth
  • Developing a Management Plan
  • Building a Logical Infrastructure for Cloud Environments
  • Running a Logical Infrastructure for Cloud Environments
  • Managing the Logical Infrastructure for Cloud Environments
  • Implementation of Network Security Controls
  • Using an ITSM Solution
  • Considerations for Shadow IT
  • Operations Management
  • Managing Risk in Logical and Physical Infrastructures
  • The Risk-Management Process Overview
  • Understanding the Collection and Preservation of Digital Evidence
  • Managing Communications with Relevant Parties
  • Wrap-Up: Data Breach Example

Module 6: Legal and Compilance

  • International Legislation Conflicts
  • Legislative Concepts
  • Frameworks and Guidelines Relevant to Cloud Computing
  • Common Legal Requirements
  • Legal Controls and Cloud Service Providers
  • e-Discovery 
  • Cloud Forensics and ISO/IEC 27050-1
  • Protecting Personal Information in the Cloud
  • Auditing in the Cloud
  • Standard Privacy Requirements (ISO/IEC 27018)
  • GAPP
  • Internal ISMS
  • Implementing Policies
  • Identifying and Involving the Relevant Stakeholders
  • Impact of Distributed IT Models
  • Understanding the Implications of the Cloud to Enterprise Risk Management
  • Risk Mitigation
  • Understanding Outsourcing and Contract Design
  • Business Requirements
  • Vendor Management
  • Cloud Computing Certification
  • Contract Management
  • Supply Chain Management
  • Supply Chain Risk

APPENDIX A: Answers to Review Questions

  • Module 1: Architectural Concepts and Design Requirements
  • Module 2: Cloud Data Security
  • Module 3: Cloud Platform and Infrastructure Security
  • Module 4: Cloud Application Security
  • Module 5: Operations
  • Module 6: Legal and Compilance Issues