The CCSK training – Foundation course is based on the CCSK exam and the CSA Security Guidance for Critical Areas of Cloud Computing.

The Cloud Computing Security Knowledge- Foundation class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certificate exam. Starting with a detailed description of cloud computing, the course covers all major domains in the Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA).

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. We recommend attendees have a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management.

Course Agenda:

The CCSK Foundation course will prepare you for the CCSK exam and provide additional material and context. To pass the exam you will still need to study the CSA Guidance, Common Assessment Initiative Questionnaire (CAIQ), the Cloud Controls Matrix (CCM) and the ENISA risk report.

1) Intro to Cloud Computing

• NIST definitions
• Essential characteristics
• Service Models
• Deployment Models

2) Infrastructure Security for Cloud

• Securing base infrastructure
• Management plane security
• Securing Virtual Hosts and Networks
• IaaS, PaaS, SaaS security

3) Managing Cloud Security and Risk

• Risk and Governance
• Legal and Compliance
• Audit
• Data Governance

4) Data Security for Cloud

• Cloud Data Architectures
• Data security and Encryption
• CASB and Data Loss Prevention
• BCP / DR

5) Securing Cloud Applications, Users, and Related Technologies

• Application Security
• Identity and Access Management
• Related Technologies

6) Cloud Security Operations

• What to look for in a cloud provider
• Security as a Service
• Incident Response

James Arlen Bio:

James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as CISO of a publicly traded financial institution and Information Security Coordinator at a large-scale power utility. James has been involved in information security policy, process, procedure, and architecture improvements for internationally known manufacturing and financial organizations.

James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Heroku, James is a Contributing Analyst at the research firm Securosis, a part-time Professor at Mohawk College, blogger/podcaster with Liquidmatrix Security Digest, a frequent speaker at industry conferences, and is a prolific contributor to media and standards including a lead author contribution to the Cloud Security Alliance Security Guidance for Critical Areas of Cloud Computing V4. James holds the CISSP, CISA, and CRISC security certifications.