This course on cloud and security architecture is strongly focussed on CCSK (Certificate of Cloud Security Knowledge) and in particular the CCSK domains as described in the CSA guidance and the ENISA document.

The CSA guidance was written by a committee, and its structure is not the most productive one from a learning perspective. That is why in this course a different structure has been applied.

Below is the sequence that we will go through, in domains per section. Depending on the delivery format this will be mapped onto multiple days of training.

Introduction to cloud computing

Definitions and models

• 1: Cloud Architecture

Infrastructure

Infrastructure and virtual networking security

• 6: Management Plane and Business Continuity
• 7: Infrastructure Security
• 8: Virtualization and Containers

Risk and Governance

Legal and compliance, audit, data governance, risk management, CCM

• 2: Governance and Enterprise Risk Management
• 3: Legal issues, Contracts and Electronic Discovery
• 4: Compliance and Audit Management
• ENISA doc, CCM

Data and Application Security

Cloud data architectures, data security and encryption, CASB, identity and access management

• 5: Information Governance
• 10: Application Security
• 11: Data Security and Encryption
• 12: Identity, Entitlement and Access Management

Cloud Security Operations, Review

Monitoring, Security as a Service, incident response, interoperability, IOT, big data and mobile.

• 13: Security as a Service
• 9: Incident Response
• 14: Related Technologies

Your fellow learners and I would love to hear where you see your own strengths, and learning objectives. Please add to the comments and discussions.