Certificate of Cloud Security Knowledge
The Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) is the industry’s first user certification program for secure cloud computing. The CCSK is designed to ensure that a broad range of professionals with responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud.
Please see the CSA Training Schedule for current training opportunities.
The Cloud Security Alliance will soon be offering training in the following three areas.
Cloud Computing Security Knowledge- Basic
The Cloud Computing Security Knowledge- Basic class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).
Cloud Computing Security Knowledge- Plus
The CCSK- Plus class builds upon the CCSK Basic class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.
This second day of training includes additional lecture, although student’s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.
PCI Cloud training
The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios where PCI DSS and clouds overlap in the real world. You will learn where to look while assessing such environments and what pitfalls and mistakes to avoid. It will also cover the shared responsibility between service providers and merchants in implementing PCI DSS controls. Specifically, we will discuss how PCI DSS Requirement 12.8 applies to various cloud scenarios.
The class would be most useful to PCI DSS QSA, organizations offering PCI DSS consulting as well as merchants planning or implementing PCI compliance.
GRC Stack training
Outsourcing critical business functions into the Cloud can result in challenges of maintaining assurance and control over legal and regulatory obligations for data management and protection. The Cloud Security Alliance is offering a training session to show you how to leverage the CSA GRC (Governance, Risk Management & Compliance) Stack, a toolkit designed for peeling back and revealing those layers of accountability and responsibility between Cloud Service Providers and their Tenants, applying measurable risk-based decision making for both assessing and attesting to governance, risk and compliance best practices.