CCSK (Certificate of Cloud Security Knowledge) Training & Certification

This Module introduces the fundamental concepts of cloud computing, architectural models, and shared security responsibilities required to understand and secure cloud environments.

1.1 Defining Cloud Computing

Learn the core definition of cloud computing and how abstraction and orchestration enable scalable, on-demand services. Abstraction & Orchestration: Understand how cloud resources are abstracted and automatically managed through orchestration mechanisms.

1.2 Cloud Computing Models

Explore the different service and deployment models used in cloud environments and their security implications. Essential Characteristics: Understand the key characteristics that define cloud computing services. Cloud Service Models: Learn the differences between IaaS, PaaS, and SaaS and how responsibilities vary across models. Cloud Deployment Models: Examine public, private, hybrid, and multi-cloud deployments. CSA Enterprise Architecture Model: Understand how CSA’s architecture model supports secure cloud design.

1.3 Cloud Security Scope, Responsibilities & Models

Learn how cloud security responsibilities are shared across stakeholders. Shared Security Responsibility Model Understand the division of security responsibilities between cloud providers and customers.

This Module explains how effective cloud governance ensures security alignment with business objectives across strategic, tactical, and operational levels.

2.1 Cloud Governance

Understand the role of governance in managing cloud security, risk, and accountability across the organization.

2.2 The Governance Hierarchy

Learn how governance structures support consistent decision-making and security oversight. Aligning with Requirements and Standards: Understand how cloud security aligns with regulations, standards, best practices, and contractual obligations. Stakeholder Alignment for Cloud Security: Learn how to engage key stakeholders to ensure cloud security strategies support business goals.

2.3 Cloud Security Frameworks

Explore widely adopted frameworks used to assess and manage cloud security.

Cloud Controls Matrix (CCM): Understand how CCM helps map cloud security controls to compliance requirements. CSA STAR Registry: Learn how the CSA STAR program supports transparency and trust in cloud services.

2.4 Policies

Understand the role of security policies in governing cloud usage and risk management.

This Module focuses on identifying, assessing, and managing cloud risks while ensuring compliance with legal, regulatory, and audit requirements.

3.1 Cloud Risk Management

Learn how cloud-specific risks are identified, assessed, and tracked across cloud environments. Cloud Risks: Understand common security and operational risks associated with cloud services. Understanding Cloud Risk Management: Learn structured approaches to manage and reduce cloud-related risks. Assessing Cloud Services: Evaluate cloud service providers based on security and risk criteria. The Cloud Register: Understand how cloud risks are documented and monitored using a risk register.

3.2 Compliance & Audit

Explore how compliance and audit processes are applied in cloud environments.

Jurisdictions: Understand the impact of geographic and legal jurisdictions on cloud compliance. Cloud-Relevant Laws and Regulations: Review examples of regulations affecting cloud services. Compliance Inheritance: Learn how compliance responsibilities are shared in cloud environments. Artifacts of Compliance: Understand the evidence used to demonstrate compliance.

3.3 Governance, Risk & Compliance Tools and Technologies,

Explore tools and technologies that support cloud risk, audit, and compliance management.

This Module covers how organizations manage and secure their complete cloud footprint, including governance and security across cloud service providers.

4.1 Organization Hierarchy Models

Understand how organizational structures are defined and managed within cloud service providers. Definitions: Learn key terms related to cloud organization hierarchy. Organization Capabilities within Cloud Providers: Understand the security and management features available at the organization level. Building Hierarchy within Providers: Learn how to structure accounts, projects, and resources securely.

4.2 Managing Organization-Level Security

Explore how security controls are applied consistently across an organization’s cloud environment.

Identity Provider and Role Mappings: Understand how users, groups, and roles are managed across cloud platforms. Common Organization Shared Services: Learn how shared services support centralized security and governance.

4.3 Hybrid and Multi-Cloud Considerations

Learn how cloud security responsibilities are shared across stakeholders. Shared Security Responsibility Model Understand how organization management changes across hybrid and multi-cloud environments.

Hybrid Cloud Organization Management: Learn security considerations for hybrid cloud environments. Multi-Cloud Organization Management: Understand how to manage security across multiple cloud providers. SaaS Hybrid and Multi-Cloud Management: Explore governance and security for SaaS in hybrid and multi-cloud setups.

This Module focuses on how identity and access are managed in cloud environments between organizations, cloud providers, and cloud services.

5.1 How IAM Is Different in the Cloud

Understand how cloud-based identity and access management differ from traditional on-premise IAM models.

5.2 Fundamental IAM Terms

Learn key IAM concepts and terminology used across cloud platforms.

5.3 Federation

Explore how federated identity enables secure access across systems and providers.

Common Federation Standards: Understand widely used federation standards in cloud environments. Federated Identity Management: Learn how identity federation works across cloud services. Managing Cloud Users and Identities: Understand best practices for managing users and identities in the cloud.

5.4 Strong Authentication & Authorization

Learn how secure authentication and access controls are implemented in cloud environments.

Authentication and Credentials: Understand credential types and authentication mechanisms. Entitlement and Access Management: Learn how permissions and access rights are managed. Privileged User Management: Understand how elevated access is controlled and secured.

This Module focuses on monitoring cloud environments using logs, telemetry, and advanced tools to detect, analyze, and respond to security events.

6.1 Cloud Monitoring

Understand the fundamentals of monitoring security events in cloud environments.

Logs & Events: Learn how logs and events are used to identify security issues.

6.2 Beyond Logs – Posture Management

Explore security monitoring beyond traditional logs using posture management approaches.

Management Plane Logs: Understand logs generated from cloud control and management planes. Service & Application Logs: Learn how application and service logs support security monitoring. Resource Logs: Understand logs generated by cloud resources and infrastructure. Cloud-Native Tools: Explore built-in cloud tools for security monitoring and visibility.

6.3 Cloud Telemetry Sources

Understand different telemetry sources used for cloud security monitoring.

6.4 Collection Architectures

Learn how monitoring data is collected and managed effectively.

Log Storage & Retention: Understand storage and retention considerations for security logs. Cascading Log Architecture: Learn how cascading architectures support scalable log collection.

6.5 AI for Security Monitoring

Explore how AI is applied to enhance the detection and analysis of security threats.

This Module focuses on securing cloud infrastructure and networks, including understanding cloud service provider responsibilities and modern network security architectures.

7.1 Cloud Infrastructure Security

Understand how cloud infrastructure is secured and maintained for reliability and resilience.

Foundational Infrastructure Security Techniques: Learn core techniques used to secure cloud infrastructure. CSP Infrastructure Security Responsibilities: Understand the security responsibilities managed by cloud service providers. Infrastructure Resilience: Learn how resilience is built into cloud infrastructure.

7.2 Cloud Network Fundamentals

Explore the basics of networking in cloud environments.

Software-Defined Cloud Networks: Understand how cloud networks differ from traditional networks. Cloud Connectivity: Learn how connectivity is established across cloud environments.

7.3 Cloud Network Security & Secure Architectures

Understand how networks are protected using layered security controls.

Preventative Security Measures: Learn controls designed to prevent security incidents. Detective Security Measures: Understand mechanisms used to detect and respond to threats.

7.4 Infrastructure as Code (IaC)

Learn how infrastructure is defined and managed securely using code.

7.5 Zero Trust for Cloud Infrastructure & Networks

Understand Zero Trust concepts applied to cloud networks.

Software-Defined Perimeter & ZTNA: Learn how secure access is enforced using Zero Trust Network Access.

7.6 Secure Access Service Edge (SASE)

Explore SASE as a modern approach to network and security convergence.

This Module focuses on securing cloud workloads, including virtual machines, containers, serverless services, and emerging AI workloads.

8.1 Introduction to Cloud Workload Security

Understand what cloud workloads are and how security controls apply to different workload types.

Types of Cloud Workloads: Learn the different workload types used in cloud environments. Impact on Workload Security Controls: Understand how workload characteristics influence security controls.

8.2 Securing Virtual Machines

Learn how virtual machines are secured in cloud environments.

Virtual Machine Challenges & Mitigations: Understand common VM security risks and mitigation strategies. Secure VM Image Creation: Learn how secure VM images are created and managed. Snapshots and Public Exposure Risks: Understand risks related to snapshots and unintended data exposure.

8.3 Securing Containers

Explore security practices for container-based workloads.

Container Image Creation: Learn how secure container images are built. Container Networking: Understand networking considerations for container security. Container Orchestration Systems: Learn how orchestration platforms manage container workloads. Container Orchestration Security: Understand security controls for orchestration environments. Runtime Protection for Containers: Learn how container workloads are protected during execution.

8.4 Securing Serverless and Function as a Service

Understand security challenges in serverless environments.

FaaS Security Issues: Learn common security risks in serverless workloads. IAM for Serverless: Understand identity and access controls for serverless services. Environment Variables and Secrets: Learn how secrets are managed securely in serverless workloads.

8.5 Securing AI Workloads

Explore security considerations specific to AI-based workloads.

AI-System Threats: Understand threats unique to AI systems. AI Risk Mitigation and Shared Responsibilities: Learn how AI risks are mitigated within shared responsibility models.

This Module addresses how data is protected in cloud environments, covering storage types, security controls, and techniques for securing data at rest and in transit.

9.1 Primer on Cloud Storage

Understand the different storage options used in cloud environments. Volume / Block Storage: Learn how block-based storage is used and secured. Object Storage: Understand object storage models and related security considerations. Database Storage: Learn how data stored in managed databases is protected. Other Types of Storage: Explore additional cloud storage options and their use cases.

9.2 Data Security Tools and Techniques

Learn the core tools and methods used to protect cloud data. Data Classification: Understand how data is classified based on sensitivity and risk. Identity and Access Management: Learn how access to data is controlled and restricted. Access Policies: Understand how policies define and enforce data access rules. Encryption and Key Management: Learn how encrModule 2: Cloud Governanceyption and keys protect cloud data. Data Loss Prevention: Understand techniques used to prevent unauthorized data exposure.

9.3 Cloud Data Encryption at Rest

Explore encryption strategies for stored cloud data. Application-Level Encryption: Understand encryption applied at the application layer. Cloud Data Key Management Strategies: Learn how encryption keys are managed securely. Data Encryption Recommendations: Review best practices for cloud data encryption.

Data Security Posture Management

Understand how data security posture is monitored and improved.

9.5 Object Storage Security

Learn specific security controls for object storage services.

9.6 Data Security for Artificial Intelligence

Explore data protection considerations for AI systems. AI as a Service: Understand data security implications of AI-based cloud services.

This Module focuses on securing cloud applications throughout their lifecycle, from design and development to deployment and ongoing maintenance.

10.1 Secure Development Lifecycle

Understand how security is integrated into each stage of application development. SDLC Stages: Learn the key stages of the secure development lifecycle. Threat Modeling: Understand how potential threats are identified during application design. Pre-Deployment Testing: Learn security testing practices before applications go live. Post-Deployment Testing: Understand how applications are tested and monitored after deployment.

10.2 Architecture’s Role in Secure Cloud Applications

Explore how application architecture influences cloud security. Cloud Impacts on Architecture-Level Security: Understand how cloud environments affect architectural security decisions. Architectural Resilience: Learn how resilient architectures support application security.

10.3 Identity & Access Management and Application Security

Understand how IAM supports secure application access. Secrets Management: Learn how application secrets are stored and managed securely.

10.4 DevOps and DevSecOps

Explore how security is integrated into modern development practices. CI/CD Pipeline and Shift-Left Security: Understand how security is embedded early in CI/CD pipelines. Web Application Firewalls and API Gateways: Learn how WAFs and API gateways protect cloud applications.

This Module focuses on cloud-specific incident response practices and building resilient systems to minimize impact and recover effectively from security incidents.

11.1 Incident Response

Understand how incident response is applied in cloud environments. Incident Response Lifecycle: Learn the key stages involved in managing a cloud security incident.

11.2 Preparation

Explore how organizations prepare for cloud security incidents. Incident Response Preparation and Cloud Service Providers: Understand the role of cloud providers in incident readiness. Training for Cloud Incident Responders: Learn the importance of training teams for effective cloud incident handling.

11.3 Detection & Analysis

Understand how incidents are detected and analyzed in the cloud. Cloud Impact on Incident Response Analysis: Learn how cloud environments influence incident investigation. Cloud System Forensics: Understand forensic techniques used in cloud environments.

11.4 Containment, Eradication & Recovery

Learn how cloud incidents are controlled and resolved. Containment: Understand steps to limit the impact of incidents. Eradication: Learn how threats are removed from cloud environments. Recovery: Understand how systems are restored securely after incidents.

11.5 Post-Incident Analysis

Learn how lessons learned are captured to improve future incident response.

This Module introduces strategic security concepts that shape modern cloud security programs, with a focus on Zero Trust and Artificial Intelligence.

12.1 Zero Trust

Understand the principles of Zero Trust and how they apply to cloud environments. Technical Objectives of Zero Trust: Learn the core security objectives that guide Zero Trust implementation. Zero Trust Pillars & Maturity Model: Understand the foundational pillars and maturity stages of Zero Trust. Zero Trust & Cloud Security: Explore how Zero Trust strengthens cloud security architectures.

12.2 Artificial Intelligence

Understand how AI impacts cloud security from both defensive and risk perspectives. Characteristics of AI Workloads: Learn the unique attributes of AI workloads in cloud environments. AI and Cloud Security Intersection: Understand how AI technologies interact with cloud security controls.