CCSK certification

CCSK Certificationccsk

The following are the key exam areas and concepts of the CCSK certification (this information is based on the Cloud Security Alliance CCSK FAQ):

CSA Guidance For Critical Areas of Focus in Cloud Computing V4.0 English

Domain 1 Cloud Computing Concepts and Architectures

Definitions of Cloud Computing

  • Service Models
  • Deployment Models
  • Reference and Architecture Models
  • Logical Model

Cloud Security Scope, Responsibilities, and Models

Areas of Critical Focus in Cloud Security

Domain 2: Governance and Enterprise Risk Management

Tools of Cloud Governance

Enterprise Risk Management in the Cloud

Effects of various Service and Deployment Models

Cloud Risk Trade-offs and Tools

Domain 3: Legal Issues, Contracts and Electronic Discovery

Legal Frameworks Governing Data Protection and Privacy

  • Cross-Border Data Transfer
  • Regional Consideration

Contracts and Provider Selection

  • Contracts
  • Due Diligence
  • Third-Party Audits and Attestations

Electronic Discovery

  • Data Custody
  • Data Preservation
  • Data Collection
  • Response to a Subpoena or Search Warrant

Domain 4: Compliance and Audit Management

Compliance in the Cloud

  • Compliance impact on cloud contracts
  • Compliance scope
  • Compliance analysis requirements

Audit Management in the Cloud

  • Right to audit
  • Audit scope
  • Auditor requirements

Domain 5: Information Governance

Governance Domains

Six phases of the Data Security Lifecycle and their key elements

Data Security Functions, Actors and Controls

Domain 6: Management Plane and Business Continuity

Business Continuity and Disaster Recovery in the Cloud

Architect for Failure

Management Plane Security

Domain 7: Infrastructure Security

Cloud Network Virtualization

Security Changes with Cloud Networking

Challenges of Virtual Appliances

SDN Security Benefits

Micro-segmentation and the Software Defined Perimeter

Hybrid Cloud Considerations

Cloud Compute and Workload Security

Domain 8: Virtualization and Containers

Major Virtualizations Categories




Domain 9: Incident Response

Incident Response Lifecycle

How the Cloud Impacts IR

Domain 10: Application Security

Opportunities and Challenges

Secure Software Development Lifecycle

How Cloud Impacts Application Design and Architectures

The Rise and Role of DevOps

Domain 11: Data Security and Encryption

Data Security Controls

Cloud Data Storage Types

Managing Data Migrations to the Cloud

Securing Data in the Cloud

Domain 12: Identity, Entitlement, and Access Management

IAM Standards for Cloud Computing

Managing Users and Identities

Authentication and Credentials

Entitlement and Access Management

Domain 13: Security as a Service

Potential Benefits and Concerns of SecaaS

Major Categories of Security as a Service Offerings

Domain 14: Related Technologies

Big Data

Internet of Things


Serverless Computing


ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security

  • Isolation failure
  • Economic Denial of Service
  • Licensing Risks
  • VM hopping
  • Five key legal issues common across all scenarios
  • Top security risks in ENISA research
  • OVF
  • Underlying vulnerability in Loss of Governance
  • User provisioning vulnerability
  • Risk concerns of a cloud provider being acquired
  • Security benefits of cloud
  • Risks R.1 – R.35 and underlying vulnerabilities
  • Data controller versus data processor definitions
  • In Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring


Cloud Security Alliance – Cloud Controls Matrix

  • CCM Domains
  • CCM Controls
  • Architectural Relevance
  • Delivery Model Applicability
  • Scope Applicability
  • Mapped Standards and Frameworks

For more information, see the course schedule and fees.

Leave a Reply