Certified Cloud Security Officer CCSO

All about Cloud Security
Certified Cloud Security Officer CCSO
File Size :
4.27 GB
Total length :
15h 50m

Category

Instructor

Stone River eLearning

Language

Last update

2/2021

Ratings

4.6/5

Certified Cloud Security Officer CCSO

What you’ll learn

Evaluate Cloud Migration Security and Assess Risks
Understand Legal Requirements and Unique Risks within the Cloud Environment
Audit logging/Detect Intrusion
Perform DR and BCM
Understand SAML Assertions, protocols and Binding

Certified Cloud Security Officer CCSO

Requirements

Good knowledge and experience in the Cloud, IP and IT infrastructure are required to progress in this program.

Description

Feeling the need to bolster your skills in Cloud Security? Then you are at the place, because our CCSO course offers you such revitalized and refreshed topics as Cloud risks, Legal Implications, Data Center Operations, Incident Response, Application Security and more.Baseline requirements to fully participate in CCSO course?Good knowledge and experience in the Cloud, IP and IT infrastructure are required to progress in this program.CCSO’s courses are aptly developed for candidates with knowledge in the IT field, especially in the cloud, and have a desire to improve their learning experience and practical skills in applying cloud security. It is mainly for candidates who wish to:· Ready themselves for the CCSO certification exams· Learn and apply cloud security at global standard levelThis course prepares you for the CCSO exams. Candidates who excelled will have acquired the knowledge to:· Evaluate Cloud Migration Security and Assess Risks· Understand Legal Requirements and Unique Risks within the Cloud Environment· Audit logging/Detect Intrusion· Perform DR and BCM· Understand SAML Assertions, protocols and BindingFor the duration of this course, you will be exposed to impactful virtual-based classes, coupled with sufficient practical examples on everything cloud security, to give you a deeper understanding of it all. You’re taught according to the leading global standards. The right path to a successful career as a cloud security officer starts with a smart decision you make with us today. REGISTER NOW!

Overview

Section 1: Chapter 1 – Introduction to Cloud Computing and Architectural Concepts

Lecture 1 Course Introduction

Lecture 2 Introduction to Cloud Computing and Architectural Concepts

Lecture 3 Where are we?

Lecture 4 What are we covering?

Section 2: Section 1: Cloud Computing Terminology

Lecture 5 Key Cloud Computing Terminology

Lecture 6 Key Cloud Computing Terminology

Lecture 7 Terminology Mapped to the Cloud

Lecture 8 Other Terms

Section 3: Section 2: Cloud Computing Definition

Lecture 9 Cloud Computing Defined

Lecture 10 NIST Five Essential Characteristics

Lecture 11 NIST Three Service Models

Lecture 12 SaaS Pros and Cons

Lecture 13 SaaS Pros and Cons

Lecture 14 IaaS Pros and Cons

Lecture 15 NIST Four Deployment Models

Lecture 16 Cloud Computing Characteristics

Section 4: Section 3: Cloud Computing Benefits

Lecture 17 Why move to the Cloud?

Lecture 18 Cost Benefit Analysis

Lecture 19 Cost Benefit Analysis

Lecture 20 Cost Benefit Analysis

Lecture 21 ROI Calculation

Lecture 22 TCO Calculation

Lecture 23 Ease of Deployment – Security Risks

Lecture 24 Introductory Security Risks and Benefits

Section 5: Section 4: Cloud Computing Reference Model

Lecture 25 Cloud Computing Architecture

Lecture 26 Potential Pitfalls and Confusion

Lecture 27 Cloud Computing Deployment Models

Lecture 28 Jericho Cloud Cube Model

Lecture 29 Example of Service Model Mapped to Controls

Section 6: Section 5: What is Security for the Cloud

Lecture 30 The Security Impact of Cloud Architecture

Lecture 31 Where is the security added?

Lecture 32 Cloud Technology Road Map

Lecture 33 Cloud Technology Road Map

Lecture 34 NIST Cloud Technology Road Map

Lecture 35 Cloud Cross-Cutting Aspects

Lecture 36 Architecture Overview

Lecture 37 Business Security Architecture

Lecture 38 Business Security Architecture

Lecture 39 Business Security Architecture

Lecture 40 Jericho Key Principles (11 Commandments)

Lecture 41 Jericho Key Principles (11 Commandments)

Lecture 42 ENISA – Cloud Computing Guidance

Lecture 43 Questions

Section 7: Chapter 2 – Cloud Risks

Lecture 44 Cloud Risks

Lecture 45 Course Outline

Lecture 46 What are we covering?

Section 8: Section 1: Cloud Migration Security Evaluation

Lecture 47 Challenges in Decision Making Process of Moving to the Cloud

Lecture 48 Quick Method for Evaluation

Lecture 49 Evaluate the Asset

Lecture 50 Map the Asset to Cloud

Lecture 51 Finalizing the Decision

Section 9: Section 2: ENISA Risk Evaluation

Lecture 52 ENISA – Cloud Computing Security Risk Assessment

Lecture 53 ENISA – Top Security Benefits

Lecture 54 ENISA – Top Security Benefits

Lecture 55 Probability vs. Impact of Identified Risks

Lecture 56 ENISA – Top Security Risks

Lecture 57 Top Risks No. 1

Lecture 58 Top Risks No. 2

Lecture 59 Top Risks No. 3

Lecture 60 Top Risks No. 9

Lecture 61 Top Risks No. 10

Lecture 62 Top Risks No. 21

Lecture 63 Top Risks No. 22

Lecture 64 Top Risks No. 23

Lecture 65 Top Risks No. 26

Lecture 66 Assets

Section 10: Section 3: Cloud Controls Matrix

Lecture 67 Cloud Controls Matrix (CCM)

Lecture 68 The Control Domains

Lecture 69 Example

Lecture 70 Example Continued

Section 11: Section 4: Relevant CCM Controls

Lecture 71 TVM-01 – Anti-Virus / Malicious Software

Lecture 72 TVM-02 – Vulnerability and Patch Management

Lecture 73 TVM-03 – Mobile Code

Lecture 74 Questions

Section 12: Chapter 3 – ERM and Governance

Lecture 75 ERM and Governan

Lecture 76 What are we covering?

Section 13: Section 1: Application of Governance and Risk Management to the Cloud

Lecture 77 Corporate Governance

Lecture 78 Corporate Governance

Lecture 79 Customer Expectations

Lecture 80 Four Areas Impacted

Lecture 81 Tools of the Trade

Lecture 82 Who is responsible? Not Accountable!

Lecture 83 Cloud Computing Governance Resources

Lecture 84 Information/Data Governance Types

Lecture 85 Enterprise Risk Management

Lecture 86 Risk Response in the Cloud

Lecture 87 Where do we start?

Lecture 88 Must do items

Section 14: Section 2: Importance of the SLA

Lecture 89 Contracts/SLAs

Lecture 90 Contracts/SLAs: Change Your Thinking

Lecture 91 Important SLA Components

Lecture 92 Metrics for Risk Management/Service Level Agreement (SLA)

Section 15: Section 3: CCM Relevant Controls

Lecture 93 GRM-01 – Baseline Requirements

Lecture 94 GRM-02 – Data Focus Risk Assessments

Lecture 95 GRM-03 – Management Oversight

Lecture 96 GRM-04 – Management Program

Lecture 97 GRM-05 – Management Support/Involvement

Lecture 98 GRM-06 – Policy

Lecture 99 GRM-07 – Policy Enforcement

Lecture 100 GRM-08 – Policy Impact on Risk Assessments

Lecture 101 GRM-09 – Policy Reviews

Lecture 102 GRM-10 – Risk Assessments

Lecture 103 GRM-11 – Risk Management Framework

Lecture 104 Questions

Section 16: Chapter 4 – Legal Implications

Lecture 105 Legal Implications

Lecture 106 Course Outline

Lecture 107 What are we covering?

Section 17: Section 1: Understanding Unique Risks in the Cloud

Lecture 108 Understand Legal Requirements & Unique Risks Within the Cloud Environment

Section 18: Section 2: International Legislation and Potential Conflicts

Lecture 109 International Legislation Conflicts

Lecture 110 International Legislation Conflicts

Lecture 111 GDPR

Lecture 112 International Legislation Conflicts

Lecture 113 International Legislation Conflicts

Lecture 114 Appraisal of Legal Risks Specific to Cloud Computing

Lecture 115 Legal Controls

Section 19: Section 3: eDiscovery

Lecture 116 eDiscovery

Lecture 117 Special Issues

Lecture 118 Special Issues

Lecture 119 eDiscovery

Lecture 120 Forensics Requirements

Section 20: Section 4: Contract Considerations

Lecture 121 Contract Considerations

Lecture 122 Contractual & Regulated PII: The Differences

Lecture 123 Contractual & Regulated PII: The Differences

Lecture 124 Contractual & Regulated PII: The Similarities

Lecture 125 Country-specific Legislation Related to PII/Data Privacy/Data Protection

Section 21: Section 5: Relevant CCM Controls

Lecture 126 SEF-01 – Contract / Authority Maintenance

Lecture 127 Questions

Section 22: Chapter 5 – Virtualization and Technical Design

Lecture 128 Virtualization and Technical Design

Lecture 129 Course Outline

Lecture 130 What are we covering?

Section 23: Section 1: Virtualization Principles

Lecture 131 Virtualization Definition

Lecture 132 How Does Virtualization Work?

Lecture 133 What is a Virtual Machine (VM)?

Lecture 134 What is a Hypervisor?

Lecture 135 Type 1 and Type 2 Hypervisors

Lecture 136 Virtualization Layer

Lecture 137 CPU Hardware Virtualization

Section 24: Section 2: Key Components Mapped to Cloud Layer

Lecture 138 vSphere 6.x Virtual Switches

Lecture 139 VMware vSwitch Terminology

Lecture 140 Storage Terminology

Lecture 141 Overview of Virtual Appliances

Lecture 142 Clones and Templates

Lecture 143 Customization Specifications Manager

Lecture 144 vSphere Content Libraries

Lecture 145 VM Snapshots

Lecture 146 vMotion – Hot Migration

Lecture 147 Storage vMotion

Lecture 148 Distributed Resource Scheduler Overview

Lecture 149 Distributed Power Management (DPM)

Lecture 150 VM Swapfile Location

Lecture 151 Host Profiles Overview

Lecture 152 Storage DRS (SDRS) Overview

Lecture 153 Profile Driven Storage Overview

Lecture 154 VSAN Architecture

Lecture 155 Resource Pools Overview

Lecture 156 High Availability Overview

Lecture 157 Fault Tolerance

Section 25: Section 3: Key Security Concerns

Lecture 158 Virtualization Risks and Challenges

Lecture 159 Network Security and Perimeter

Lecture 160 Virtualization Security

Lecture 161 Common Architecture Concerns

Lecture 162 vSphere Hardening Guide

Section 26: Section 4: Other Technologies Used in the Cloud

Lecture 163 Network Security

Lecture 164 Network and Communications in the Cloud

Lecture 165 Cloud Networking – VXLAN

Section 27: Section 5: The Layers

Lecture 166 Logical Design Considerations

Lecture 167 Physical, Virtual and vCloud Layers

Lecture 168 Software-Defined Data Center (SDDC) – Components

Lecture 169 SDDC – Physical Configuration

Lecture 170 SDDC – vCenter Cluster Layout

Lecture 171 SDDC – The Big Ugly Picture

Lecture 172 SDDC – The Big Ugly Picture but not as bad!

Section 28: Section 6: Relevant CCM Controls

Lecture 173 IVS-01 – Audit Logging / Intrusion Detection

Lecture 174 IVS-02 – Change Detection

Lecture 175 IVS-03 – Clock Synchronization

Lecture 176 IVS-04 – Information System Documentation

Lecture 177 IVS-05 – Vulnerability Management

Lecture 178 IVS-06 – Network Security

Lecture 179 IVS-07 – OS Hardening and Base Controls

Lecture 180 IVS-08 – Production / Non-Production Environments

Lecture 181 IVS-09 – Segmentation

Lecture 182 IVS-10 – VM Security – Data Protection

Lecture 183 IVS-11 – Hypervisor Hardening

Lecture 184 IVS-12 – Wireless Security

Lecture 185 IVS-13 – Network Architecture

Lecture 186 Questions

Section 29: Chapter 6 – Managing Information and Securing Data

Lecture 187 Managing Information and Securing Data

Lecture 188 Course Outline

Lecture 189 What are we covering?

Section 30: Section 1: Cloud/Data Life Cycle

Lecture 190 Data Security Lifecycle

Lecture 191 Locations and Access

Lecture 192 Functions, Actors, and Controls

Section 31: Section 2: Data Security Architectures and Strategies

Lecture 193 Pillars of Functionality

Lecture 194 Storage Types IaaS

Lecture 195 Storage Types PaaS

Lecture 196 Storage Types SaaS

Lecture 197 Top Threats to Storage

Lecture 198 Technologies available to address the threats

Lecture 199 Data Dispersion

Lecture 200 Data Loss Prevention (DLP)

Lecture 201 Data Loss Prevention (DLP)

Lecture 202 Data Loss Prevention (DLP)

Lecture 203 Encryption

Lecture 204 Encryption Challenges

Lecture 205 Encryption Architecture

Lecture 206 IaaS Data Encryption

Lecture 207 IaaS Data Encryption

Lecture 208 Database Encryption

Lecture 209 Database Encryption

Lecture 210 Encryption Review

Lecture 211 Key Management

Lecture 212 Key Management Considerations

Lecture 213 Storing keys in the cloud

Lecture 214 Data Masking/Obfuscation

Lecture 215 Data Anonymization

Lecture 216 Tokenization

Lecture 217 Data Security Strategies

Lecture 218 Emerging Technologies

Section 32: Section 3: Data Discovery and Classification

Lecture 219 Data Discovery

Lecture 220 Data Discovery

Lecture 221 Data Discovery

Lecture 222 Data Classification

Lecture 223 Data Classification Categories

Lecture 224 Cloud Data Challenges

Section 33: Section 4: Jurisdictional Data Protection for Personally Identifiable Informatio

Lecture 225 Terms

Lecture 226 Implementation of Data Discovery

Lecture 227 Main Input Entities

Lecture 228 Privacy Level Agreement

Lecture 229 Controls for PII

Lecture 230 Typical Security Measures

Section 34: Section 5: Data/Information Rights Management

Lecture 231 Data Rights Management

Lecture 232 Information Rights Management

Lecture 233 IRM Cloud Difficulties

Lecture 234 IRM Solutions

Section 35: Section 6: Data Retention, Deletion, and Archival Policies

Lecture 235 Data Protection Policies

Lecture 236 Data Retention Policies

Lecture 237 Data Deletion

Lecture 238 Data Archiving

Section 36: Section 7: Accountability of Data Events

Lecture 239 SaaS Potential Event Sources

Lecture 240 PaaS Potential Event Sources

Lecture 241 IaaS Potential Event Sources

Lecture 242 Data Event Logging and Event Attributes

Lecture 243 What to do with data events?

Lecture 244 Security Information and Event Management

Lecture 245 Supporting Continuous Operations

Section 37: Section 8: Relevant CCM Controls

Lecture 246 DSI-01 – Management Classification

Lecture 247 DSI-02 – Data Inventory Flows

Lecture 248 DSI-03 – eCommerce Transactions

Lecture 249 DSI-04 – Handling / Labeling / Security Policy

Lecture 250 DSI-05 – Non-Production Data

Lecture 251 DSI-06 – Ownership / Stewardship

Lecture 252 DSI-07 – Secure Disposal

Lecture 253 Questions

Section 38: Chapter 7 – Data Center Operations

Lecture 254 Data Center Operations

Lecture 255 Course Outline

Lecture 256 What are we covering?

Section 39: Section 1: The Logical Infastructure

Lecture 257 Logical Infastructure Design Notes

Lecture 258 Secure Configuration of Hardware Requirements

Lecture 259 Secure Network Configuration

Lecture 260 Hardening OS and Apps

Lecture 261 Availability of Guest OS

Lecture 262 Managing the Logical Infrastructure

Lecture 263 IT Service Management (ITSM)

Lecture 264 Information Security Management

Lecture 265 Configuration Management Process

Lecture 266 Configuration, Change and Availability Management

Lecture 267 Shadow IT

Lecture 268 Change Management Objectives

Lecture 269 Change Management Policies and Procedures

Lecture 270 Problem Management

Lecture 271 Release and Deployment Management Objectives

Lecture 272 Release and Deployment Management

Lecture 273 Service Level Management

Lecture 274 Other Management areas

Section 40: Section 2: Manage Communications with all Parties

Lecture 275 5 Ws and the H

Lecture 276 Vendors

Lecture 277 Customers

Lecture 278 Partners

Section 41: Section 3: Relevant CCM Controls

Lecture 279 CCC-01 – New Development / Acquisition

Lecture 280 CCC-02 – Outsourced Development

Lecture 281 CCC-03 – Quality Testing

Lecture 282 CCC-04 – Unauthorized Software Installations

Lecture 283 CCC-05 – Production Changes

Lecture 284 HRS-01 – Asset Returns

Lecture 285 HRS-02 – Background Screening

Lecture 286 HRS-03 – Employment Agreements

Lecture 287 HRS-04 – Employment Terminations

Lecture 288 HRS-05 – Mobile Device Management

Lecture 289 HRS-06 – Non-Disclosure Agreements

Lecture 290 HRS-07 – Roles / Responsibilities

Lecture 291 HRS-08 – Technology Acceptable Use

Lecture 292 HRS-09 – Training Awareness

Lecture 293 HRS-10 – User Responsibility

Lecture 294 HRS-11 – Workspace

Lecture 295 STA-01 – Data Quality and Integrity

Lecture 296 STA-02 – Incident Reporting

Lecture 297 STA-03 – Network / Infrastructure Services

Lecture 298 STA-04 – Provider Internal Assessments

Lecture 299 STA-05 – Supply Chain Agreements

Lecture 300 STA-06 – Supply Chain Governance Reviews

Lecture 301 STA-07 – Supply Chain Metrics

Lecture 302 STA-08 – Third Party Assessment

Lecture 303 STA-09 – Third Party Audits

Lecture 304 Questions

Section 42: Chapter 8 – Interoperability and Portability

Lecture 305 Interoperability and Portability

Lecture 306 Course Outline

Lecture 307 What are we covering?

Section 43: Section 1: Interoperability

Lecture 308 Interoperability

Lecture 309 Reason a change may happen

Lecture 310 Why is this important

Lecture 311 Example

Lecture 312 Recommendations

Lecture 313 Recommendations

Lecture 314 Recommendations

Section 44: Section 2: Portability

Lecture 315 Portability

Lecture 316 Interoperability and Portability Helps to Mitigate

Lecture 317 Golden Rule

Lecture 318 Basic Recommendations

Lecture 319 Basic Recommendations

Lecture 320 IaaS Recommendations

Lecture 321 IaaS Recommendations

Lecture 322 IaaS Recommendations

Lecture 323 PaaS Recommendations

Lecture 324 PaaS Recommendations

Lecture 325 SaaS Recommendations

Lecture 326 SaaS Recommendations

Lecture 327 Private Cloud Recommendations

Lecture 328 Public Cloud Recommendations

Lecture 329 Hybrid Cloud Recommendations

Section 45: Section 3: Relevant CCM Controls

Lecture 330 IPY-01 – API’s

Lecture 331 IPY-02 – Data Request

Lecture 332 IPY-03 – Policy and Legal

Lecture 333 IPY-04 – Standardized Network Protocols

Lecture 334 IPY-05 – Virtualization

Lecture 335 Questions

Section 46: Chapter 9 – Traditional Security

Lecture 336 Traditional Security

Lecture 337 Course Outline

Lecture 338 What are we covering?

Section 47: Section 1: The Physical Environment

Lecture 339 Physical Environment

Lecture 340 Physically. What does one of these beasts look like?

Lecture 341 Major Factors in building a great datacenter

Lecture 342 Google’s Top 10

Lecture 343 Datacenter Design

Lecture 344 Network and Communications in the Cloud

Lecture 345 Compute

Lecture 346 Storage

Lecture 347 Physical and Environmental Controls

Lecture 348 Protecting Datacenter Facilities

Lecture 349 System and Communication Protections

Section 48: Section 2: Planning Process for the Data Center Design

Lecture 350 Support the Planning

Lecture 351 Physical Design Considerations

Lecture 352 DC Design Standards

Lecture 353 Tier Standard Review

Lecture 354 Tiered Model Summary

Lecture 355 Environmental Design

Lecture 356 Environmental Design

Lecture 357 Design Considerations

Lecture 358 Multi-Vendor Pathway Connectivity (MVPC)

Section 49: Section 3: Implement and Build Physical Infrastructure

Lecture 359 Enterprise Operations

Lecture 360 Security Requirements for Hardware

Lecture 361 Oversubscription

Lecture 362 iSCSI Implementation Considerations

Section 50: Section 4: Typical Security for the Datacenter Components

Lecture 363 Access Controls

Lecture 364 Access Control (KVM)

Lecture 365 Access Controls

Lecture 366 Securing Network Configurations

Lecture 367 OS Hardening

Lecture 368 Everything about the OS

Lecture 369 Stand-alone Host Availability Considerations

Lecture 370 Availability of Clustered Hosts

Lecture 371 Clustered Storage Architectures

Lecture 372 Performance Monitoring

Lecture 373 Redundant System Architecture

Lecture 374 Backup and Restore of Hosts?

Lecture 375 Log Management Recommendations

Lecture 376 Log Management

Lecture 377 Management Planning Includes

Lecture 378 Business Continuity & Disaster Recovery

Lecture 379 Business Continuity Elements

Section 51: Section 5: Relevant CCM Controls

Lecture 380 DCS-01 – Asset Management

Lecture 381 DCS-02 – Controlled Access Points

Lecture 382 DCS-03 – Equipment Identification

Lecture 383 DCS-04 – Off-Site Authorization

Lecture 384 DCS-05 – Off-Site Equipment

Lecture 385 DCS-06 – Policy

Lecture 386 DCS-07 – Secure Area Authorization

Lecture 387 DCS-08 – Unauthorized Persons Entry

Lecture 388 DCS-09 – User Access

Lecture 389 Questions

Section 52: Chapter 10 – BCM and DR

Lecture 390 BCM and DR

Lecture 391 Course Outline

Lecture 392 What are we covering?

Section 53: Section 1: Disaster Recovery and Business Continuity Management

Lecture 393 The Business Continuity Management Concept

Lecture 394 BCM Lifecycle

Lecture 395 Business Continuity Disaster Recovery

Lecture 396 BCDR Relevant Cloud Characteristics

Lecture 397 Business Impact Analysis

Lecture 398 BCDR Requirements

Lecture 399 BCDR Risks Requiring Protection

Lecture 400 BCDR Strategy Risks

Lecture 401 BCDR Strategies

Lecture 402 Creating the BCDR Plan

Lecture 403 Planning, Testing and Review

Section 54: Section 2: Examples

Lecture 404 Virtualization Pass Through

Lecture 405 Backup and DR Software

Section 55: Section 3: Relevant CCM Controls

Lecture 406 BCR-01 – Business Continuity Planning

Lecture 407 BCR-02 – Business Continuity Testing

Lecture 408 BCR-03 – Datacenter / Utilities Environmental Conditions

Lecture 409 BCR-04 – Operational Resilience Documentation

Lecture 410 BCR-05 – Environmental Risks

Lecture 411 BCR-06 – Equipment Location

Lecture 412 BCR-07 – Equipment Maintenance

Lecture 413 BCR-08 – Equipment Power Failures

Lecture 414 BCR-09 – Impact Analysis

Lecture 415 BCR-10 – Policy

Lecture 416 BCR-11 – Retention Policy

Lecture 417 Questions

Section 56: Chapter 11 – Incident Response

Lecture 418 Incident Response

Lecture 419 Course Outline

Lecture 420 What are we covering?

Section 57: Section 1: Incident Management

Lecture 421 Incident Management

Lecture 422 Incident Management Plan

Lecture 423 Incident Classification

Lecture 424 Security Events

Lecture 425 Logs

Lecture 426 Alerts

Lecture 427 What is an Incident?

Lecture 428 Security Incident

Lecture 429 Indication of Compromise

Lecture 430 What is Incident Handling?

Lecture 431 Difference between IH and IR

Lecture 432 Difference between IH and IR

Lecture 433 Difference between IH and IR

Lecture 434 Common Tools

Lecture 435 IPS vs WAF

Lecture 436 SOC

Lecture 437 Six Step Approach to Incident Handling

Section 58: Section 2: Forensics

Lecture 438 Cloud Forensics Challenges

Lecture 439 Methodology for Forensics

Lecture 440 Access to Data by Service Model

Lecture 441 Forensic Readiness Considerations

Lecture 442 Items to consider when collecting evidence

Section 59: Section 3: Relevant CCM Controls

Lecture 443 SEF-01 – Contract / Authority Maintenance

Lecture 444 SEF-02 – Incident Management

Lecture 445 SEF-03 – Incident Reporting

Lecture 446 SEF-04 – Legal Preparation

Lecture 447 SEF-05 – Incident Response Metrics

Lecture 448 Questions

Section 60: Chapter 12 – Application Security

Lecture 449 Application Security

Lecture 450 Course Outline

Lecture 451 What are we covering?

Section 61: Section 1: Components affecting Security

Lecture 452 Web Application Security

Lecture 453 Application Basics

Lecture 454 Application Programming Interface (API)

Lecture 455 WS-* Features Web Services

Lecture 456 Common Pitfalls

Lecture 457 Encryption Dependencies

Section 62: Section 2: Software Development Life Cycle (SDLC)

Lecture 458 Software Development Lifecycle (SDLC)

Lecture 459 Secure Software Development Lifecycle

Lecture 460 S-SDLC

Lecture 461 Software Development Lifecycle

Lecture 462 Project Initiation

Lecture 463 Requirements Phase

Lecture 464 Requirements Phase

Lecture 465 Secure Design

Lecture 466 Secure Design

Lecture 467 Development

Lecture 468 Development

Lecture 469 Unit Testing

Lecture 470 Testing

Lecture 471 Production Implementation

Lecture 472 Software Development Lifecycle (SDLC)

Section 63: Section 3: Vulnerabilities, Threats and Risks

Lecture 473 Summary

Lecture 474 OWASP Top 10

Lecture 475 A1 – Injection

Lecture 476 A2 – Broken Authentication

Lecture 477 A3 – Sensitive Data Exposure

Lecture 478 A4 – XML External Entities (XXE)

Lecture 479 A5 – Broken Access Control

Lecture 480 A6 – Security Misconfiguration

Lecture 481 A7 – Cross-Site Scripting

Lecture 482 A8 – Insecure Deserialization

Lecture 483 A9 – Using Components with Known Vulnerabilities

Lecture 484 A10 – Insufficient Logging and Monitoring

Lecture 485 Cloud Specific Risks

Lecture 486 STRIDE Threat Model

Lecture 487 Recommendations

Section 64: Section 4: Identity and Access Management (IAM)

Lecture 488 Identity and Access Management

Lecture 489 Federated Identity Management

Lecture 490 Security Assertion Markup Language 2.0 (SAML 2.0)

Lecture 491 SAML Assertion

Lecture 492 SAML Assertion Child Elements

Lecture 493 SAML Protocols

Lecture 494 SAML Bindings

Lecture 495 Open ID Connect (OIDC)

Lecture 496 OIDC Flows

Lecture 497 OIDC Flow Comparison’

Lecture 498 JSON Web Tokens Best Practices

Lecture 499 Which Federated Identity System to use?

Lecture 500 Multi-Factor Authentication

Lecture 501 Identities and Attributes

Lecture 502 Examples

Lecture 503 Identity Management

Section 65: Section 5: Software Assurance and Validation

Lecture 504 Assurance, Verification, and Validation

Lecture 505 Handling of Data

Lecture 506 ISO/IEC 27034-1

Lecture 507 Organization Normative Framework (ONF)

Lecture 508 Frameworks

Lecture 509 Application Security Testing

Lecture 510 Questions

Section 66: Chapter 13 – Encryption and Key Management

Lecture 511 Encryption and Key Management

Lecture 512 Course Outline

Lecture 513 What are we covering?

Section 67: Section 1: Review from other chapters

Lecture 514 You are the teacher now!

Lecture 515 Cryptography

Lecture 516 Encryption / Data Protection

Lecture 517 Encryption & Key Management

Lecture 518 Emerging Technologies

Section 68: Section 2: Key Management in today’s cloud services

Lecture 519 Key Management Interoperability Protocol (KMIP)

Lecture 520 KMIP

Lecture 521 Vendors offering KMIP

Lecture 522 Vendors that support KMIP

Lecture 523 Cloud Access Security Broker (CASB)

Lecture 524 Hardware Security Module (HSM)

Section 69: Section 3: Recommendations

Lecture 525 General Recommendations

Lecture 526 Recommendations – Encryption with Databases

Section 70: Section 4: Relevant CCM Controls

Lecture 527 EKM-01 – Entitlement

Lecture 528 EKM-02 – Key Generation

Lecture 529 EKM-03 – Sensitive Data Protection

Lecture 530 EKM-04 – Storage and Access

Lecture 531 Questions

Section 71: Chapter 14 – Identity, Entitlement and Access Management

Lecture 532 Identity, Entitlement and Access Management

Lecture 533 Course Outline

Lecture 534 What are we covering?

Section 72: Section 1: Introduction to Identity and Access Management

Lecture 535 Terms Used

Lecture 536 Terms Used

Lecture 537 Identity and Access Management

Lecture 538 Identity, Entitlement, & Access Management

Lecture 539 Key points to consider

Lecture 540 Identity Architecture Differences

Lecture 541 Identity Architecture Differences

Lecture 542 Generic Example

Lecture 543 Identity Federation

Lecture 544 General Usage of Federation

Section 73: Section 2: Identities and Attributes

Lecture 545 Provisioning

Lecture 546 Examples of Identities and Attributes

Lecture 547 Potential Decision Making Process

Lecture 548 Identity and the Attribute

Lecture 549 Entitlement Process

Lecture 550 Automated Approaches

Lecture 551 Interpretation Locations

Lecture 552 Authorization and Access Management

Section 74: Section 3: Options for Architectures

Lecture 553 Hub and Spoke Model

Lecture 554 Mesh or Free Form Model

Lecture 555 Free Form Model

Lecture 556 Hybrid Model

Lecture 557 Bridge or Federation Hub

Lecture 558 Provisioning Accounts

Lecture 559 Identity and Attribute Provisioning

Section 75: Section 4: The Identity

Lecture 560 Identity and Data Protection

Lecture 561 Consumerization Challenge

Section 76: Section 5: Relevant CCM Controls

Lecture 562 IAM-01 – Audit Tools Access

Lecture 563 IAM-02 – Credential Lifecycle / Provision Management

Lecture 564 IAM-02 – Continued

Lecture 565 IAM-02 – Continued

Lecture 566 IAM-03 – Diagnostic /Configuration Port Access

Lecture 567 IAM-04 – Policies and Procedures

Lecture 568 IAM-05 – Segregation of Duties

Lecture 569 IAM-06 – Source Code Access Restriction

Lecture 570 IAM-07 – Third Party Access

Lecture 571 IAM-08 – Trusted Sources

Lecture 572 IAM-09 – User Access Authorization

Lecture 573 IAM-10 – User Access Reviews

Lecture 574 IAM-11 – User Access Revocation

Lecture 575 IAM-12 – User ID-Credentials

Lecture 576 IAM-13 – Utility Programs Access

Lecture 577 Questions

Section 77: Chapter 15 – Auditing and Compliance

Lecture 578 Auditing and Compliance

Lecture 579 Course Outline

Lecture 580 What are we covering?

Section 78: Section 1: Compliance and Audit Cloud Issues

Lecture 581 GRC Value Ecosystem

Lecture 582 Assurance by CSP

Lecture 583 Assurance by CSP – Assurance Frameworks

Lecture 584 Assurance Challenges of Virtualization and Cloud

Lecture 585 Assurance Challenges of Virtualization and Cloud

Lecture 586 Assurance Challenges of Virtualization and Cloud

Lecture 587 Assurance Challenges of Virtualization and Cloud

Lecture 588 Policies

Lecture 589 Policies

Lecture 590 Risk Audit Mechanisms

Section 79: Section 2: Assurance Frameworks

Lecture 591 Assurance by CSP – Assurance Frameworks

Lecture 592 Certification Against Criteria

Lecture 593 Assurance Frameworks – ISO 2700X

Lecture 594 ISO/IEC 27001 Domains

Lecture 595 Assurance Frameworks +A736– AICPA SOC 1

Lecture 596 SOC II and SOC III

Lecture 597 Assurance Frameworks – NIST SP 800-53

Lecture 598 PCI-DSS Merchant Level

Lecture 599 PCI-DSS 12 Requirements

Lecture 600 PCI-DSS 12 Requirements

Lecture 601 Assurance Frameworks – COBIT

Lecture 602 Assurance Frameworks – AICPA/CICA Trust Services

Lecture 603 Assurance Frameworks – Cloud Security Matrix

Lecture 604 Assurance Frameworks – FedRamp

Lecture 605 NIST SP 800-144

Lecture 606 NIST SP 800-144 – Preliminary Activities

Lecture 607 NIST SP 800-144 – Initiating & Coincident Activities

Lecture 608 NIST SP 800-144 – Concluding Activities

Lecture 609 Assurance Frameworks – HITRUST

Lecture 610 Assurance Frameworks – BITS

Lecture 611 Assurance Frameworks – Jericho SAS

Lecture 612 System/Subsystem Product Certification

Lecture 613 Common Criteria Protection Profiles (PP)

Section 80: Section 3: The Audit

Lecture 614 Cloud Audit Goals

Lecture 615 Impact of Requirements Programs by the Use of Cloud

Lecture 616 Types of Audit Reports

Lecture 617 Types of Audit Reports

Lecture 618 Restrictions of Audit Scope

Lecture 619 Gap Analysis

Lecture 620 Standards Requirements (ISO/IEC 27018, GAPP)

Lecture 621 Internal ISMS

Lecture 622 Internal Information Security Control System ISO 27002:2013

Lecture 623 Cloud Computing Audit Characteristics

Lecture 624 Internal and External Audit Controls

Lecture 625 Internal and External Audit Controls

Lecture 626 Planning & Scoping the Audit

Lecture 627 Planning & Scoping the Audit

Lecture 628 Planning & Scoping the Audit

Lecture 629 Planning & Scoping the Audit

Lecture 630 Planning & Scoping the Audit

Section 81: Section 4: Relevant CCM Controls

Lecture 631 AAC-01 – Audit Planning

Lecture 632 AAC-02 – Independent Audits

Lecture 633 AAC-03 – Information System Regulatory Mapping

Lecture 634 Questions

CCSO’s courses are aptly developed for candidates with knowledge in the IT field, especially in the cloud, and have a desire to improve their learning experience and practical skills in applying cloud security.

Course Information:

Udemy | English | 15h 50m | 4.27 GB
Created by: Stone River eLearning

You Can See More Courses in the IT & Software >> Greetings from CourseDown.com

New Courses

Scroll to Top