C)CSO: Certified Cloud Security Officer

The Cloud is being widely adopted today for a diverse set of reasons. However, many are finding that security in the cloud is a huge challenge. The C)CSO looks to fill the gap in cloud security education and give you the skills you need to develop strong cloud security.

Description

Overview

The Cloud is being widely adopted today for a diverse set of reasons. However, many are finding that security in the cloud is a huge challenge. The C)CSO looks to fill the gap in cloud security education and give you the skills you need to develop strong cloud security.

What makes this course powerful is the pairing of knowledge from leading cloud security authorities, with practical lab exercises. You will leave the course with a solid understanding of the cloud stack having been introduced to many technologies used in the cloud. Whether you are implementing private cloud architecture or managing solutions from various vendors, this course is for you.

Course Objectives

Upon completion, Certified Cloud Security Officer students will understand Cloud security from a real-world viewpoint and comprehend the industry security standards. The student will also be prepared to take the C)CSO exam.

Who Should Attend

  • Virtualization Admins
  • Cloud Security Officers
  • CIOs
  • Virtualization and Cloud Auditors
  • Virtualization and Cloud Compliance Officers

Course Outline

Module 1: Introduction to Cloud Computing and Architecture

  • Cloud Computing Terminology
  • Cloud Computing Definition
  • Cloud Computing Characteristics
  • Cloud Computing Benefits
  • Cost Benefit Analysis Reference Model
  • What is Security for the Cloud?

Module 2: Cloud Risks

  • Cloud Migration Security Evaluation
  • ENISA Risk Evaluation
  • Cloud Controls Matrix
  • Relevant CCM Controls

Module 3: ERM and Governance

  • Application of Governance and Risk Management to the Cloud
  • Importance of the SLA
  • Relevant CCM controls

Module 4: Legal Issues

  • Understanding Unique Risks in the Cloud International Law and Potential Conflicts eDiscovery
  • Contract Considerations
  • Relevant CCM Controls

Module 5: Virtualization

  • Virtualization Principles
  • Key Components Mapped to Cloud Layer
  • Key Security Concerns
  • Other Technologies Used in the Cloud
  • The Layers
  • Relevant CCM Controls

Module 6: Data Security

  • Cloud Data Life Cycle
  • Design and Implement Cloud Data Storage Architectures
  • Design and Apply Data Security Strategies Understand and Implement Data Discovery and Classification Technologies
  • Design and Implement Relevant Jurisdictional Data Protection for PII
  • Design and Implement Data Rights Management
  • Plan and Implement Data Retention, Deletion and Archival Policies
  • Design and Implement Auditability, Traceability, and Accountability of Data Events
  • Relevant CCM Controls

Module 7: Data Center Operations

  • Build Logical Infrastructure for Cloud Environment
  • Manage Logical Infrastructure for Cloud Environment
  • Manage Communications with Relevant Parties
  • Relevant CCM Controls

Module 8: Interoperability and Portablility

  • Interoperability
  • Portability
  • Relevant CCM Controls

Module 9: Traditional Security

  • The Physical Environment
  • Support the Planning Process for the Data Center Design
  • Run Physical Infrastructure for Cloud Environment
  • Implement and Build Physical Infrastructure for Cloud Environment
  • Manage Physical Infrastructure for Cloud Environment
  • Relevant CCM Controls

Module 10: BCM and DR

  • Disaster Recovery and Business Continuity Management
  • Examples
  • Relevant CCM Controls

Module 11: Incident Response

  • Incident Response
  • Forensics
  • Relevant CCM Controls

Module 12: Application Security

  • Training and Awareness
  • Secure Software Development Life Cycle Process
  • Application of the Secure Software Development Life Cycle
  • Verifying the use of Secure Software
  • Identity and Access Management (IAM) Solutions
  • Additional components for the Cloud Software Assurance and Validation
  • Relevant CCM Controls

Module 13: Encryption and Key Management

  • Review from other chapters
  • Key Management in today’s cloud services
  • Recommendations
  • Relevant CCM Controls

Module 14: Identity, Entitlement and Access Management

  • Introduction to Identity and Access Management Identities and Attributes
  • Architectures for Interfacing to Identity and Attribute Providers
  • The Identity Recommendations
  • Relevant CCM Controls

Module 15: Auditing and Compliance

  • Compliance and Audit Cloud Issues Assurance Frameworks
  • Auditing
  • Relevant CCM Controls

Labs

  • Cloud Migration Evaluation
  • Service Level Agreement (SLA) Compliance
  • Virtualization 101
  • Understanding Network Traffic
  • Hardening your Virtual Machines
  • ESXi Host Hardening
  • Hardening vCenter
  • Basics of Data Security in Azure
  • IaaS
  • Deploying a Cloud
  • Basic Data Center Operations in Azure Interoperability and Portability
  • Business Continuity in Azure
  • PaaS in Azure
  • Encryption in Azure
  • Identity and Access Management in Azure
  • SaaS
  • S-P-I Model Exercise
  • Cloud Business Driver Audit Exercise
  • IaaS Risk Assessment
  • Identity and Access Control Management in the Private Cloud VM Security Audit
  • Encryption/Key Management in SaaS

Prerequisites

  • Minimum 12 months experience with general security
  • 12 months experience with virtualization technology or equivalent knowledge
  • General understanding of cloud architectures

Similar courses

This course was built to incorporate a unique, in-depth, and interactive hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential.

More Information

CompTIA A+ is the industry standard for launching IT careers into today’s digital world. CompTIA A+ Core 1 (Exam 220-1101) covers mobile devices, networking technology, hardware, virtualization, cloud computing and network troubleshooting.

More Information

The CCISO program is a first-of-its-kind training and certification course that aims to produce cybersecurity executives of the highest caliber and ethics.

More Information

The principles of Scrum and be able to identify Scrum-appropriate projects The various Scrum roles, ceremonies, and artifacts The responsibilities and the core competencies of an effective Scrum Master Best-practices on how to build and guide an effective Scrum team An understanding of user stories and techniques to prioritize and manage a product backlog Ways to communicate Scrum team progress throughout all levels of the organization Everything you need to know to pass the 50 question CSM test.

More Information

This course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and handle incidents as they occur.

More Information

This course is designed to teach those in a systems administrator or Development Operations (DevOps) role how to create automatable and repeatable deployments of networks and systems on the AWS platform. The course covers the specific AWS features and tools related to configuration and deployment, in addition to best practices for configuring and deploying systems.

More Information

This course will build on existing knowledge from the CompTIA A+ 1101 course. This course will provide fundamental level skills and theoretical concepts to prepare you for real-world experiences on the job as a technician. CompTIA A+ is the industry standard for launching IT careers into today’s digital world. CompTIA A+ Core 2 (Exam 220-1102) covers installing and configuring operating systems, expanded security, software troubleshooting and operational procedures.

More Information

This course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

More Information

Certified Information Systems Auditor (CISA) Boot Camp is a five-day training focused on preparing you for the ISACA CISA exam. You’ll leave with the knowledge and domain expertise needed to pass the CISA exam the first time you take it.

More Information

CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. This course was built to incorporate a unique, in-depth, and interactive hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential.

More Information

CompTIA Cloud+ is a global certification that validates the skills needed to deploy and automate secure cloud environments that support the high availability of business systems and data. It is ideal for cloud engineers who need to have expertise across multiple products and systems. CompTIA Cloud+ is the only cloud focused certification approved for DoD 8570.01-M, offering an infrastructure option for individuals who need to certify in IAM Level I, CSSP Analyst and CSSP Infrastructure Support roles.

More Information

CompTIA Security+ is a global certification that validates the foundational cybersecurity skills necessary to perform core security functions and pursue an IT security career. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. CompTIA Security+ is compliant with ISO 17024 standards and approved by the U.S. DoD to meet Directive 8140.03M requirements.

More Information

This course provides foundational knowledge on the considerations and benefits of adopting cloud services and the Software as a Service (SaaS) cloud model, with a specific focus on Microsoft 365 cloud service offerings.

More Information

Gain a broad view of how to respond to a cybersecurity incident while preparing for the CyberSec First Responder certification.

More Information

CompTIA Data+ is an early-career data analytics certification for professionals tasked with developing and promoting data-driven business decision-making that gives learners the confidence to bring data analysis to life.

More Information

This course shows you how to apply various approaches and algorithms to solve business problems through Artificial Intelligence (AI) and Machine Learning (ML), follow a methodical workflow to develop sound solutions, use open source, off-the-shelf tools to develop, test, and deploy those solutions, and ensure that they protect the privacy of users. This course includes hands on activities for each topic area.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. CompTIA A+ Core 1 covers mobile devices, networking technology, hardware, virtualization and cloud computing and network troubleshooting. This exam cram session is included with the A+ Core 1 course.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. CompTIA A+ Core 2 covers installing and configuring operating systems, expanded security, software troubleshooting and operational procedures. This exam cram session is included with the A+ Core 2 course.

More Information

CompTIA Network+ certification exam covers the latest trends in networking and validates the core skills necessary to establish, maintain, troubleshoot and secure networks in any environment, preparing learners for a rewarding career in networking and cybersecurity. Students gain a wide range of technical and hands-on skills required of today’s early-career network administrators. Network+ is Approved for DoD 8140.03.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. Network+ exam covers the core skills necessary to establish, maintain, troubleshoot and secure networks regardless of technology or platform. This exam cram session is included with the Network+ course.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. Security+ covers the most in-demand skills related to current threats, automation, zero trust, IoT, risk – and more. This exam cram session is included with the Security+ course.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. Cloud+ covers the expertise needed to deploy and automate secure cloud environments and protect mission-critical applications and data. This exam cram session is included with the Cloud+ course.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. Cloud+ covers mining and manipulating data, applying basic statistical methods, and analyzing complex datasets. This exam cram session is included with the Data+ course.

More Information

This five-day course teaches you advanced skills for configuring and maintaining a highly available and scalable virtual infrastructure. Through a mix of lecture and hands-on labs, you configure and optimize the VMware vSphere 8 features that build a foundation for a truly scalable infrastructure. You also discuss when and where these features have the greatest effect. Attend this course to deepen your understanding of vSphere and learn how its advanced features and controls can benefit your organization.

More Information

The Certified Information Systems Security Manager (C-ISSM) course covers the skills and knowledge to assess threat analysis & risks, risk & incident management, security programs & CISO roles, IS security strategy & frameworks, audit & risk management creation of policies, compliance & awareness, as well as DR & BCP development, deployment & maintenance. This course not only covers ISACA®'s CISM exam, but will provide a measurable certification that demonstrates proficiency in the IS Management field.

More Information

This scenario-based course focuses on computer security as an applied process across job roles and industries. The course also helps to prepare students for achieving the widely regarded Certified Information Systems Security Professional (CISSP) certification.

More Information

This course shows you the fundamentals of building IT infrastructure on the AWS platform. You learn how to optimize the AWS Cloud by understanding AWS services and how they fit into cloud-based solutions. You explore best practices and design patterns to help you architect optimal IT solutions on AWS, then build and explore a variety of infrastructures through guided, hands-on activity. You learn how to create fledgling architectures and build them into robust and adaptive solutions.

More Information

This fundamental-level, full-day course is intended for individuals who seek an overall understanding of the AWS Cloud, independent of specific technical roles. It provides a detailed overview of cloud concepts, AWS services, security, architecture, pricing, and support. It includes lab exercises reinforcing some of the core concepts of the lecture. This course also helps you prepare for the AWS Certified Cloud Practitioner exam.

More Information

In this course, you will learn how to use the AWS SDK for developing secure and scalable cloud applications. The course provides in-depth knowledge about how to interact with AWS using code and covers key concepts, best practices, and troubleshooting tips.

More Information

This class uses the standard VMware vSphere class outline as a base but adds additional focus on vSphere troubleshooting - giving students a more practical learning experience compared with the standard course introductory vSphere class.

More Information

This is an introductory course. Students will learn the fundamentals of database concepts in a cloud environment, get basic skilling in cloud data services, and build a foundational knowledge of cloud data services within Microsoft Azure. Students will identify and describe core data concepts such as relational, non-relational, big data, and analytics, and explore how this technology is implemented with Microsoft Azure. You will explore the roles, tasks, and responsibilities in the world of data.

More Information

This course will provide foundational level knowledge on cloud concepts; core Azure services; and Azure management and governance features and tools.

More Information

This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations.

More Information

This course covers the following key elements of Microsoft 365 administration: Microsoft 365 tenant management, Microsoft 365 identity synchronization, and Microsoft 365 security and compliance.

More Information

The Microsoft Identity and Access Administrator course explores how to design, implement, and operate an organization’s identity and access management systems by using Microsoft Entra ID (Formerly Azure AD). Learn to manage tasks such as providing secure authentication and authorization access to enterprise applications. You will also learn to provide seamless experiences and self-service management capabilities for all users.

More Information

Learn how to protect information in your Microsoft 365 deployment. This course focuses on data governance and information protection within your organization. The course covers implementation of data loss prevention policies, sensitive information types, sensitivity labels, data retention policies and Office 365 message encryption among other related topics. The course helps learners prepare for the Microsoft Information Protection Administrator exam (SC-400).

More Information

The Certified Security Principles (C)SP) course is going to prepare you for security across the entire environment including understanding risk management, identity and access control, network and data security. This is just a short list of everything covered within this course, which will include new technologies like IoT and cloud services. This course is intended to prepare you to become a benefit to any company attempting to improve its security posture.

More Information

The Certified Cybersecurity Systems Auditor (C)CSSA) course covers the skills and knowledge to assess vulnerabilities, report on compliance and implement controls for private and public enterprises. Many organizations require a Cybersecurity System Auditor's expert knowledge when it comes to identifying critical issues and providing effective auditing solutions.

More Information

The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/officer. You will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance of IS management. Whether you’re responsible for the management of a Cybersecurity team, a Security Officer, an IT auditor or a Business Analyst, the C)ISSO certification course is an ideal way to increase your knowledge, expertise and skill.

More Information

A Certified Disaster Recovery Engineer (C)DRE) is the superhero of an Information System. Disaster recovery (DR) and business continuity planning (BCP) is the process of having a professional work with a business to prepare processes, policies, and procedures to follow in the event of a disruption. The C)DRE prepares students to plan and present the latest methodologies and best practices for real-world system recovery.

More Information

To protect an information system you need to be able to see that system through the eyes of the attacker. The Certified Professional Ethical Hacker certification course is the foundational training to a line of penetration testing courses because it teaches you to think like a hacker. Therefore, you can set up dynamic defenses to prevent intrusion.

More Information

A Certified Penetration Testing Engineer (C)PTE) imagines all of the ways that a hacker can penetrate a data system. In this course you will learn 5 Key Elements of Pen Testing, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data and learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk.

More Information

The Certified Secure Web Application Engineer (C)SWAE) course is delivered by high level OWASP experts and students can expect to obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats. You will learn how to develop web applications that aren't subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack.

More Information

The course focuses on common data engineering tasks such as orchestrating data transfer and transformation pipelines, working with data files in a data lake, creating and loading relational data warehouses, capturing and aggregating streams of real-time data, and tracking data assets and lineage.

More Information

This course teaches developers how to create applications using the SQL API and SDK for Azure Cosmos DB. Students will learn how to write efficient queries, create indexing policies, manage and provision resources, and perform common operations with the SDK.

More Information

In this course students will learn the various security, compliance, and identity concepts. After attending you will be able to describe the capabilities of Microsoft’s identity and access management solutions and Microsoft security and compliance solutions.

More Information