English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 161 lectures (18h 39m) | 12.00 GB
Covering all six domains of the August 2022 exam update!
In this course we walk through all of the critical concepts within the Certified Cloud Security Professional exam outline. I will guide you through all of the concepts that you need to know and advise you on the level of knowledge that you need to get comfortable with.
There are over 18 hours of video content. There are a variety of reference documents throughout the course. Do watch for them. They include my cloud guardians book, my slides, as well as other useful documents such as the CSA guidance 4.0.
We will explore information security in the cloud. A lot of information security remains the same when you transition to the cloud, but a lot changes. Everything is in here from Governance, Risk management, and Compliance (GRC) to encryption and building data centers.
Most of this exam you should think from a customer perspective looking toward the cloud provider. However, there are points, especially in domains three and five, that the perspective of the exam question can and will change to that of a cloud provider.
A solid understanding of networking involved in data centers is explored including firewalls, network security groups, intrusion detection systems, intrusion prevention systems and more. Fundamentally this is a datacenter course. If networking is a new topic to watch and learn about networking.
There is plenty of information in here about the cloud and how it works. What I do say though, is the more you know the easier this test gets. 20 years of teaching CISSP and a deep dive into OpenStack made this exam easy for this instructor. Be careful, this is not an easy test, but the more you know the easier it gets.
What you’ll learn
- Understand the architecture of the cloud, from the customer and provider perspectives.
- Understand security within the cloud. e.g., encryption, firewalls, network security groups, etc.
- Understand Identity and Access Management within the cloud.
- Be able to discuss the shared responsibility model for cloud structures.
- Be able to describe the relationship between laws, international and country standards, contracts and the cloud.
- Have a clear understanding of the o
Table of Contents
Introduction
1 Overview of the CCSP test
Domain 1 – Architecture and Design – 17%
2 Introduction
3 Governance, Risk Management & Compliance
4 Service Models
5 The Cloud and It’s Contracts
6 Building the cloud
7 Securing the cloud
8 Control Verification
9 Threats to the Cloud
10 Related technologies
Domain 2- Cloud Data Security – 19%
11 Introduction to Cloud Data Security
12 Cloud Data Lifecycle
13 Data Protection Policy
14 Data Classification
15 Data Science
16 Data Governance
17 Structured Data – Database and Data Warehouse
18 Unstructured data – Big Data
19 Data Storage
20 Data Dispersion
21 Application Programming Interface
22 Intro to Encryption
23 Encryption Data in Use
24 Encrypt Data at rest
25 Encrypt Data in Transit SSH
26 Encrypt Data in Transit TLS
27 Encrypt Data in Transit IPSec
28 Symmetric Encryption
29 Intro to Asymmetric Encryption
30 Use of Public & Private Keys
31 Hashing
32 Key storage locations
33 Key Management
34 Public Key Infrastructure (PKI)
35 Key Storage Hardware – TPM & HSM
36 FIPS 140-2 and -3
37 Masking
38 Tokenization
39 Obfuscation
40 Anonymization
41 Maturity Models
42 DRM & IRM
43 Emerging Technologies
Domain 3
44 Intro to Platform and Infrastructure
45 Architecture
46 Compute, Storage and Network
47 Intro to Networking & Switches
48 Virtual and Virtualized LANs
49 IP & Routers
50 Software Defined Networking (SDN)
51 Content Defined Networking (CDN)
52 Virtual Private Networks
53 Domain Name System (DNS)
54 OS Hardening
55 DRS and DO
56 NSG and SAN
57 Data Storage
58 RAID & Erasure Coding
59 Egregious 11 Number 1-5
60 Egregious 11 Number 6-11
61 Treacherous 12
62 Risk Appetite
63 Risk Tolerance
64 Basic Risk terms
65 Quantitative Risk Assessment
66 Qualitative Risk Assessment
67 Risk Response
68 Basic IAAA intro
69 Authorization and RBAC
70 Attribute Based Access Control (ABAC)
71 Single Sign-On (SSO)
72 SAML
73 OAuth and OpenID
74 CASB
75 Firewalls
76 IDS and IPS
77 Micro Segmentation
78 Hyper Segmentation
79 Blast Radius
80 Database and File Activity Monitors
81 Data Leak Prevention (DLP)
82 Hot & Cold Air Aisles
83 Data Center Tiers
84 BCM Introduction
85 The beginning of BCPDRP planning
86 Business Impact Assessment part 1
87 Business Impact Assessment – MTD & RTO
88 Business Impact Assessment – RTO & RPO
89 Business Impact Assessment -SDO & RSL
90 Recovery Strategies
91 Testing of the Plan
92 Embed in the User Community
Domain 4
93 Introduction and What is Clean Code
94 Software Development Life Cycle (SDLC)
95 Supply Chain Management
96 Software Development Methodologies
97 DevOps Practices
98 Xtra -My thoughts numbers 4 the test
99 CICD and DevSecOps
100 Software Verification and Validation
101 Software Testing
102 SANS Top 10 of 25 Programming Errors
103 OWASP Top 4 Programming Errors to know
104 ISO 27034
105 Sandbox
106 Threat Modeling
107 Orchestration
Domain 5
108 Introduction to Operations
109 Building Secure Data Center
110 Manage Cloud Environment DC
111 Patch Management
112 FirewallsNSG
113 IDSIPS
114 ITILISO 20000
115 ITIL ContinuityIncidentProblem management
116 Security Operations Center (SOC)
117 Logging
118 Packet Capture
119 Data Center Tiers – Tier 1 & 2
120 Data Center Tiers – Tier 3 & 4
121 Honeypots
122 Vulnerability Assessments & Penetration Testing
123 Penetration Testing Process
124 Data and Media Sanitization
125 Business Continuity Management
126 BCM – Issues
127 Business Continuity Plans – Policy
128 Project Management & Initiation
129 Business Impact Assessment (BIA)
130 BIA – MTD to Disaster Declaration
131 BIA – RTO & RPO
132 BIA – SDO & RSL
133 Disaster Recovery Strategies
134 Document the plan
135 Implement, Test, and Update
136 Embed In the user community
Domain 6
137 Introduction to the Legal domain
138 Privacy laws and regulations introduction
139 General Data Protection Regulation (GDPR)
140 Additional Privacy Laws
141 Privacy Management Framework (PMF) and Maturity Model (PMM)
142 FedRAMP and CLOUD Act
143 PCI
144 PCI Requirements 1-3
145 PCI Requirements 4-6
146 PCI Requirements 7-12
147 ITAR and EAR
148 Industrial Control Systems
149 Audits
150 Gap analysis and CSA STAR, CCM & CAIQ
151 CSA STAR and CCM
152 Risk Apetite
153 Risk Tolerance
154 Quantitative Risk Assessment
155 Basic Risk Terminology
156 Qualitative Risk Assessment
157 Risk Response
158 Forensics Intro
159 Basic Cloud Forensics
160 E-Discovery
161 Basic Forensic Rules
Resolve the captcha to access the links!