Course Outline
Module 1. Cloud Architecture for Government
This module covers the foundational concepts of cloud computing, including definitions, architectures, and the role of virtualization. It explores cloud computing service models, delivery models, and fundamental characteristics. Additionally, it introduces the Shared Responsibilities Model and provides a framework for approaching cloud security.
Topics Covered:
- Unit 1 - Introduction to Cloud Computing
- Unit 2 - Introduction & Cloud Architecture
- Unit 3 - Cloud Essential Characteristics
- Unit 4 - Cloud Service Models
- Unit 5 - Cloud Deployment Models
- Unit 6 - Shared Responsibilities
Module 2. Infrastructure Security for Cloud Computing for Government
This module delves into the details of securing the core infrastructure for cloud computing, including cloud components, networks, management interfaces, and administrator credentials. It covers virtual networking and workload security, including an introduction to containers and serverless technologies.
Topics Covered:
- Unit 1 - Module Intro
- Unit 2 - Introduction to Infrastructure Security for Cloud Computing
- Unit 3 - Software Defined Networks
- Unit 4 - Cloud Network Security
- Unit 5 - Securing Compute Workloads
- Unit 6 - Management Plane Security
- Unit 7 - Business Continuity and Disaster Recovery (BCDR)
Module 3. Managing Cloud Security and Risk for Government
This module covers essential considerations for managing security in cloud computing environments. It begins with risk assessment and governance, then addresses legal and compliance issues, such as discovery requirements in the cloud. It also introduces important CSA risk tools, including the CAIQ, CCM, and STAR registry.
Topics Covered:
- Unit 1 - Module Introduction
- Unit 2 - Governance
- Unit 3 - Managing Cloud Security Risk
- Unit 4 - Legal Considerations
- Unit 5 - Legal Issues in Cloud Computing
- Unit 6 - Compliance
- Unit 7 - Audit
- Unit 8 - CSA Tools
Module 4. Data Security for Cloud Computing for Government
This module covers information lifecycle management in the cloud and how to apply security controls, with a focus on public cloud environments. Topics include the Data Security Lifecycle, cloud storage models, data security issues across different delivery models, and managing encryption in the cloud, including customer-managed keys (BYOK).
Topics Covered:
- Unit 1 - Module Introduction
- Unit 2 - Cloud Data Storage
- Unit 3 - Securing Data in the Cloud
- Unit 4 - Encryption for IaaS
- Unit 5 - Encryption for PaaS & SaaS
- Unit 6 - Encryption Key Management
- Unit 7 - Other Data Security Options
- Unit 8 - Data Security Lifecycle
Module 5. Application Security and Identity Management for Cloud Computing for Government
This module covers identity management and application security in cloud deployments. Topics include federated identity, different IAM applications, secure development practices, and managing application security in the cloud.
Topics Covered:
- Unit 1 - Module Introduction
- Unit 2 - Secure Software Development Life Cycle (SSDLC)
- Unit 3 - Testing & Assessment
- Unit 4 - DevOps Practices
- Unit 5 - Secure Operations
- Unit 6 - Identity & Access Management Definitions
- Unit 7 - IAM Standards
- Unit 8 - IAM in Practice
Module 6. Cloud Security Operations for Government
This module addresses key considerations when evaluating, selecting, and managing cloud computing providers. It also discusses the role of Security as a Service (SECaaS) providers and the impact of cloud on incident response.
Topics Covered:
- Unit 1 - Module Introduction
- Unit 2 - Selecting a Cloud Provider
- Unit 3 - SECaaS Fundamentals
- Unit 4 - SECaaS Categories
- Unit 5 - Incident Response
- Unit 6 - Domain 14 Considerations
- Unit 7 - CCSK Exam Preparation
Additional Material for Government
Core Account Security
This section teaches students what to configure in the first 5 minutes of opening a new cloud account, including enabling security controls such as multi-factor authentication (MFA), basic monitoring, and identity and access management (IAM).
IAM and Monitoring In-Depth
Attendees expand on their initial lab work by implementing more complex identity management and monitoring. This includes expanding IAM with attribute-based access controls, setting up security alerting, and understanding how to structure enterprise-scale IAM and monitoring.
Network and Instance Security
Students create a virtual private cloud (VPC) and implement a baseline security configuration. They also learn how to securely select and launch a virtual machine (instance), run a vulnerability assessment in the cloud, and connect to the instance.
Encryption and Storage Security
Students expand their deployment by adding an encrypted storage volume managed with customer-managed keys (BYOK). They also learn how to secure snapshots and other data.
Application Security and Federation
Students complete the technical labs by fully building out a 2-tier application and implementing federated identity using OpenID.
Risk and Provider Assessment
Students use the Cloud Security Alliance (CSA) Cloud Controls Matrix and STAR registry to evaluate risk and select a cloud provider.
Testimonials (1)
The way in which he explained to us during the 2 days and his way of being, which makes learning enjoyable.
