Key Examination Concept I:
CSA Guidance For Critical Areas of Focus in Cloud Computing V 4.0 English

Domain 1: Cloud Computing Concepts and Architectures
  • Definitions of Cloud Computing
    • Service Models
    • Deployment Models
    • Reference and Architecture Models
    • Logical Model
  • Cloud Security Scope, Responsibilities, and Models
  • Areas of Critical Focus in Cloud Security

Domain 2: Governance and Enterprise Risk Management
  • Tools of Cloud Governance
  • Enterprise Risk Management in the Cloud
  • Effects of various Service and Deployment Models
  • Cloud Risk Trade-offs and Tools

Domain 3: Legal Issues, Contracts and Electronic Discovery
  • Legal Frameworks Governing Data Protection and Privacy
    • Cross-Border Data Transfer
    • Regional Considerations
  • Contracts and Provider Selection
    • Contracts
    • Due Diligence
    • Third-Party Audits and Attestations
  • Electronic Discovery
    • Data Custody
    • Data Preservation
    • Data Collection
    • Response to a Subpoena or Search Warrant

Domain 4: Compliance and Audit Management
  • Compliance in the Cloud
    • Compliance impact on cloud contracts
    • Compliance scope
    • Compliance analysis requirements
  • Audit Management in the Cloud
    • Right to audit
    • Audit scope
    • Auditor requirements

Domain 5: Information Governance
  • Governance Domains
  • Six phases of the Data Security Lifecycle and their key elements
  • Data Security Functions, Actors and Controls

Domain 6: Management Plane and Business Continuity
  1. Business Continuity and Disaster Recovery in the Cloud
  2. Architect for Failure
  3. Management Plane Security
Domain 7: Infrastructure Security
  1. Cloud Network Virtualization
  2. Security Changes With Cloud Networking
  3. Challenges of Virtual Appliances
  4. SDN Security Benefits
  5. Micro-segmentation and the Software Defined Perimeter
  6. Hybrid Cloud Considerations
  7. Cloud Compute and Workload Security

Domain 8: Virtualization and Containers
  1. Major Virtualizations Categories
  2. Network
  3. Storage
  4. Containers

Domain 9: Incident Response
  1. Incident Response Lifecycle
  2. How the Cloud Impacts IR

Domain 10: Application Security
  1. Opportunities and Challenges
  2. Secure Software Development Lifecycle
  3. How Cloud Impacts Application Design and Architectures

Domain 11: Data Security and Encryption
  1. Data Security Controls
  2. Cloud Data Storage Types
  3. Managing Data Migrations to the Cloud
  4. Securing Data in the Cloud

Domain 12: Identity, Entitlement, and Access Management
  1. IAM Standards for Cloud Computing
  2. Managing Users and Identities
  3. Authentication and Credentials
  4. Entitlement and Access Management

Domain 13: Security as a Service
  1. Potential Benefits and Concerns of SecaaS
  2. Major Categories of Security as a Service Offerings

Domain 14: Related Technologies
  1. Big Data
  2. Internet of Things
  3. Mobile
  4. Serverless Computing

Key Examination Concept II:
ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security

  • Isolation failure
  • Economic Denial of Service
  • Licensing Risks
  • VM hopping
  • Five key legal issues common across all scenarios
  • Top security risks in ENISA research
  • OVF
  • Underlying vulnerability in Loss of Governance
  • User provisioning vulnerability
  • Risk concerns of a cloud provider being acquired
  • Security benefits of cloud
  • Risks R.1 – R.35 and underlying vulnerabilities
  • Data controller versus data processor definitions
  • In Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring

Key Examination Concept III:
Cloud Security Alliance – Cloud Controls Matrix

  • CCM Domains
  • CCM Controls
  • Architectural Relevance
  • Delivery Model Applicability
  • Scope Applicability
  • Mapped Standards and Frameworks

CCSK Exam Format

This is an open-book, online exam, completed in 90 minutes with 60 multiple-choice questions selected randomly from the CCSK question pool. The minimum passing score is 80%.

Exam Question Format

All questions are multiple choice or true or false.