Key Examination Concept I:
CSA Guidance For Critical Areas of Focus in Cloud Computing V 4.0 English

Domain 1: Cloud Computing Concepts and Architectures

• Definitions of Cloud Computing
• Service Models
• Deployment Models
• Reference and Architecture Models
• Logical Model
• Cloud Security Scope, Responsibilities, and Models
• Areas of Critical Focus in Cloud Security

Domain 2: Governance and Enterprise Risk Management

• Tools of Cloud Governance
• Enterprise Risk Management in the Cloud
• Effects of various Service and Deployment Models
• Cloud Risk Trade-offs and Tools

Domain 3: Legal Issues, Contracts and Electronic Discovery

• Legal Frameworks Governing Data Protection and Privacy
• Cross-Border Data Transfer
• Regional Considerations
• Contracts and Provider Selection
• Contracts
• Due Diligence
• Third-Party Audits and Attestations
• Electronic Discovery
• Data Custody
• Data Preservation
• Data Collection
• Response to a Subpoena or Search Warrant

Domain 4: Compliance and Audit Management

• Compliance in the Cloud
• Compliance impact on cloud contracts
• Compliance scope
• Compliance analysis requirements
• Audit Management in the Cloud
• Right to audit
• Audit scope
• Auditor requirements

Domain 5: Information Governance

• Governance Domains
• Six phases of the Data Security Lifecycle and their key elements
• Data Security Functions, Actors and Controls

Domain 6: Management Plane and Business Continuity

1. Business Continuity and Disaster Recovery in the Cloud
2. Architect for Failure
3. Management Plane Security

Domain 7: Infrastructure Security

1. Cloud Network Virtualization
2. Security Changes With Cloud Networking
3. Challenges of Virtual Appliances
4. SDN Security Benefits
5. Micro-segmentation and the Software Defined Perimeter
6. Hybrid Cloud Considerations
7. Cloud Compute and Workload Security

Domain 8: Virtualization and Containers

1. Major Virtualizations Categories
2. Network
3. Storage
4. Containers

Domain 9: Incident Response

1. Incident Response Lifecycle
2. How the Cloud Impacts IR

Domain 10: Application Security

1. Opportunities and Challenges
2. Secure Software Development Lifecycle
3. How Cloud Impacts Application Design and Architectures

Domain 11: Data Security and Encryption

1. Data Security Controls
2. Cloud Data Storage Types
3. Managing Data Migrations to the Cloud
4. Securing Data in the Cloud

Domain 12: Identity, Entitlement, and Access Management

1. IAM Standards for Cloud Computing
2. Managing Users and Identities
3. Authentication and Credentials
4. Entitlement and Access Management

Domain 13: Security as a Service

1. Potential Benefits and Concerns of SecaaS
2. Major Categories of Security as a Service Offerings

Domain 14: Related Technologies

1. Big Data
2. Internet of Things
3. Mobile
4. Serverless Computing

Key Examination Concept II:
ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security

• Isolation failure
• Economic Denial of Service
• Licensing Risks
• VM hopping
• Five key legal issues common across all scenarios
• Top security risks in ENISA research
• OVF
• Underlying vulnerability in Loss of Governance
• User provisioning vulnerability
• Risk concerns of a cloud provider being acquired
• Security benefits of cloud
• Risks R.1 – R.35 and underlying vulnerabilities
• Data controller versus data processor definitions
• In Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring

Key Examination Concept III:
Cloud Security Alliance – Cloud Controls Matrix

• CCM Domains
• CCM Controls
• Architectural Relevance
• Delivery Model Applicability
• Scope Applicability
• Mapped Standards and Frameworks

CCSK Exam Format

This is an open-book, online exam, completed in 90 minutes with 60 multiple-choice questions selected randomly from the CCSK question pool. The minimum passing score is 80%.

Exam Question Format

All questions are multiple choice or true or false.