Ariel Litvin - CCSK

1,588 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,588
On SlideShare
0
From Embeds
0
Number of Embeds
21
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ariel Litvin - CCSK

  1. 1. ! Certificate of Cloud Security Knowledge! (CCSK)! CSA Israel Ariel Litvin,December, 2010
  2. 2. Basic Facts• Online test of individual knowledge in cloud security• Launched Sept 1, 2010• 50 Questions, 60 Minutes, 80% to Pass• The CCSK costs $295 USD (or $195 USD)
  3. 3. Required Knowledge CSA Guidance V2.1 ENISA’s report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”Download Links: CSA Guidance: http://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf ENISA: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment CCSK Study Guide: http://cloudsecurityalliance.org/CCSK-prep.pdf
  4. 4. Examination Domains main 1ST Definition of Cloud Computing (Essential Characteristics, Cloud Service Models, Cloud Deploymentodels) lti-Tenancyoud Reference Model icho Cloud Cube Modeloud Security Reference Modeloud Service Brokersmain 2ntractual Security Requirementsterprise and Information Risk Managementrd Party Management Recommendations main 3oud versus outsourcingree dimensions of legal issues ntract enforceability iscovery considerations isdictions and data locations
  5. 5. Examination Domains main 4 mpliance impact on cloud contracts S 70 Type IIO 27001/27002 mpliance analysis requirementsditor requirementsmain 5 phases of the Data Security Lifecycle and their key elementsta Remanenceta Comminglingta Backupta Discoveryta Aggregationmain 6y Portability Objectives of S-P-Ick-In risk mitigation techniques by cloud delivery model main 7 ider Abusesiness Continuity Management/Disaster Recovery due diligenceovider employee considerations
  6. 6. Examination Domains main 8ovider selectionsource sharingtch managementchnical supportmain 9commended provider tools and capabilitiessponse tradeoffsestionable provider offeringsmain 10 LC impact and implicationsferences in S-P-I models
  7. 7. Examination Domains main 11 y management best practices y management standards cryption practices in S-P-I models main 12 ntity Federationthorizationcess Controlovisioning main 13 tual Machine security featuresM attack surfaces mpartmentalization of VMs
  8. 8. Additional CSA Projects Enabling GRC in clouds, leveraging key CSA projects Suite of tools, best practices and technology Consolidate industry research & simplify GRC in the cloud For cloud providers, enterprises, solution providers and audit/compliance
  9. 9. Thank you!

×