ariel litvin - ccsk
DESCRIPTION
TRANSCRIPT
![Page 1: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/1.jpg)
!Certificate of Cloud Security Knowledge!
(CCSK)!
Ariel Litvin, CSA Israel December, 2010
![Page 2: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/2.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Basic Facts
• Online test of individual knowledge in cloud security
• Launched Sept 1, 2010
• 50 Questions, 60 Minutes, 80% to Pass
• The CCSK costs $295 USD (or $195 USD)
![Page 3: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/3.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Required Knowledge
• CSA Guidance V2.1
• ENISA’s report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”
Download Links: • CSA Guidance: http://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
• ENISA: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
• CCSK Study Guide: http://cloudsecurityalliance.org/CCSK-prep.pdf
![Page 4: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/4.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Examination Domains
Domain 1 NIST Definition of Cloud Computing (Essential Characteristics, Cloud Service Models, Cloud Deployment Models) Multi-Tenancy Cloud Reference Model Jericho Cloud Cube Model Cloud Security Reference Model Cloud Service Brokers
Domain 2 Contractual Security Requirements Enterprise and Information Risk Management Third Party Management Recommendations Domain 3 Cloud versus outsourcing Three dimensions of legal issues Contract enforceability eDiscovery considerations Jurisdictions and data locations
![Page 5: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/5.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Examination Domains Domain 4 Compliance impact on cloud contracts SAS 70 Type II ISO 27001/27002 Compliance analysis requirements Auditor requirements Domain 5 Six phases of the Data Security Lifecycle and their key elements Data Remanence Data Commingling Data Backup Data Discovery Data Aggregation Domain 6 Key Portability Objectives of S-P-I Lock-In risk mitigation techniques by cloud delivery model Domain 7 Insider Abuse Business Continuity Management/Disaster Recovery due diligence Provider employee considerations
![Page 6: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/6.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Examination Domains
Domain 8 Provider selection Resource sharing Patch management Technical support Domain 9 Recommended provider tools and capabilities Response tradeoffs Questionable provider offerings Domain 10 SDLC impact and implications Differences in S-P-I models
![Page 7: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/7.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Examination Domains
Domain 11 Key management best practices Key management standards Encryption practices in S-P-I models Domain 12 Identity Federation Authorization Access Control Provisioning Domain 13 Virtual Machine security features VM attack surfaces Compartmentalization of VMs
![Page 8: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/8.jpg)
www.cloudsecurityalliance.org Copyright © 2010 Cloud Security Alliance
Additional CSA Projects
• Enabling GRC in clouds, leveraging key CSA projects
• Suite of tools, best practices and technology
• Consolidate industry research & simplify GRC in the cloud
• For cloud providers, enterprises, solution providers and audit/compliance
![Page 9: Ariel Litvin - CCSK](https://reader034.vdocuments.mx/reader034/viewer/2022050808/548f3dd5b4795956138b4dd6/html5/thumbnails/9.jpg)
www.cloudsecurityalliance.org
Thank you!