Post-Conference Full Day Trainings 8 CPEs

Certificate of Cloud Security Knowledge

December 13, 2018
9:00 AM – 5:00 PM
Rich Mogull, Analyst & CEO, Securosis

The CCSK Foundation class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the CSA CCSK exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the CSA, a general overview of the structure and function of CSA’s Cloud Controls Matrix (CCM) document, and the recommendations from the European Network and Information Security Agency (ENISA). This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).

*After completing this training attendees will be provided with a token to take the test free of charge. The token expires one year after this training.

Cloud Control Matrix

December 13, 2018  
9:00 AM – 5:00 PM
Jon-Michael C. Brook, Principal, Guide Holdings, LLC

This training course is designed to provide training for CSA's Cloud Controls Matrix (CCM), which is a part of CSA’s GRC Stack toolkit. The course will also provide an introduction to the Consensus Assessments Initiative Questionnaire (CAIQ) and CSA Security, Trust & Assurance Registry (STAR).

Course curriculum will center on:

  • Introduction to Cloud
  • Introduction & Purpose of Cloud Controls Matrix
  • Cloud Controls Matrix Structure
  • Cloud Controls Matrix Domains
  • Intro to CAIQ and STAR, the Future, Summary

Upon completion of this training, the attendee should be able to use the CCM and CAIQ to be able to: 

For a cloud vendor:

  • Comply with fundamental cloud security principles and requirements included in relevant security standards and legislations
  • Assess the security posture
  • Compare yourself with competitors and industry benchmark

For a cloud customer or cloud auditor:

  • Assess the overall level of security offered by cloud provider
  • Build the necessary assessment processes for engaging with cloud providers
  • Leverage the mapping with other industry-accepted security standards, regulations, and controls frameworks (such as ISACA COBIT, FERPA, AICPA, ISO/IEC 27001/27002, NIST, Jericho Forum, NERC CIP, PCI DSS and the CSA Guidance document) to reduce audit complexity
  • Normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud