Overview/Description
Fundamental to cloud service security are the construction and design of secure datacenters and their hosted hardware and systems. This course covers the best practice management approach to designing, deploying, and administrating a cloud datacenter and service. In addition, the course will cover the techniques that can be deployed to configure and protect hardware assets – physical and virtualized, manage and protect configuration settings, and keep network data moving in and out of, and hosted within the domain of the datacenter. Topics include regulation compliance, protection techniques, and controlled access to the various components of a cloud data center infrastructure. In this course, you will learn about the deployment of auditing and monitoring techniques, event logging and reporting, and other aspects of management techniques associated with cloud-hosted services. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 5 requirements.
Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.
define the design and implementation of logical elements of a proposed cloud service, including tenant isolation, access control, etc.
define the design and implementation of physical aspects of a proposed cloud service, including build or rent, location, management
describe the deployment and configuration of secured hardware with reference to BIOS, TMP, storage controllers, network controllers, etc.
describe the deployment and configuration of secured hardware with reference to BIOS, TMP, storage controllers, network controllers, etc.
define local machine access controls, and deployment of secure KMV switches
define techniques to secure network configuration and network support tools, including VLAN, TLS, DHPC and Authorized DHCP, DNS and Secure, and IPSec
define techniques to secure the datacenter network and network access
define operating system hardening techniques with reference to OS: Windows, Linux, VMware, etc.
describe standalone and cluster host availability, backup, and failover, in addition to load balancing, dynamic optimization (DO), maintenance mode, and general high availability best practice adoption
describe the mechanisms for deploying Remote Access, including RDP, Secure Terminal Access
define the preservation of OS compliance with reference to monitoring and remediation
describe requirements and best practices with reference to fixes, patches, and updates
describe requirement to continuously monitor and report on host component performance
describe requirement to continuously monitor and report on host component performance
describe the implementation of back and restore policy with reference to cloud components, including data, configurations, etc.
define the deployment of network security-related controls, including firewalls, IDS, IPS, honeypot deployment, and vulnerability assessment/threat mitigation
define requirement for hardware event logging and reporting #1
define requirement for hardware event logging and reporting #2
define the secure configuration of the virtual hardware, including network, storage and elastic expansion, memory, and external devices
describe the tolls associated with VM OS installation on the physical host
describe compliance and control principles and standards: Change and Continuity Management
describe compliance and control principles and standards: Information Security, Service Improvement, Incident, Problem, and Release Management
describe compliance and control principles and standards: Configuration, Service Level, Availability and Capacity Management
describe and implement risk management
describe best practice approach to the deployment of proactive and reactive forensic data collection methods
describe and deploy best practice systems that guarantee essential and open contact and communications with cloud system providers, vendors, cloud system consumers and users, partners, auditors, regulators, and any other key stakeholders
detail datacenter operational design factors and define network component security control, define four system management categories and the NIST Forensic Evidence process, describe Cloud Service Actor communications