Hi [[ session.user.profile.firstName ]]

CCSK Training and Certification Guidelines & Introduction to the CCM

Join the CSA South Florida Chapter as we explore the Certificate of Cloud Security Knowledge (CCSK). The Certificate of Cloud Security Knowledge (CCSK) enables everyone the ability to utilize cloud services more securely and speak with confidence about cloud security concerns. The CCSK gives a broad overview of cloud security and affords critical insights into issues such as data security, key management and identity and access management.

This event will introduce Cloud Controls Matrix (CCM), a cloud security controls framework specifically designed to provide fundamental security principles that guide cloud service vendors toward the most secure practices and to assist prospective cloud customers in assessing the overall security of cloud providers.
Recorded Mar 11 2021 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Eleftherios Skoutaris, Innovation Analyst, CSA EMEA, & Ryan Bergsma, Training Director, CSA
Presentation preview: CCSK Training and Certification Guidelines & Introduction to the CCM

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Using SDP-based Zero Trust to thwart ransomware attacks Sep 22 2021 7:00 pm UTC 60 mins
    Bob Flores, Jason Garbis, and Junaid Islam, Co-Chairs, SDP Zero Trust WG
    Ransomware attacks have continued to increase and have become a major risk for both private and public enterprises. This session will provide an overview of ransomware attacks and the utilization of a SDP-based Zero Trust Architecture as an effective countermeasure.
  • CCAK Webinar Series: Module 8 Sep 8 2021 2:00 pm UTC 60 mins
    Rich Mogull
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 8: Continuous Assurance and Compliance
    - Explain continuous assurance and compliance.
    - Define DevOps and DevSecOps.
    -Apply DevOps and DevSecOps to security.
    -Outline auditing deployment/CI/CD pipelines.
    - Describe DevSecOps automation and maturity.
  • CCAK Webinar Series: Modules 5 & 6 Sep 1 2021 2:00 pm UTC 60 mins
    Andrew Williams, Doug Barbin, and Vince Campitelli
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 5: Cloud Auditing
    - Describe the compliance program evaluation approach.
    - Recall the governance perspective.
    - Outline the perspectives of legal, regulations and standards.
    - Define service changes.
    - Explain the need for continuous assurance -and continuous appliance.

    Learning Objectives- Module 6: Evaluating a Cloud Compliance Program
    - Outline audit characteristics, criteria and principles.
    - Describe auditing standards for cloud computing.
    - Define auditing an on-premise environment vs. cloud.
    - Recall differences in cloud services and cloud delivery models.
    - Explain audit building/planning and execution.
  • CCAK Webinar Series: Modules 3 & 7 Aug 25 2021 2:00 pm UTC 60 mins
    Daniele Catteddu, Harry Lu, and John-Michael Brook
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 3: Introducing CCM and CAIQ
    - Describe the CCM and CCM domains.
    - Explain the Consensus Assessment Initiative Questionnaire (CAIQ).
    - Outline the CCM and CAIQ structure.
    - Recall the CCM relationship with other frameworks: the mapping and gap analysis.
    - Compare transition changes from CCM V3.0.1 to CCM V4.

    Learning Objectives- Module 7: CCM Auditing Guidelines
    - Describe CCM Auditing Guidelines.
    - Define the CCM Audit Scoping Guide.
    - Explain the approach used in the CCM Risk Evaluation Guide.
    - Evaluate the CCM Audit Workbook.
    - Apply the CCM Auditing Guide.
  • CCAK Webinar Series: Modules 4 & 9 Aug 18 2021 2:00 pm UTC 60 mins
    John-Michael Brook, Michael Roza and John DiMaria
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 4: A Threat Analysis Methodology for Cloud Using CCM
    - Describe threat analysis essentials.
    - Use the Top Threat Analysis Methodology to analyze attack details.
    - Document attack impacts based on the Top Threat Analysis Methodology.
    - Apply Threat Analysis Methodology for cloud using CCM.
    - Evaluate a Top Threats method use case.

    Learning Objectives- Module 9: Security Trust Assurance and Risk (STAR) Program
    - Outline the components of the STAR program.
    - Explain the security and privacy implications of STAR.
    - Describe the Open Certification Framework.
    - Recall CSA STAR attestation and certification.
    - Detail STAR continuous auditing.
  • CCAK Webinar Series: Module 2 - Cloud Compliance Program Aug 11 2021 2:00 pm UTC 60 mins
    John Guckian, Jaques Nack, Jon-Michael Brook
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 2:
    - Explain the fundamental criteria for cloud compliance programs.
    - Build and design a cloud compliance program.
    - Describe legal and regulatory requirements and standards and security frameworks.
    - Define controls and identify technical and process controls.
    - Recall CSA certification, attestation and validation.
  • CCAK Webinar Series: Module 1 - Cloud Governance Aug 4 2021 2:00 pm UTC 60 mins
    Moshe Ferber and Craig Balding
    This is your chance to get up close and personal with some of the authors of the CCAK Modules by listening to our free meet the author webinar series

    You can hear directly from the authors in an informal setting where you’ll be able to learn and ask questions. Each session is around 60 minutes and will give you a better understanding of the Study Guide, the research behind it and the authors themselves. If listening live you'll also get the chance to submit your own questions during the question and answer portion at the end.

    Learning Objectives- Module 1:
    - Describe cloud governance concepts.
    - Explain cloud trust, transparency and assurance.
    - Identify cloud governance frameworks and requirements.
    - Discuss cloud risk management and cloud compliance considerations.
    - Distinguish between cloud governance tools and their use.
  • Zero Trust Security: An Enterprise Guide Recorded: Jul 14 2021 58 mins
    Jerry W. Chapman, Optiv Security
    Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Register today to learn from Jerry Chapman from Optiv Security as he provides the realistic guidance and requirements your security team needs to successfully plan and execute a journey to Zero Trust while getting more value from your existing enterprise security architecture.
  • Getting Sassy With SASE Recorded: May 20 2021 61 mins
    Mike Jordan, Founder/Principal of 23Advisory and contributing Cloud Security Alliance | Delaware Valley Board Member
    Join the CSA Delaware Valley and Triangle chapters and our panel of experts in discussing the emerging technologies and challenges around SASE (Secure Access Service Edge).


    By tuning in to this panel discussion one can expect to come away with an understanding of what SASE is, the problems it solves, and what a well thought out implementation looks like. Our panel of experts will discuss multi-cloud use cases, how to operationalize the service and the impact SASE has on digital transformation initiatives.
    Confirmed Speakers

    Panelist – Larry Bilker, EVP CIO of Pyramid Healthcare
    Panelist – Barrett Gobeyn, CISO for UnitedHealthcare
    Panelist – Richard Scott, Chief Security Architect at Optum
    Panelist – Greg Young, VP of Cybersecurity of Trend Micro

    Moderator – Mike Jordan, Founder/Principal of 23Advisory and contributing Cloud Security Alliance | Delaware Valley Board Member
  • Hyperledger Fabric 2.0 Architecture Security Controls Checklist and Report Recorded: May 13 2021 42 mins
    Urmila Nagvekar & Carlos Dominguez, Lead Authors, CSA Blockchain/DLT Working Group
    Learn about the latest releases from CSA's Blockchain and DLT Working Group titled "Hyperledger Fabric 2.0 Architecture Security Controls Checklist" and "Hyperledger Fabric 2.0 Architecture Security Report"
  • Blockchain in the Quantum Era Recorded: Apr 30 2021 12 mins
    Ashish Mehta, Co-chair for Blockchain Working Group, and Bruno Huttner, Co-chair for Quantum Safe Security Working Group
    CSA recently released a document provides an introduction to DLT/blockchain technology, some of its representative applications, and an overview of the leading post-quantum algorithm candidates that are actively being pursued. In this webinar, Ashish Mehta, Co-chair for the Blockchain/DLT Working Group, and Bruno Huttner, Co-chair for the Quantum-safe Security Working Group, talk about what to expect in the document.
  • C-Suite Success in an Age of Digital Transformation Recorded: Apr 15 2021 23 mins
    Illena Armstrong, CSA
    It’s no surprise that organizations of all sizes have embraced the cloud in some capacity, especially this last year as we all contend with a global pandemic. What may be surprising to some of CISOs and other executive stakeholders, however, have been the myriad challenges they face as they move their organizations’ journeys along in their digital transformations. For instance, not only do concerns about network security or regulatory compliance come up when embracing cloud environments, worries concerning a lack of cloud security expertise on staff, too few team members to manage the migrations of various workloads to the cloud, and integrations with current IT infrastructures also plague their embrace of often multiple cloud offerings. With the goal of better supporting the C-suite and the evolution of their cloud strategies, CSA is in the throes of establishing a C-level initiative to help address these and still other challenges. During this talk, we’ll share an initial look at the pillars underpinning this offering and just a few of the components that it ultimately may comprise.
  • Cloud Controls Compliance Assessment for Small and Mid sized XaaS Providers Recorded: Apr 15 2021 66 mins
    Ricky Arora, BP; Rolf Becker, UBS; Friedrich Rub, Raiffeisen Group; Nicolas Weibel, Swiss Re
    Many small service providers have seemingly great and good value service offerings, which are mostly cloud-based. Yet, it is often that exactly these small service providers may have limited security awareness, resulting in uncontrolled and unwanted exposure of sensitive data. The European User Group Enterprise & Cloud Data Protection, together with the Cloud Security Alliance are proposing to establish a trusted cloud controls assessment and certification service for such small service providers who may not be in a position to run through a comprehensive CSA STAR L2 or SOC2 certification but still want to be able to offer an acceptable level of assurance to their clients. The intention is to raise security standards for small cloud-based services, establish an industry-standard trusted assurance level, and reduce overall effort spent by service providers and their clients due to multiple and extensive assessments performed for the same service.
  • The CSA Enterprise Architecture Recorded: Apr 15 2021 30 mins
    Jon Michael Brook
    Overview of the CSA Enterprise Architecture.
  • Cloud Security Under the NIS Directive Recorded: Apr 15 2021 30 mins
    Marnix Dekker, ENISA
    Marnix will speak about the cloud security provisions in the NIS Directive, the work ENISA has been doing with the EU Member States on implementing these provisions, and briefly touch on other relevant policy developments like the EU cloud certification scheme and the Commission's NIS2 proposal, which aims to update the current NIS DIrective, and which brings cloud services into the category of essential services.
  • On the Road to Zero Trust Recorded: Apr 15 2021 32 mins
    Bob Flores & Juanita Koilpillai, CSA Zero Trust WG
    In this session you will learn how to navigate the various technologies and processes to transform your organisation to fundamentally change the effectiveness of security and data sharing across DoD networks.
  • What An Auditor Needs to Know About Cloud Computing Recorded: Apr 15 2021 33 mins
    Moshe Ferber, Cloud Security Expert
    As cloud computing continues to grow and mature, it becomes clear that proper governance, risk management and audit processes play vital roles in assuring cloud workloads are secure. In this presentation, we will review the foundation of cloud governance programs that every cloud professional should know: cloud policy, provider evaluation methodologies and risk management frameworks.
  • Taking Control of IoT: An Enterprise Perspective Recorded: Apr 14 2021 23 mins
    Hillary Baron, CSA
    The proliferation of Internet of Things (IoT) devices has dramatically changed the connected ecosystems in homes and enterprises over the past decade. Many enterprises have implemented these devices for the endless potential of these devices to address current business challenges and improve overall efficiency. To do this these devices collect data on everything from the mundane to highly confidential. Due to the nature of the data being collected, IoT devices are of the utmost importance to secure. However, this is a difficult task for many enterprises. This presentation will answer the questions...
  • How Do We Tell Security Truths That Might Hurt? Recorded: Apr 14 2021 29 mins
    Edward Amoroso, TAG Cyber LLC
    Eleven uncomfortable truths (inspired by an iconic classic note from Edsger Dijkstra) are shared about the current state of cybersecurity.
  • Strategia e tattica nella protezione dei container e microservizi Recorded: Mar 22 2021 59 mins
    Paolo Foti, CSA Italy; Yvette Agostini, CSA Italy; Marco Rottigni, Qualys
    I container applicativi e le architetture dei microservizi vengono utilizzate, come definito nel documento NIST SP 800-180, per progettare, sviluppare ed implementare applicazioni software che sfruttano metodologie di sviluppo agili come il DevOps.
    L’agilità e il dinamismo dei container applicativi richiedono tuttavia alcune attenzioni in tema di sicurezza, con l’obiettivo di preservare la sicurezza ed integrità dell’intero Software Development Life Cycle.
    CSA Italy presenterà alcune raccomandazioni di CSA elaborate nell’ambito del gruppo di lavoro «Application Containers and Microservices» (https://cloudsecurityalliance.org/research/working-groups/containerization/), mentre QUALYS ci farà vedere come implementare una security “built-in” nelle tre fasi del ciclo di vita di un container (build, ship, run) e supportare l’identificazione della superficie vulnerabile per difendere in modo attivo la fase di runtime.
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: CCSK Training and Certification Guidelines & Introduction to the CCM
  • Live at: Mar 11 2021 5:30 pm
  • Presented by: Eleftherios Skoutaris, Innovation Analyst, CSA EMEA, & Ryan Bergsma, Training Director, CSA
  • From:
Your email has been sent.
or close