Domain 1: Architectural Concepts and Design Requirements
- Understand Cloud Computing Concepts
- Describe Cloud Reference Architecture
- Understand Security Concepts Relevant to Cloud Computing
- Understand Design Principles of Secure Cloud Computing
- Identify Trusted Cloud Services
Domain 2: Cloud Data Security
- Understand Cloud Data Lifecycle (CSA Guidance)
- Design and Implement Cloud Data Storage Architectures
- Design and Apply Data Security Strategies
- Understand and Implement Data Discovery and Classification Technologies
- Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
- Design and Implement Data Rights Management
- Plan and Implement Data Retention, Deletion, and Archiving Policies
- Design and Implement Auditability, Traceability and Accountability of Data Events
Domain 3: Cloud Platform and Infrastructure Security
- Comprehend Cloud Infrastructure Components
- Analyze Risks Associated to Cloud Infrastructure
- Design and Plan Security Controls
- Plan Disaster Recovery and Business Continuity Management
Domain 4: Cloud Application Security
- Recognize the need for Training and Awareness in Application Security
- Understand Cloud Software Assurance and Validation
- Use Verified Secure Software
- Comprehend the Software Development Life-Cycle (SDLC) Process
- Apply the Secure Software Development Life-Cycle
- Comprehend the Specifics of Cloud Application Architecture
- Design Appropriate Identity and Access Management (IAM) Solutions
Domain 5: Operations
- Support the Planning Process for the Data Center Design
- Implement and Build Physical Infrastructure for Cloud Environment
- Run Physical Infrastructure for Cloud Environment
- Manage Physical Infrastructure for Cloud Environment
- Build Logical Infrastructure for Cloud Environment
- Run Logical Infrastructure for Cloud Environment
- Manage Logical Infrastructure for Cloud Environment
- Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1)
- Conduct Risk Assesment to Logical and Physical Infrastructure
- Understand the Collection, Acquisition and Preservation of Digital Evidence
- Manage Communication with Relevant Parties
Domain 6: Legal and Compliance
- Understand Legal Requirements and Unique Risks within the Cloud Environment
- Understand Privacy Issues, Including Jurisdictional Variation
- Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
- Understand Implications of Cloud to Enterprise Risk Management
- Understand Outsourcing and Cloud Contract Design
- Execute Vendor Management
Recommended Prerequisites: CISSP Completion
Ann is very knowledgeable on the subject. She is constantly varying pace according to the feedback. There is a lot of room for discussing attendee's own experiences. It was a great joy !.
Sjoerd Hulzinga - KPN p/a Bloomville
It was quite informal.
- Capita Business Services Ltd
Trainer covered a lot of ground over a relatively short period.
- Capita Business Services Ltd
I found it very interesting to learn all about what happens behind the scenes when it comes to IT systems. I also enjoyed learning about security and what hackers do as ethical hacking is an avenue I'm very keen in pursuing.
- Knowledge Pool/ DVLA
Richard was very knowledgeable in his field.
- Knowledge Pool/ DVLA
It was pitched at the right level - challenging but understandable & informative.
Louise Voisey - Capita Business Services Ltd
Mohalmald Salim - PSO
Level of expertise from the trainer Use case examples
Pierre Maillot - Bosch
His deep knowledge of the IoT topic.
Ron's experience on how to successfully implement IoT projects and the deep technical subjects covered.
relevance of content to our I4.0 business environment
Very knowledgeable trainer, was able to adjust to audience knowledge, excellent industry experience and ability to relate to audience needs Excellent content preparation , tailored to needs discussed beforehand. Good supplement reading materials prepared by trainer
Oliver Steinig - Bosch
Ron was very mindful of his audience and addressed everyone's questions. He checked his audience for clarity and was willing to spend the time to review a topic until everyone understood the topic. He gauged the audience for energy levels and suggested a break when he saw that the energy from the group was waning. This was much appreciated.
The pace of training delivery.
Ian McInally - KnowledgePool
the exercises and group discussions.
The trainer was very knowledgeable and was happy to go at the pace of the attendees. He was polite and respectful to all those in attendance. I felt I learnt a lot from the course as the trainer was very succinct in his delivery when going through the PP slides. A really good, worth while course from my personal point of view.
Julie Price - KnowledgePool
The environment was really relaxed and open so everyone could ask questions or put across points of view or experience. David the trainer was a SME on the subject and his style was very good.
The example and exercise
I got more information regarding the web applications' security issues, the different tools that could be used to cope with these issues, and more advice from the trainer to handle all these issues.
the list of tools
how it was broken into the technical and security mindset aspects.
he is very knowledgeable and comprehensive.
Matthew was very knowledge and has lot experience to share with us. it was very pleasant, as he take the time to listen to us and answer to our questions. Thank you Matthew, it was awesome.
The second day, scenarios exercises.
Christina Hutchings - KnowledgePool
The real life examples Ron gave.
I liked the trainer's introduction and anecdotes to make the learning more real
David's in depth knowledge. His relationship building skills with the audience. I really enjoyed the way he managed to make us (as a collective audience) enjoy the quite dry and uninteresing subject matter. He had anecdotes and knowledge of specific examples of security failings - hacker attacks - BCP 'breakdowns' etc which put flesh on the bones to the piece of legislation or 'best practice' for BCP that he was trying to teach us about. A really engaging, down to earth and personable man: A very good listener and a fabulous, charismatic trainer.
Cris Bollin - KnowledgePool
All is excellent
Manar Abu Talib - Dubai Electronic Security Center
- Understanding that ATT&CK creates a map that makes it easy to see, where an organization is protected and where the vulnerable areas are. Then to identify the security gaps that are most significant from a risk perspective. - Learn that each technique comes with a list of mitigations and detections that incident response teams can employ to detect and defend. - Learn about the various sources and communities for deriving Defensive Recommendations.
CHU YAN LEE - PacificLight Power Pte Ltd
He took his time to make sure everyone understood and were on the same wave length
Tina Hopkins - Capita Business Services Ltd
I found the training too in depth for IT beginners. There was too many high level subjects that i felt were too advanced for a beginner level.