certification

Note-to-self: CCSK vs CCSP

Just for easy, future reference… the difference between CSA CCSK and (ISC)² CCSP, quickly explained:

https://blog.cloudsecurityalliance.org/2018/04/24/ccsk-vs-ccsp-unbiased-comparison/

http://www.confidis.co/cloud-security-certifications-ccsk-vs-ccsp/

 

Advertisements

CCSK – DOMAIN 4 (Compliance and Audit Management) reference material

CCSK

Preparation tool kit (with registration): https://cloudsecurityalliance.org/artifacts/ccskv4_exam_prep_kit

Separate downloads:

(ISC)² Belux Chapter

2019-04-04 meeting presentation on CCSP-CCSK

ISC2-Belux-Chapter-20190404-Event

Additional Reading

PCI-DSS

Download PCI-DSS  without registration: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

Documentation library: https://www.pcisecuritystandards.org/document_library

SOC1/SOC2/SOC3

https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html

Microsoft Azure – Cloud Security Compliance (Trust center)

https://www.microsoft.com/en-us/trustcenter/compliance/compliance-overview

Documents download: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide

Regional & country compliance: https://www.microsoft.com/en-us/trustcenter/compliance/regional-country-compliance

Google Cloud Security Compliance

Google Cloud security compliance – general

ISO27001: https://cloud.google.com/security/compliance/iso-27001/

CSA STAR

ISO Standards

ISO27001

ISO27002

ISO27017 (Cloud security)

ISO27018 (Personal data)

ISO27032 (Cybersecurity)

CSA STAR

https://cloudsecurityalliance.org/star/#_overview

Other

Interesting collection of documents & references on compliance and standards: here,  including, HIPAA, PCI-DSS, ISO27001/27002, …

 

 

 

Note-to-self: prepping for CSA CCSK v4 upgrade

Note-to-self: extended reprint of a LinkedIn post…

I might have mentioned it already, but if you have passed the CCSK exam before, better logon to your CCSK profile on the CSA website and check if you still have an exam token left.

By default you get 2 tokens each exam registration, so…

If you pass your exam the first time, the “second try” backup token is left unused in your profile.

And (if not yet expired) you can use it to upgrade your CCSK to v4.

Tokens stay valid for 2 years after purchase.

More info: https://ccsk.cloudsecurityalliance.org/en/faq

On that page you can also find the required study material for the exam.

You can download the CCSK v4 prep kit from : https://downloads.cloudsecurityalliance.org/ccsk/CCSKv4_Exam_Preparation_Kit.zip

It’s an online exam and thus open book exam, using the below reference guides.

But realise:  60 questions in 90 minutes still is hard work, so better do some prep work up front to maximize your chances.

Once you pass this one, you can go for the (ISC)² CCSP with more confidence…

Note-to-self: MVA Learning Path – Security for the Chief Security Officer (CSO)

From a LinkedIn connection (thx Jeff and congratz on the achievement) I received an interesting pointer to a set of courses on MVA, Microsoft Virtual Academy.

An MVA ‘learning path’ is a combination of learning courses.
Just recently MVA published the ‘Security for the Chief Security Officer (CSO)’ learning path.

Check it out at : https://mva.microsoft.com/learning-path/security-for-the-chief-security-officer-cso-21

It combines 6 courses (better make sure to access them from the learning path):

  1. How to Harden Your Enterprise in Today’s Threat Landscape
  2. Cybersecurity Reference Architecture
  3. Cloud Security from the Field

BTW: have a look on the ‘security’ based content on Microsoft Virtual Academy, you’ll be surprised how much you can (continue to) learn.

See: https://mva.microsoft.com/search/SearchResults.aspx#!q=security

Note-to-self: MVA course – Getting Started with Azure Security for the IT Professional

Source: https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started-with-azure-security-for-the-it-professional-11165

From the course description:

“Course information

Earning Trust in the Microsoft Cloud

Join Scott Edwards and Rick Claus for a look at the Microsoft commitment to earn customer and partner trust in its Cloud Services, with a focus on privacy controls, compliance, and certification.
 

Inside a Microsoft Datacenter

Have you ever wondered what “cloud scale” looks like? Take a virtual tour of a datacenter (designed, built, and operated by Microsoft), and learn about defense in depth, access, and cloud security.
 

Architecting Secure Compute Solutions on Azure

Explore ways to design solutions that will be secure and well architected for availability within your Azure subscription. Learn about security boundary implementation and ways to minimize downtime.
 

Virtual Appliances and Security

​ ​This session covers various elements of the network virtualization stack with emphasis on virtual networks, network security, and user defined routing.
 

Understanding Virtual Appliances

You will learn how to deploy virtual appliances in Azure Virtual Network. The key focus is on security appliances (firewall, gateway), ADC (application delivery controller), and WAN optimization.​ ​
 

Extend Your Network to the Microsoft Cloud

Learn about how Microsoft Azure ExpressRoute enables you to extend your network to Microsoft and enable Hybrid Scenarios for your Enterprise.
 

How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

With the new Azure Key Vault service, customers of cloud applications can manage their keys and secrets consistently across their cloud applications. This is part 1 covering background and theory.
 

Demos: How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

Managing cryptographic keys and secrets is an essential part of safeguarding data in the cloud. This is part TWO covering all the demos of the Azure Key Vault service​.
 

Disk Encryption with Key Vault

​Disk Encryption has been something that our customers have been asking about since Azure IaaS has been available. Learn what options are available to your Azure IaaS VMs now with Azure KeyVault.
 

Antivirus Options in Azure

AntiVirus extensions are available in Azure and can be included in your Virtual Machine images. Learn what options are available and how to leverage them in your solutions.
 

Encryption for SQL Server on Azure Virtual Machines

This talk will cover how customers can use the SQL Server Connector to use Azure Key Vault as an Extensible Key Manager in implementing SQL Server encryption on Azure Virtual Machines.
 

Azure SQL Database Security

This talk will cover 2 new security features for Azure SQL DB, Transparent Data Encryption and Azure Active Directory integrated authentication.”

Note-to-self: SearchSecurity.com’s IT security certifications guide

From: http://searchsecurity.techtarget.com/tip/SearchSecuritycom-guide-to-information-security-certifications (you need to register to free access).

“This special report offers a comprehensive review of information security industry certifications, highlighting which ones can best help you achieve goals specific to your information security career path”

I assume this report will get an 2014 update, but still the 2013 version is a valuable resource for planning security certification.