What you'll learn:
- Understand what (ISC)2 expects you to know about the cloud data security domain.
- Comprehend the cloud reference architecture as well as shared considerations and related technologies
- Explain how Governance, Risk management and Compliance (GRC) and the cloud intersect.
- Understand the types of security controls that we can add and how we verify their quality.
In this course we walk through all of the critical concepts within the Cloud Platform & Infrastructure domain. This domain is 17% of the test as of August 2022. I will guide you through all of the concepts that you need to know and advise you on the level of knowledge that you need to get comfortable with.
There are over four hours of video content plus course notes based on information from my book: Cloud Guardians.
We will explore the basics of Governance, Risk management and Compliance and how the cloud affects it in a business.
A solid understanding of the definition of cloud, its deployment models and service categories will be gained through these videos.
An exploration of the threats to the cloud today is in this course. Those controls need to be verified and we use common criteria or ISO15408. It is also necessary to explore the verification of the physical security with cryptography related products such as Hardware Security Modules (HSM) and Trusted Platform Modules (TPM). That verification is done using FIPS 140-2/-3.
We finish this domain with an exploration of the technologies that are related to the cloud and benefit greatly from all of its offerings.
This domain is the cloud concepts, architecture and design.
The details that are included in (ISC)2's exam outline of encryption and access controls are in Domain 2.
The details from their exam outline about network and virtualization security is in Domains 3 and 5.
The BCP details are in Domain 5.
I cover DevSecOps in Domain 4 - Cloud Application security