Domain 1: Cloud Computing Concepts & Architectures Describes and defines cloud computing, sets baseline terminology, and details the overall controls, deployment, and architectural models. Learning Objectives Defining Cloud Computing Abstraction & Orchestration Cloud Computing Models Essential Characteristics Cloud Service Models Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) Cloud Deployment Models CSA Enterprise Architecture Model Cloud Security Scope, Responsibilities, & Models Shared Security Responsibility Model Domain 2: Cloud Governance Focuses on cloud governance with an emphasis on the role of security and how enterprise governance helps align the strategic, tactical, and operational capabilities of information and technology with the business objectives. Learning Objectives Cloud Governance The Governance Hierarchy Cloud Security Frameworks Policies Domain 3: Risk, Audit, & Compliance Focuses on cloud security, risk, audit, and compliance, including evaluating cloud service providers and establishing cloud risk registries. Learning Objectives Cloud Risk Management Cloud Risks Understanding Cloud Risk Management Assessing Cloud Services The Cloud Register Compliance & Audit Jurisdictions Cloud-Relevant Laws & Regulations Examples Compliance Inheritance Artifacts of Compliance Governance, Risk, Compliance Tools & Technologies Domain 4: Organization Management Focuses on managing your entire cloud footprint, including securing and validating service provider deployments. Learning Objectives Organization Hierarchy Models Definitions Organization Capabilities Within a Cloud Service Provider Building a Hierarchy Within a Provider Managing Organization-Level Security Within a Provider Identity Provider & User/Group/Role Mappings Common Organization Shared Services Considerations for Hybrid & Multi-Cloud Deployments Organization Management for Hybrid Cloud Security Organization Management for Multi-Cloud Security Organization Management for SaaS Hybrid & Multi-Cloud Domain 5: Identity & Access Management Focuses primarily on IAM between an organization and cloud providers or between cloud providers and services. Learning Objectives Fundamental Terms Federation Common Federation Standards How Federated Identity Management Works Managing Users & Identities for Cloud Computing Strong Authentication & Authorization Authentication & Credentials Entitlement & Access Management Privileged User Management Domain 6: Security Monitoring Presents unique security monitoring challenges and solutions for cloud environments, emphasizing the distinct aspects of cloud telemetry, management plane logs, service and resource logs, and the integration of advanced monitoring tools. Learning Objectives Cloud Monitoring Logs & Events Beyond Logs - Posture Management Cloud Telemetry Sources Management Plane Logs Service & Application Logs Resource Logs Cloud Native Tools Collection Architectures Log Storage & Retention Cascading Log Architecture AI for Security Monitoring Domain 7: Infrastructure & Networking Focuses on managing the overall infrastructure footprint and network security, including the CSP's infrastructure security responsibilities. Learning Objectives Cloud Infrastructure Security Foundational Infrastructure Security Techniques CSP Infrastructure Security Responsibilities Infrastructure Resilience Cloud Network Fundamentals Cloud Networks are Software-Defined Networks Cloud Connectivity Cloud Network Security & Secure Architectures Preventative Security Measures Detective Security Measures Infrastructure as Code (IaC) Zero Trust for Cloud Infrastructure & Networks Software-Defined Perimeter & ZT Network Access Secure Access Service Edge (SASE) Domain 8: Cloud Workload Security Focuses on the related set of software and data units that are deployable on some type of infrastructure or platform. Learning Objectives Introduction to Cloud Workload Security Types of Cloud Workloads Impact on Workload Security Controls Securing Virtual Machines Virtual Machine Challenges & Mitigations Creating Secure VM Images with Factories Snapshots & Public Exposures/Exfiltration Securing Containers Container Image Creation Container Networking Container Orchestration & Management Systems Container Orchestration Security Runtime Protection for Containers Securing Serverless and Function as a Service FaaS Security Issues IAM for Serverless Environment Variables & Secrets Securing AI Workloads AI-System Threats AI Risk Mitigation and Shared Responsibilities Domain 9: Data Security Addresses the complexities of data security in the cloud, covering essential strategies, tools, and practices for protecting data in transit and at rest. Learning Objectives Primer on Cloud Storage Volume/Block Storage Object Storage Database Storage Other Types of Storage Data Security Tools and Techniques Data Classification Identity and Access Management Access Policies Encryption and Key Management Data Loss Prevention Cloud Data Encryption at Rest Cloud Data Key Management Strategies Data Encryption Recommendations Data Security Posture Management Object Storage Security Data Security for Artificial Intelligence AI as a Service Domain 10: Application Security Focuses on the unique challenges and opportunities presented by application security in the cloud environment from the initial design phase to ongoing maintenance. Learning Objectives Secure Development Lifecycle SDLC Stages Threat Modeling Testing: Pre-Deployment Testing: Post Deployment Architecture’s Role in Secure Cloud Applications Cloud Impacts on Architecture-Level Security Architectural Resilience Identity & Access Management and Application Security Secrets Management Dev Ops & DevSecOps Domain 11: Incident Response & Resilience Focuses on identifying and explaining best practices for cloud incident response and resilience that security professionals may reference when developing their own incident plans and processes. Learning Objectives Incident Response Incident Response Lifecycle Preparation Incident Response Preparation & Cloud Service Providers Training for Cloud Incident Responders Detection & Analysis Cloud Impact on Incident Response Analysis Cloud System Forensics Containment, Eradication, & Recovery Containment Eradication Recovery Post Incident Analysis Domain 12: Related Technologies & Strategies Introduces the foundational concepts and focuses on developing a strategic cybersecurity approach to Zero Trust and Artificial Intelligence. Learning Objectives Zero Trust Technical Objectives of Zero Trust Zero Trust Pillars & Maturity Model Zero Trust & Cloud Security Artificial Intelligence Characteristics of AI Workloads Next Steps Lab Material Outline Core Account Security Learn what to configure in the first 5 minutes of opening a new cloud account and enable security controls such as MFA, basic monitoring, and IAM. IAM & Monitoring In-Depth Expand on your work in the first lab and implement more-complex identity management and monitoring. This includes expanding IAM with Attribute Based Access Controls, implementing security alerting, and understanding how to structure enterprise-scale IAM and monitoring. Network & Instance Security Create a virtual network (VPC) and implement a baseline security configuration. You will also learn how to securely select and launch a virtual machine (instance), run a vulnerability assessment in the cloud, and connect to the instance. Encryption & Storage Security Expand your deployment by adding a storage volume encrypted with a customer managed key. You will also learn how to secure snapshots and other data. Application Security & Federation Finish the technical labs by completely building out a 2-tier application and implementing federated identity using OpenID. Risk & Provider Assessment Practice using the CSA Cloud Controls Matrix and STAR registry to evaluate risk and select a cloud provider.