Certified Cloud Security Professional (CCSP)

Watch Certified Cloud Security Professional (CCSP)

  • 2015
  • 1 Season

As powerful as cloud computing is for the organization, understanding its information security risks and mitigation strategies is critical. Legacy approaches are inadequate, and organizations need competent, experienced professionals equipped with the right cloud security knowledge and skills to be successful. They need CCSPs (Certified Cloud Security Professional).

Filter by Source
No sources available
Do you have Hulu?
What are you waiting for?
Nice! Browse Hulu with Yidio.
Ad Info - This show may not be available on Hulu
Seasons
Risk Management and Outsourcing
38. Risk Management and Outsourcing
 
In this episode, Daniel and Adam contemplate the implications of Risk Management with regards to the Cloud. They assess the provider's risk and risk management as well as risk mitigation techniques. Then they go over many risk frameworks and metrics. Finally they discuss outsourcing and contract understanding/management.
Cloud Audit Processes Part 2
37. Cloud Audit Processes Part 2
 
In this episode, Daniel and Adam continue their examination of audit processes in cloud-based systems. Here they start by going through what it takes to develop an audit plan using standards as a guide. They also discuss Policies that will be used to make sure that compliance standards are stated and met. They also look at the impact of the distributed IT model.
Cloud Audit Processes
36. Cloud Audit Processes
 
In this episode, Daniel and Adam examine the audit process for cloud-based systems. They start by differentiating between internal and external audits. Then they talk about assurance challenges of Cloud systems. Finally, they walk you through the different types of audit reports, restrictions, and gap analysis.
Legal Requirements and Privacy Part 2
35. Legal Requirements and Privacy Part 2
 
In this episode, Daniel and Adam finish their talk on legal requirements and privacy. Here they begin by examining Personal Identity information and privacy concerns with regards to that. They define key terms that will help PII be properly managed. Finally they look at jurisdictional issues that may arise due to the global nature of much of cloud-based data.
Legal Requirements and Privacy
34. Legal Requirements and Privacy
 
In this episode, Daniel and Adam begin their discussion on legal compliance, specifically looking at legal requirements and considerations unique to Cloud environments. They look at international legislation conflicts and legal controls that may apply to your cloud systems. They also talk about eDiscovery and forensic requirements that can apply if investigation is engaged.
Collection and Preservation of Digital Evidence
33. Collection and Preservation of Digital Evidence
 
In this episode, Daniel and Adam take you through the process of collecting and preserving of evidence in the case of a data breach incident. They explain the proper methods of collecting data and then detail the proper way that evidence should be handled. They also explore the different parties and stakeholders that need to be notified and informed during this time.
Risk Assessment
32. Risk Assessment
 
In this episode, Daniel and Adam discuss the process and concepts of Risk Assessment. They start by defining risk which leads them to looking at defined ways of framing risk. They then move into risk assessment by explaining qualitative vs. quantitative risk, as well as cost benefit analysis which will help determine your which strategy will be taken, be that Acceptance, Avoidance, Transference, a
Planning Data Center Design
31. Planning Data Center Design
 
In this episode, Daniel and Adam explore the planning process for data center design. They start by looking at figuring out what factors will effect the build of our data-centers. They then dive into the logical design which will affect our physical design as well as other physical design considerations such as cooling and cable management.
Ensure Compliance Part 2
30. Ensure Compliance Part 2
 
In this episode, Daniel and Adam finish their conversation on ensuring Compliance using regulations/controls through different management systems. Here they cover the concepts and need for incident/problem management, release management and deployment management. They also cover Service Level management, availability management, and Capacity Management.
Ensure Compliance
29. Ensure Compliance
 
In this episode, Daniel and Adam begin their discussion on ensuring compliance to the policies for your systems. They start by discussing the CCSP's role as the voice for security implementation throughout the systems. Then they talk about the necessity for Configuration Management and Change Management to keep the systems running at the prescribed benchmarks and any deviation is documented
Managing Physical Infrastructure
28. Managing Physical Infrastructure
 
In this episode, Daniel and Adam jump into the topic of managing a physical infrastructure. Here they begin by managing and monitoring access, patches/updates, and performance through logs and monitoring interfaces. Then they look at the implementation of network security controls like firewalls, IDS/IPS, and honeypots. Finally they look at log aggregation software for ease of management.
Running Physical Infrastructure
27. Running Physical Infrastructure
 
In this episode, Daniel and Adam talk about what it takes to run your physical infrastructure securely. They go over physical access security measures like secure KVMs. They also talk more about secure network configurations by using VLANs, TLS, DNS Sec, and firewalls. Finally they discuss physical segregation for stand-alone hosts and the availability of clustered hosts through DRS, etc
Implement and Build Physical Infrastructure
26. Implement and Build Physical Infrastructure
 
In this episode, Daniel and Adam discuss the ways in which we can implement security from the onset of implementation of our physical infrastructure. They start by exploring the secure-by-design physical components that can/should be used in the build, including TPM, secure storage controllers, and network controllers. Finally they go over some of the baked-in security features of the virtualizati
Cloud Software Assurance and Validation Part 2
25. Cloud Software Assurance and Validation Part 2
 
In this episode, Daniel and Adam continue their talk on cloud software assurance and validation; picking back up with app security testing practices. Here they take you through some of the common testing procedures like DAST, SAST, and Pen Testing. They also look at the OWASP testing guide and ISO
Cloud Software Assurance and Validation
24. Cloud Software Assurance and Validation
 
In this episode, Daniel and Adam explain the specifics of Cloud based software assurance and validation as well as cloud application architectures. They begin by looking at supplemental security devices and cryptographic systems that developers will need to pass through and comply with. They discuss securing apps through sandboxing and app virtualization. Finally, they begin looking at security ve
Identity and Access Management Solutions
23. Identity and Access Management Solutions
 
In this episode, Daniel and Adam discuss the necessity of using software that has been verified as secure and then look at Identity and Access Management(IAM) solutions. They explain secure software by way of looking at approved APIs, supply-chain management, and open-source/community software. They describe IAM design by discussing Federated IDs, ID providers, Single Sign-On(SSO), and the use of
Cloud Application Security and the SDLC
22. Cloud Application Security and the SDLC
 
In this episode, Daniel and Adam explore the necessity of building secure applications. They begin the discussion by looking at cloud development of both RESTful and SOAP apps and common pitfalls to avoid. They also discuss the SDLC or Software Development Life-Cycle. Finally they cover common API vulnerabilities, cloud-specific risks, and threat modeling.
Disaster, Recovery and Business Continuity Part 2
21. Disaster, Recovery and Business Continuity Part 2
 
In this episode, Daniel and Adam finish their dissertation on Disaster Recovery and Business Continuity. Here they pick back up by exploring the strategies that can be implemented toward forming a BCDR plan. Then they discuss the importance of testing the plan to discover possible issues and verify that the BCDR plan will actually work when needed.
Disaster, Recovery, and Business Continuity
20. Disaster, Recovery, and Business Continuity
 
In this episode, Daniel and Adam being their discussion of Disaster Recovery(DR) and Business Continuity management. They begin by pointedly defining what exactly DR and Business Continuity are so that we can effectively plan and implement them. They they look at the risks that could lead to implementing BCDR plans. They also cover the 3 ways that a Cloud solution can be leveraged for BCDR.
Design and Plan Security Controls Part 2
19. Design and Plan Security Controls Part 2
 
In this episode, Daniel and Adam continue discussing possible security controls for your cloud infrastructure. They pick up by looking at controlling access through Identity, Authentication, and Authorization systems. Then they talk about Auditing as security which helps us verify that our security measures are being effective. This also includes the cloud-specific considerations that will need to
Design and Plan Security Controls
18. Design and Plan Security Controls
 
In this episode, Daniel and Adam discuss the designing and planning of security controls. They start by looking at controlling the physical environment, including the building, support structures, and the physical devices themselves. Then they move on to looking at security control measures for the virtualization and communications systems.
Cloud Infrastructure Risks
17. Cloud Infrastructure Risks
 
In this episode, Daniel and Adam describe the importance of risk assessment with regards to Cloud infrastructure. They look at what risks could potentially impact a cloud infrastructure as well as virtualization specific risks. They then describe counter measures and mitigation strategies to protect our cloud infrastructure environments.
Cloud Infrastructure Components
16. Cloud Infrastructure Components
 
In this episode, Daniel and Adam walk you through the common cloud infrastructure components to help you better understand each from a cloud security perspective. They discuss the physical environment, the management plane, network components, and virtualization all the while giving insight on how to implement security to each.
Data Rights Mgmt Retention and Data Events
15. Data Rights Mgmt Retention and Data Events
 
In this episode, Daniel and Adam take a look at more data management concepts and practices. They start by exploring data rights management, then segueing into data retention, deletion, and archiving policies. Then they discuss auditability, traceability, and accountability of data events.
Designing Appropriate Data Protection
14. Designing Appropriate Data Protection
 
In this episode, Daniel and Adam take you through designing and implementing relevant jurisdictional data protections for personally identifiable information. They begin by defining common privacy terms like Data Subject, Controller, and Processor. They also examine the idea of legal constraints and considerations that must be accounted for when working with personal data. Finally they explore the
Cloud Data Discovery and Classification
13. Cloud Data Discovery and Classification
 
In this episode, Daniel and Adam help you understand and implement Data Discovery and Classification techniques. They begin by explaining what Data Discovery is and how it is done through data labeling and content analysis. Then they tackle Data Classification to prioritize by sensitivity and the challenges of adding protections and even re-evaluation and re-classification.
Cloud Data Security Strategies Part 3
12. Cloud Data Security Strategies Part 3
 
In this episode, Daniel and Adam finish their discussion on cloud data security strategies, jumping right back in with more about encryption implementations. Here, they take you through a myriad of security technologies like masking and obfuscation. They also explain the process of Tokenization. Finally they look at emerging technologies like bit splitting and homomorphic encryption.
Cloud Data Security Strategies Part 2
11. Cloud Data Security Strategies Part 2
 
In this episode, Daniel and Adam continue their discussion on cloud data security strategies, jumping right back in with more about encryption implementations. Next they explore the different systems of encryption key management; describing the benefits of each. They discuss where keys should be stored and the importance of backups in case of key loss.
Cloud Data Security Strategies
10. Cloud Data Security Strategies
 
In this episode, Daniel and Adam begin looking at designing and applying cloud data security strategies. They start by exploring the many threats to data that can be encountered like, DDOS, unauthorized access, data corruption, and internal malfeasance. Then they go over the available technologies to help mitigate those threats, specifically exploring encryption.
Cloud Data Storage Architectures
9. Cloud Data Storage Architectures
 
In this episode, Daniel and Adam explain some considerations that need to be addressed when designing and implementing Cloud data storage architectures. They start by looking at storage locations and access mechanisms like mandatory and discretionary access controls. Finally they discuss the differences between object and block/volume storage.
Cloud Data Security
8. Cloud Data Security
 
In this episode, Daniel and Adam take a closer look at the Cloud Security Data Life Cycle phases. They explain what it takes to keep data secure at each one of these phases from securely storing to making sure that destroyed data is unrecoverable. They also talk about the idea of how secure a cloud solution is.
Secure Cloud Design Principles
7. Secure Cloud Design Principles
 
In this episode, Daniel and Adam spend time taking a look at the top 10 Application security risks; describing them one by one. They also explain the Cloud Data Security Life Cycle which helps us understand the phases that our data abides in at any given time. Finally they discuss Service Level Agreements(SLA) from a security and risk perspective, which is basically our contract of service with ou
Cloud Security Concepts Part 2
6. Cloud Security Concepts Part 2
 
In this episode, Daniel and Adam talk about the common risks inherent to cloud environments. They walk you through areas of risk pertaining to the hypervisors, both type-I and type-II, as well as risks that are present with IaaS, Saas, and PaaS. They also discuss the importance of physical security.
Cloud Security Concepts
5. Cloud Security Concepts
 
In this episode, Daniel and Adam take you through the TCI Reference Architecture matrix which will show the ways and areas that we need to address as an entity that is considering or utilizing cloud services and how we can secure them.
Describe Cloud Reference Architecture Part 2
4. Describe Cloud Reference Architecture Part 2
 
In this episode, Daniel and Adam move forward with their exposition on fundamental cloud services concepts and definitions. Here they take a look at the many roles that cloud admins and architects. This includes cloud customer, cloud administrator, cloud developer, and cloud service managers etc.
Describe Cloud Reference Architecture
3. Describe Cloud Reference Architecture
 
In this episode, Daniel and Adam continue building the foundation knowledge and concepts for cloud computing. Here they dive into defining the service models such as IaaS, SaaS, and PaaS. They also describe the different deployment models like Private Cloud, Public Cloud, Hybrid Cloud, and Community Cloud.
Cloud Computing Concepts
2. Cloud Computing Concepts
 
In this episode, Daniel and Adam take you through the foundational concepts for cloud computing. Here they will take you through some common cloud vernacular and definitions. Also they describe the consequences of implementing a cloud solution from a security perspective.
Overview
1. Overview
 
In this episode, Daniel and Adam give a general overview of what to expect in the upcoming Python programming series. They cover topics like who is the intended audience, what the scope of the series will cover, and what are some specific topics that will be addressed.
Description
  • Premiere Date
    January 1, 2015