C)CSO - Certified Cloud Security Officer



The Cloud is being widely adopted today for a diverse set of reasons! However, many are finding that security in the cloud is a huge challenge! Either because of implementation or Governance.


Yes, Governance of security related to your cloud vendor is a huge challenge.


However, many global standards have been developed that provide a great baseline for cloud security along with governance.


This course will provide for you what you do not find in other classes!

The combination of knowledge combined into one source from the leading global standards.


We also provide practical skills regarding implementing cloud security, auditing and compliance.


This is all managed by a unique delivery of cloud security along with the hands-on labs needed to truly understand what is happening to your data at all the layers of the cloud stack.


This is a relevant course which introduces many technologies used in the cloud from implementing a private cloud architecture to using a new key management solution from various vendors.



  • To fully understand Cloud Security from a real-world view point
  • To receive the hands-on experience needed to implement Cloud Security with practical implementations
  • To comprehend the industry security standards for both exam knowledge and implementation
  • To have a general working knowledge on what to audit in a cloud architecture.
  • To know hands-on methods of auditing a cloud environment from best practices view point.
  • To understand how compliance is viewed and dealt with in the cloud.
  • To gain the knowledge needed to pass the exam



  • Individual Course Access
  • Course Video
  • Physical, Printed Course book
  • Exam Prep Guide
  • Exam Simulator
  • Exam

C)CSO - Certified Cloud Security Officer - Electronic Course Kit & Exam

  • Module 1 – Introduction to Cloud Computing and Architecture

    • Cloud Computing Terminology
    • Cloud Computing Definition
    • Cloud Computing Characteristics
    • Cloud Computing Benefits
    • Cost Benefit Analysis
    • Reference Model
    • What is Security for the Cloud?

    Module 2 – Cloud Risks

    • Cloud Migration Security Evaluation
    • ENISA Risk Evaluation
    • Cloud Controls Matrix
    • Relevant CCM Controls

    Module 3 – ERM and Governance

    • Importance of the SLA
    • Relevant CCM controls
    • Application of Governance and Risk Management to the Cloud

    Module 4 – Legal Issues

    • Understanding Unique Risks in the Cloud
    • International Law and Potential Conflicts
    • eDiscovery
    • Contract Considerations
    • Relevant CCM Controls

    Module 5 – Virtualization

    • Virtualization Principles
    • Key Components Mapped to Cloud Layer
    • Key Security Concerns
    • Other Technologies Used in the Cloud
    • The Layers
    • Relevant CCM Controls

    Module 6 – Data Security

    • Cloud Data Life Cycle
    • Design and Implement Cloud Data Storage Architectures
    • Design and Apply Data Security Strategies
    • Understand and Implement Data Discovery and Classification Technologies
    • Design and Implement Relevant Jurisdictional Data Protection for PII
    • Design and Implement Data Rights Management
    • Plan and Implement Data Retention, Deletion and Archival Policies
    • Design and Implement Auditability, Traceability, and Accountability of Data Events
    • Relevant CCM Controls

    Module 7 – Data Center Operations

    • Build Logical Infrastructure for Cloud Environment
    • Manage Logical Infrastructure for Cloud Environment
    • Manage Communications with Relevant Parties
    • Relevant CCM Controls

    Module 8 – Interoperability and Portability

    • Interoperability
    • Portability
    • Relevant CCM Controls

    Module 9 – Traditional Security

    • The Physical Environment
    • Support the Planning Process for the Data Center Design
    • Implement and Build Physical Infrastructure for Cloud Environment
    • Run Physical Infrastructure for Cloud Environment
    • Manage Physical Infrastructure for Cloud Environment
    • Relevant CCM Controls

    Module 10 – BCM and DR

    • Disaster Recovery and Business Continuity Management Examples
    • Relevant CCM Controls

    Module 11 – Incident Response

    • Incident Response
    • Forensics
    • Relevant CCM Controls

    Module 12 – Application Security

    • Training and Awareness
    • Secure Software Development Life Cycle Process
    • Application of the Secure Software Development Life Cycle
    • Verifying the use of Secure Software
    • Identity and Access Management (IAM) Solutions
    • Additional components for the Cloud
    • Software Assurance and Validation
    • Relevant CCM Controls

    Module 13 – Encryption and Key Management

    • Review from other chapters
    • Key Management in today’s cloud services
    • Recommendations
    • Relevant CCM Controls

    Module 14 – Identity, Entitlement and Access Management

    • Introduction to Identity and Access Management
    • Identities and Attributes
    • Architectures for Interfacing to Identity and Attribute Providers
    • The Identity
    • Recommendations
    • Relevant CCM Controls

    Module 15 – Auditing and Compliance

    • Compliance and Audit Cloud Issues
    • Assurance Frameworks
    • Auditing
  • Lab 1:  Cloud Migration Evaluation

    Lab 2: Service Level Agreement (SLA) Compliance

    Lab 3: Virtualization 101

    Lab 4: Understanding Network Traffic

    Lab 5: Hardening your Virtual Machines

    Lab 6: ESXi Host Hardening

    Lab 7: Hardening vCenter

    Lab 8: Basics of Data Security in Azure

    Lab 9:  IaaS

    Lab 10:  Deploying a Cloud

    Lab 11: Basic Data Center Operations in Azure

    Lab 12: Interoperability and Portability

    Lab 13: Business Continuity in Azure

    Lab 14: PaaS in Azure

    Lab 15: Encryption in Azure

    Lab 16: Identity and Access Management in Azure

    Lab 17:  SaaS

    Lab 18:  S-P-I Model Exercise

    Lab 19: Cloud Business Driver Audit Exercise

    Lab 20:  IaaS Risk Assessment

    Lab 21: Identity and Access Control Management in the Private Cloud

    Lab 22: VM Security Audit

    Lab 23: Encryption/Key Management in SaaS

©2019 by Oddfellows Services Ltd t/a OFS.

Registered in England Number 11987380

Registered Office : International House, 24 Holborn Viaduct, London, EC1A 2BN, London, United Kingdom.

Email : operations@ofsec.co.uk

Telephone : +44 (0) 203 787 4785