EC-Council Cloud Security Essentials (CSE)

Module 1: Cloud Computing and Security Fundamentals

– Different Types and Service Models of Cloud Computing

– Challenges and Concerns in Cloud Security

– Responsibility for Cloud and Security

– Assessment of Cloud Service Providers

– Advantages of Cloud Security

– Threats and Attacks in Cloud Environments

– Principles for Designing Cloud Security

– Architecture for Cloud Security

Module 2: Identity and Access Management (IAM) in the Cloud

– Basics of IAM

– Principal and Roles of IAM in the Cloud

– Role-based Access Control (RBAC)

– Identity Federation

– Single Sign-on (SSO) and Self-Service Password Reset (SSPR)

– Multifactor Authentication (MFA)

– Principle of Least Privilege

– Auditing and Monitoring of IAM

Module 3: Data Protection and Encryption in the Cloud

– Classification and Lifecycle of Data

– Encryption Methods (at Rest, in Transit)

– Customer vs. Cloud Provider Managed Keys

– Data Loss Prevention (DLP)

– Backup and Disaster Recovery Strategies

Module 4: Network Security in Cloud

– Basics of Cloud Networking

– Virtual Private Clouds (VPC)

– Network Isolation and Segmentation

– Network Access Control Lists (NACLs) and Network Security Groups (NSG)

– Remote Access and Connections

– Firewalls and Intrusion Detection

Module 5: Application Security in Cloud

– Secure Software Development Lifecycle (SDLC) in the Cloud

– Web Application Firewall (WAF) in Cloud Environments

– Web Application Security and OWASP Top Ten

– Principles for Security by Design for Cloud Applications

– Secure Coding Practices

– API Security and Best Practices for Integration

– Considerations for Serverless Security

– Container Security (Docker, Kubernetes)

Module 6: Cloud Security Monitoring and Incident Response

– Cloud Logging

– Cloud Security Monitoring

– SIEM and SOAR

– Cloud-native Monitoring Solutions

– Continuous Cloud Security Monitoring

– Incident Response and Investigation in the Cloud

Module 7: Cloud Security Risk Assessment and Management

– Regulatory and Industry Compliance

– Cloud Security Standards

– Cloud Security Governance and Risk Management

– Auditing and Monitoring Cloud Resources

– Cloud Security Assessment and Penetration Testing

Module 8: Cloud Compliance and Governance

– Regulatory and Industry Compliance

– Cloud Security Standards

– Cloud Security Governance and Risk Management

– Auditing and Monitoring Cloud Resources

– Cloud Security Assessment and Penetration Testing