This six-hour course will provide knowledge and skills required to perform 3rd party audits of the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) against a maturity model, and to award CSA STAR certification where appropriate.

In conjunction with the CSA, BSI has developed the CSA STAR Certification scheme to measure the robustness and performance of cloud security. It gives cloud service providers the ability to prove that their registration to the Cloud Security Alliance’s (CSA’s) Security, Trust and Assurance Registry (STAR) has been independently assessed against the new CSA STAR certification maturity model.

On-demand - training that’s even more flexible

BSI’s on-demand courses are market-leading and available 24/7. Developed by top subject matter experts, they contain the same high-quality content you will find in our tutor-led training, but with the added benefit of being able to learn at your own pace and at any time.

How will I benefit?

This course will help you:

• Learn how to effectively prepare a cloud service provider for a CSA STAR audit and have sufficient knowledge and skills to conduct 1st and 2nd party audits
• Gain an understanding of what a Cloud Service Provider must do to achieve CSA STAR certification
• Understand the benefits of CSA STAR certification to a CSP and to the customer

What will I learn?

Upon completion of this training, you will be able to:

• Define the specific control areas of the CCM and differentiate between them
• Apply the maturity model when auditing a provider's security controls
• Calculate a maturity score for each CCM control area
• Derive a provider's maturity level from the maturity scores
• Recommend STAR certification
• Explain what maturity is and how the CSA certification maturity model works

Who should attend?

ISO/IEC 27001 qualified auditors or those with equivalent knowledge and experience. Suggested job roles include:

• Network security managers
• Information security consultants
• Cyber Security principals
• IT Risk and Security managers

How will I learn?

This is an online, interactive on-demand course.

Courses are available 24/7 and you can learn at any time and from any place that suits you – you just need an internet connection.

You can learn as fast or as slowly as you want to. You can also take breaks at any time in the course and pick up where you left off when you are ready to continue

During the access period, you can go back and repeat parts or all the course to refresh and reinforce what you have learned

The course content is both detailed and engaging, with explanations, activities, and knowledge checks to enhance your learning.

What will I gain?

On completion, you’ll be awarded an internationally recognized BSI training course certificate.

Prerequisites

ISO/IEC 27001 audit qualification or equivalent experience. Basic knowledge of Cloud Computing and associated services (SaaS, IaaS, PaaS)

Duration

6 hours

Modules

• Module 1: Cloud fundamentals
• Module 2: The CSA and CCM
• Module 3: The CCM and maturity modelling
• Module 4: How to audit using maturity modelling
• Module 5: How to audit using maturity modelling Part 2
• Module 6: Key concepts and review
• Module 7: Cirrus Cloud case study scenario
• Summary and review