Certified Cloud Security Professional (CCSP)

Overview

This section gives a general overview on the CCSP exam and what to expect in this series. It covers topics such as architectural concepts and design elements, cloud data security, cloud platform and infrastructure security, cloud application security, operational aspects of the cloud–physically and logically, and legal and compliance concerns.

Cloud Computing Concepts

This section covers the foundational concepts for cloud computing. It discusses some common cloud vernacular and definitions and the consequences of implementing a cloud solution from a security perspective.

Describe Cloud Reference Architecture

This section covers the foundation knowledge and concepts for cloud computing. It explains the service models such as IaaS, SaaS, PaaS, and different deployment models like Private Cloud, Public Cloud, Hybrid Cloud, and Community Cloud.

Cloud Security Concepts

This section covers TCI Reference Architecture matrix which will show the ways and areas that we need to address an entity that is considering or utilizing cloud services and how we can secure them.

Secure Cloud Design Principles

This sections talks about the top 10 Application security risks; describing them one by one. It also explain the Cloud Data Security Life Cycle which helps to understand the phases that our data abides in at any given time.

Cloud Data Security

This section covers Cloud Security Data Life Cycle phases. It explain what it takes to keep data secure at each one of these phases from securely storing to making sure that destroyed data is unrecoverable. It also talks about the idea of how secure a cloud solution is.

Cloud Data Storage Architectures

This section explains some considerations that need to be addressed when designing and implementing Cloud data storage architectures. It covers storage locations and access mechanisms like mandatory and discretionary access controls.

Cloud Data Security Strategies

This section covers designing and applying cloud data security strategies. It explores threats to data that can be encountered like, DDOS, unauthorized access, data corruption, and internal malfeasance. It also explains the available technologies to help mitigate those threats, specifically exploring encryption.

Cloud Data Discovery and Classification

This section explains Data Discovery and Classification techniques. It covers what Data Discovery is and how it is done through data labeling and content analysis. It also discusses Data Classification to prioritize and the challenges of adding protections and even re-evaluation and re-classification.

Designing Appropriate Data Protection

This section covers designing and implementing relevant jurisdictional data protections for personally identifiable information. It explains common privacy terms like Data Subject, Controller, and Processor. It dicusses the idea of legal constraints and considerations that must be accounted for when working with personal data.

Data Rights Mgmt Retention and Data Events

This section covers data management concepts and practices. It explores data rights management, data retention, deletion, and archiving policies. It discusses auditability, traceability, and accountability of data events.

Cloud Infrastructure Components

This section walks through the common cloud infrastructure components to understand each from a cloud security perspective. It discusses the physical environment, the management plane, network components, and virtualization.

Cloud Infrastructure Risks

This section describes the importance of risk assessment with regards to Cloud infrastructure. It explains what risks could potentially impact a cloud infrastructure as well as virtualization specific risks. It also covers counter measures and mitigation strategies to protect our cloud infrastructure environments.

Design and Plan Security Controls

This section discusses the designing and planning of security controls. It covers controlling the physical environment, including the building, support structures, and the physical devices. It discusses security control measures for the virtualization and communications systems.

Disaster

This section discusses Disaster Recovery(DR) and Business Continuity management. It explains what exactly DR and Business Continuity are and how to effectively plan and implement them. It covers the risks that could lead to implementing BCDR plans.

Cloud Application Security and the SDLC

This section explores the necessity of building secure applications. It covers cloud development of both RESTful and SOAP apps and common pitfalls to avoid. It also discusses the SDLC or Software Development Life-Cycle.

Identity and Access Management Solutions

This section discusses the necessity of using software that has been verified as secure and Identity and Access Management(IAM) solutions. It explains APIs, supply-chain management, and open-source/community software.

Cloud Software Assurance and Validation

This section explains the specifics of Cloud based software assurance and validation as well as cloud application architectures. It covers supplemental security devices and cryptographic systems that developers will need to pass through and comply with. It also discusses securing apps through sandboxing and app virtualization.

Implement and Build Physical Infrastructure

This section discusses the ways in which we can implement security from the onset of implementation of our physical infrastructure. It explores the secure-by-design physical components that can/should be used in the build, including TPM, secure storage controllers, and network controllers.

Running Physical Infrastructure

This section talks about what it takes to run your physical infrastructure securely. It covers physical access security measures like secure KVMs. It explains secure network configurations by using VLANs, TLS, DNS Sec, and firewalls.

Managing Physical Infrastructure

This section explains managing a physical infrastructure. It covers managing and monitoring access, patches/updates, and performance through logs and monitoring interfaces.

Ensure Compliance

This section discusses compliance to the policies for your systems. It covers CCSP’s role as the voice for security implementation throughout the systems. It talks about the necessity for Configuration Management and Change Management to keep the systems running at the prescribed benchmarks and any deviation is documented and approved.

Planning Data Center Design

This section explores the planning process for data center design. It discusses the factors that effect the build of our data-centers.

Risk Assessment

This section discusses the process and concepts of Risk Assessment. It covers the risk, risk assessment and cost benefit analysis.

Collection and Preservation of Digital Evidence

This section talks about the process of collecting and preserving of evidence in the case of a data breach incident. It explains the proper methods of collecting data and proper way to handle the evidence.

Legal Requirements and Privacy

This section discusses legal compliance, legal requirements and considerations to Cloud environments. It also explains international legislation conflicts and legal controls that may apply to cloud systems. It also covers eDiscovery and forensic requirements.

Cloud Audit Processes

This section examines the audit process for cloud-based systems. It covers internal, external audits and assurance challenges of Cloud systems. It also discusses the different types of audit reports, restrictions, and gap analysis.

Risk Management and Outsourcing

This section discusses the implications of Risk Management with regards to the Cloud. It explains risk, risk management, risk mitigation techniques, risk frameworks and metrics.