CSSLP

Certified Cloud Security Professional (CCSP)

Course Description

(ISC)2 and the Cloud Security Alliance (CSA) developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration. This professional competence is measured against a globally recognized body of knowledge. The CCSP is a standalone credential that complements and builds upon existing credentials and educational programs, including (ISC)2 ' s Certified Information Systems Security Professional (CISSP) and CSA's Certificate of Cloud Security Knowledge (CCSK).

The topics included in the CCSP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of cloud security. Successful candidates are competent in the following 6 domains:

  • Architectural Concepts & Design Requirements
  • Cloud Data Security
  • Cloud Platform & Infrastructure Security
  • Cloud Application Security
  • Operations
  • Legal & Compliance

CISSP Exam Information

  • Length of exam: 4 hours
  • Number of questions: 125
  • Question format: Multiple choice
  • Passing grade: 700 out of 1000 points
  • Testing center: Pearson Vue Testing Center

Domains covered in CCSP

Architectural Concepts & Design Requirements

  • Understand Cloud Computing Concepts.
  • Describe Cloud Reference Architecture
  • Understand Security Concepts Relevant to Cloud Computing
  • Understand Design Principles of Secure Cloud Computing
  • Identify Trusted Cloud Services

Cloud Data Security

  • Understand Cloud Data Lifecycle (CSA Guidance)
  • Design and Implement Cloud Data Storage Architectures
  • Design and Apply Data Security Strategies
  • Understand and Implement Data Discovery and Classification Technologies
  • Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
  • Design and Implement Data Rights Management
  • Plan and Implement Data Retention, Deletion, and Archiving Policies
  • Design and Implement Auditability, Traceability and Accountability of Data Events

Cloud Platform and Infrastructure Security

  • Comprehend Cloud Infrastructure Components
  • Analyze Risks Associated to Cloud Infrastructure
  • Design and Plan Security Controls
  • Plan Disaster Recovery and Business Continuity Management

Cloud Application Security

  • Recognize the need for Training and Awareness in Application Security
  • Understand Cloud Software Assurance and Validation
  • Use Verified Secure Software
  • Comprehend the Software Development Life-Cycle (SDLC) Process
  • Apply the Secure Software Development Life-Cycle
  • Comprehend the Specifics of Cloud Application Architecture
  • Design Appropriate Identity and Access Management (IAM) Solutions

Operations

  • Support the Planning Process for the Data Center Design
  • Implement and Build Physical Infrastructure for Cloud Environment
  • Run Physical Infrastructure for Cloud Environment
  • Manage Physical Infrastructure for Cloud Environment
  • Build Logical Infrastructure for Cloud Environment
  • Run Logical Infrastructure for Cloud Environment
  • Manage Logical Infrastructure for Cloud Environment
  • Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1)
  • Conduct Risk Assesment to Logical and Physical Infrastructure
  • Understand the Collection, Acquisition and Preservation of Digital Evidence
  • Manage Communication with Relevant Parties

Legal and Compliance

  • Understand Legal Requirements and Unique Risks within the Cloud Environment
  • Understand Privacy Issues, Including Jurisdictional Variation
  • Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
  • Understand Implications of Cloud to Enterprise Risk Management
  • Understand Outsourcing and Cloud Contract Design
  • Execute Vendor Management