Certified Cloud Security Professional (CCSP)

Course Objectives:

(ISC)² developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks.

A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration. This professional competence is measured against a globally recognized body of knowledge. Students will be able to prepare and pass the CCSP exam

The Course topics included in the CCSP Common Body of Knowledge (CBK) ensure its relevance across all disciplines in the field of cloud security. Students will master the following 6 domains:

• Domain 1: Cloud Concepts, Architecture and Design
• Domain 2: Cloud Data Security
• Domain 3: Cloud Platform & Infrastructure Security
• Domain 4: Cloud Application Security
• Domain 5: Cloud Security Operations
• Domain 6: Legal, Risk, and Compliance

Exam Guidance Session:

• Preparing for the Exam
• Tips and Tricks
• Study material and related guidance

Session 1: Domain 1: Cloud Concepts, Architecture and Design

• Understand Cloud Computing Concepts
• Describe Cloud Reference Architecture
• Understand Security Concepts Relevant to Cloud Computing
• Understand Design Principles of Secure Cloud Computing
• Evaluate Cloud Service Providers

Session 2: Domain 2: Cloud Data Security

• Describe Cloud Data Concepts
• Design and Implement Cloud Data Storage Architectures
• Design and Apply Data Security Technologies and Strategies
• Implement Data Discovery
• Implement Data Classification
• Design and Implement Information Rights Management (IRM)
• Plan and Implement Data Retention, Deletion, and Archiving Policies
• Design and Implement Auditability, Traceability, and Accountability of Data Events

Session 3: Domain 3: Cloud Platform & Infrastructure Security

• Comprehend Cloud Infrastructure Components
• Design a Secure Data Center

• Analyze Risks Associated with Cloud Infrastructure
• Design and Plan Security Controls
• Plan Disaster Recovery (DR) and Business Continuity (BC)

Session 4: Domain 4: Cloud Application Security

• Advocate Training and Awareness for Application Security
• Describe the Secure Software Development Life Cycle (SDLC) Process
• Apply the Secure Software Development Life Cycle (SDLC)
• Apply Cloud Software Assurance and Validation
• Use Verified Secure Software
• Comprehend the Specifics of Cloud Application Architecture
• Design Appropriate Identity and Access Management (IAM) Solutions

Session 5: Domain 5: Cloud Security Operations

• Implement and Build Physical and Logical Infrastructure for Cloud Environment
• Operate Physical and Logical Infrastructure for Cloud Environment
• Manage Physical and Logical Infrastructure for Cloud Environment
• Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
• Support Digital Forensics
• Manage Communication with Relevant Parties
• Manage Security Operations

Session 6: Domain 6: Legal, Risk, and Compliance

• Articulate Legal Requirements and Unique Risks within the Cloud Environment
• Understand Privacy Issues
• Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
• Understand Implications of Cloud to Enterprise Risk Management
• Understand Outsourcing and Cloud Contract Design