Securing the Power of the Cloud
Backed by the two leading non-profits focused on cloud and information security, the Cloud Security Alliance (CSA) and (ISC)2, the CCSP credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with cyber, information, software and cloud computing infrastructure security. CCSPs help you achieve the highest standard for cloud security expertise and enable your organization to benefit from the power of cloud computing while keeping sensitive data secure.
Globally Recognized Proficiency in Cloud Security
CCSP is a global credential born from the expertise of the two industry-leading stewards of information systems and cloud computing security, (ISC)2 and CSA. The CCSP credential is appropriate and applicable to cloud security in a global environment. This is especially important given the legal, regulatory and compliance concerns that come with multi-jurisdictional housing of personally identifiable information (PII).
Why is (ISC)2 CCSP certification right for me?
The Certified Cloud Security Professional certification is most appropriate for those well versed in IT and information security, with some experience in cloud computing. The ideal candidate will have experience in applying security concepts and controls to cloud environments.
To attain CCSP, applicants must have a minimum of five years of cumulative, paid, full-time working experience in information technology, of which three years must be in information security and one year in one of the six CBK domains.
Earning the (ISC)2 Certified Information Systems Security Professional (CISSP) credential can be substituted for the entire CCSP experience requirement.
Who should obtain the CCSP credential?
The CCSP credential is designed for experienced information security professionals with at least five years of full-time IT experience, including three years of information security and at least one year of cloud security experience. The CCSP credential is suitable for mid-level to advanced professionals involved with IT architecture, web and cloud security engineering, information security, governance, risk and compliance, and even IT auditing.
CCSP is most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services. In other words, CCSPs are heavily involved with the cloud. Many CCSPs will be responsible for cloud security architecture, design, operations, and/or service orchestration.
Example job functions include, but are not limited to:
- Enterprise Architect
- Security Administrator
- Systems Engineer
- Security Architect
- Security Consultant
- Security Engineer
- Security Manager
- Systems Architect
Managing and utilizing cloud computing introduces new security challenges that cannot be addressed with traditional information security approaches. Secure clouds cannot exist without the right cloud security expertise. As a result, organizations are seeking competent, experienced professionals who know how to secure cloud computing environments and services. The CCSP credential helps employers ensure they have the right expertise by providing a new benchmark for knowledge, skills and experience that is viewed as the most reliable indicator of overall competency in cloud security.
How CCSP Certification Helps the Professionals
- Demonstrate not just cloud knowledge but competence gained through hands-on experience with cyber, information, software and cloud computing infrastructure security
- Enhance your credibility and marketability for the most desirable cloud security opportunities; bolster your standing and provide a career differentiator
- Affirm your commitment to understanding and applying security best practices to cloud environments – today and in the future
- As a member of (ISC)2, gain access to valuable career resources, such as networking and ideas exchange with peers
How CCSP Certification Helps Organizations
- Secure and optimize the organization’s use of cloud computing infrastructure and services with qualified professionals who have demonstrated their cloud security competence
- Ensure the organization is applying the proper cloud security controls not only internally but also with third parties by reinforcing risk and legal requirements through cloud contract and SLAs with cloud service providers
- Know that with the two leading stewards of information and cloud security knowledge – (ISC)² and CSA – responsible for CCSP, organizations can be confident it reflects the most current required best practices and competency
- Increase organizational integrity in the eyes of clients and other stakeholders
- Ensure work teams stay current on evolving cloud technologies, threats and mitigation strategies by meeting the continuing professional education requirements
CCSP Course Overview
The CCSP training provides a comprehensive review of cloud security concepts and industry best practices, covering the 6 domains of the CCSP CBK:
- Architectural Concepts & Design Requirements
- Cloud Data Security
- Cloud Platform & Infrastructure Security
- Cloud Application Security
- Legal & Compliance
Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.
This training course will help candidates review and refresh their cloud security knowledge and help identify areas they need to study for the CCSP exam and features:
- Official (ISC)2 courseware
- Taught by an authorized (ISC)2 instructor
- Collaboration with classmates
- Real-world learning activities and scenarios
CCSP Course Outline
Domain 1: Architectural Concepts and Design Requirements
- Module 1: Understand cloud computing concepts
- Module 2: Describe cloud reference architecture
- Module 3: Understand security concepts relevant to could computing
- Module 4: Understand design principles of secure cloud computing
- Module 5: Identify trusted cloud services
Domain 2: Cloud Data Security
- Module 1: Understand Cloud Data Life Cycle
- Module 2: Design and Implement Cloud Data Storage Architectures
- Module 3: Understand and implement Data Discovery and Classification Technologies
- Module 4: Design and Implement Relevant Jurisdictional Data Protection for Personally Identifiable Information (PII)
- Module 5: Design and implement Data Rights Management
- Module 6: Plan and Implement Data Retention, Deletion, and Archival policies
- Module 7: Design and Implement Auditability, Traceability, and Accountability of Data Events
Domain 3: Cloud Platform Infrastructure Security
- Module 1: Comprehend Cloud Infrastructure Comp
- Module 2: Analyze Risks Associated to Cloud Infrastructure
- Module 3: Design and Plan Security Controls
- Module 4: Plans Disaster Recovery & Business Continuity Management
Domain 4: Cloud Application Security
- Module 1: Recognize Need for Training and Awareness in Application Security
- Module 2: Understand Cloud Software Assurance and Validation
- Module 3: Use Verified Secure Software
- Module 4: Comprehend the Software Development Life Cycle (SDLC) Process
- Module 5: Apply the Secure Software Development Life Cycle
- Module 6: Comprehend the Specifics of Cloud Application Architecture
- Module 7: Design Appropriate Identity and Access Management (IAM) Solutions
Domain 5: Operations
- Module 1: Support the Planning Process for the Data Center Design
- Module 2: Implement and Build Physical Infrastructure for Cloud Environment
- Module 3: Run Physical Infrastructure for Cloud Environment
- Module 4: Manage Physical Infrastructure for Cloud Environment
- Module 5: Build Logical Infrastructure for Cloud Environment
- Module 6: Run Logical Infrastructure for Cloud Environment
- Module 7: Manage Logical Infrastructure for Cloud Environment
- Module 8: Ensure Compliance with Regulations and Controls
- Module 9: Conduct Risk Assessment to Logical and Physical Infrastructure
- Module 10: Understand the Collection and Preservation of Digital Evidence
- Module 11: Manage Communications with Relevant Parties
Domain 6: Legal and Compliance
- Module 1: Understand Legal Requirements and Unique Risks Within the Cloud Environment
- Module 2: Understand Privacy Issues, Including Jurisdictional Variances
- Module 3: Understand Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
- Module 4: Understand Implication of Cloud to Enterprise Risk Management
- Module 5: Understand Outsourcing and Cloud Contract Design
- Module 6: Execute Vendor Management
After completing this course, you will be able to:
- Describe the physical and virtual components of and identify the principle technologies of cloud based systems.
- Define the roles and responsibilities of customers, providers, partners, brokers and the various technical professionals that support cloud computing environments.
- Identify and explain the five characteristics required to satisfy the NIST definition of cloud computing.
- Differentiate between various as a Service delivery models and frameworks that are incorporated into the cloud computing reference architecture.
- Discuss strategies for safeguarding data, classifying data, ensuring privacy, assuring compliance with regulatory agencies and working with authorities during legal investigations.
- Contrast between forensic analysis in corporate data center and cloud computing environments.
- Evaluate and implement the security controls necessary to ensure confidentiality, integrity and availability in cloud computing.
- Identify and explain the six phases of the data lifecycle.
- Explain strategies for protecting data at rest and data in motion.
- Describe the role of encryption in protecting data and specific strategies for key management.
- Compare a variety of cloud based business continuity / disaster recovery strategies and select an appropriate solution to specific business requirements.
- Contrast security aspects of Software Development Life Cycle in standard data center and cloud computing environments.
- Describe how federated identity and access management solutions mitigate risks in cloud computing systems.
- Conduct gap analysis between baseline and industry standard best practices.
- Develop Service Level Agreements (SLA) for cloud computing environments.
- Conduct risk assessments of existing and proposed cloud-based environments.
- State the professional and ethical standards of (ISC)2 and the Certified Cloud Security Professional.
Validate your expertise in cloud security
Most CISSPs have responsibilities that touch cloud systems and services. As a result, all credentialed information security professionals must have cloud security knowledge and skills.
Certified Cloud Security Professional (CCSP) was developed by Cloud Security Alliance (CSA) and (ISC)² for security professionals whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services. The CCSP ensures that security professionals have the required knowledge, skills, and abilities to audit, assess, and secure cloud infrastructures. CCSPs report that in addition to employer confidence, they have gained respect, credibility, and trust across all levels within their organization. CCSP certification on your resume will demonstrate your cloud security expertise and show employers that you can fill a void in the rapidly growing aspect of information technology that is cloud security.
As a CISSP, you meet all CCSP experience requirements and are immediately eligible to take the examination.
Course Instructor Profile
He is an information security professional, trainer and enthusiast. His area of interest includes information security strategy & management as well as research into technical security threats, weaknesses, vulnerabilities, and countermeasures. As a security professional, he has been leading numerous security consulting projects focused on implementation of enterprise information security programs in a variety of industries. As a trainer he frequently provides CISSP, CEH, CHFI and custom cyber security training courses. He is an active speaker at top security conferences including InfoSec Europe, Gartner Security & Risk Management Summit, IDC Security Roadshow and others.