In today’s environment, the cloud has become increasingly used by many organizations. Information systems professionals must leverage the cloud and ensure that cloud assets are properly managed. The Certified Cloud Security Professional (CCSP) certification is recognized as proof of competency and experience in securing cloud assets and ensuring that these assets are available.
The CCSP certification is a globally recognized certification that demonstrates advanced technical skills and knowledge to design, manage, and secure data, applications, and infrastructure in the cloud using best practices, policies, and procedures established by the cybersecurity experts at (ISC)². (ISC) and the Cloud Security Alliance (CSA) developed the CCSP credential to meet the market need for a way to qualify individuals in the cloud security field.
About the CCSP Exam
The CCSP exam covers the following six domains:
-
- Architectural Concepts and Design Requirements
- Cloud Data Security
- Cloud Platform and Infrastructure Security
- Cloud Application Security
- Operations
- Legal and Compliance
Candidates taking the CCSP exam will be expected to demonstrate proficiency in these six areas by taking the 125-question exam. A cloud security professional should understand the relevant security and design principles for cloud computing. This includes:
-
- Understanding cloud computing concepts, including cloud computing roles and key cloud computing characteristics
- Understanding cloud architecture, including cloud service categories and deployment models
- Understanding cloud security concepts, including encryption and access control
- Understanding security cloud computing design principles, including data lifecycle and business continuity and disaster recovery
- Identifying trusted cloud services
In addition to understanding cloud concepts, a cloud security professional must work with management to ensure that data discovery and classification technologies are used to ensure cloud data security. This includes:
-
- Understanding the cloud data lifecycle
- Designing and implementing cloud data storage architectures
- Designing and applying data security strategies, including encryption, masking, and tokenization
- Implementing data discovery and classification technologies
- Designing and implementing relevant jurisdictional data protections for PII
- Designing and implementing DRM
- Designing and implementing auditability, traceability, and accountability of data events
A cloud security professional must work with management to design and plan the use of security controls to provide cloud platform and infrastructure security. This includes:
-
- Understanding cloud infrastructure components, including the physical environment and management plan
- Analyzing risks associated with cloud infrastructure Evaluating the project management framework and controls
- Designing and planning security controls
- Planning disaster recovery and business continuity management
A cloud security professional must work with management to design and plan the use of security control to provide cloud application security. This includes:
-
- Recognizing the need for training and awareness in application security
- Understanding cloud software assurance and validation
- Using verified secure software
- Understanding the software development life cycle (SDLC) process
- Applying the secure SDLC
- Comprehending the specifics of cloud application architecture
- Designing appropriate Identity and Access Management (IAM) solutions
A cloud security professional must work with management to identify critical information and execute selected measures to eliminate or reduce vulnerabilities. This includes:
-
- Supporting the planning process for data center design
- Implementing, building, running, and managing the physical infrastructure for the cloud
- Building, running, and managing the logical infrastructure for the cloud
- Ensuring compliance with regulations and controls
- Conducting risk assessments of physical and logical environment
- Collecting, acquiring, and preserving physical evidence
- Managing communication
Finally, a cloud security professional must work with management to address ethical behavior and compliance with regulatory frameworks. This includes:
-
- Understanding legal requirements and unique risks in the cloud
- Understanding privacy issues
- Understanding the audit process, methods, and adaptations for the cloud
- Understanding the risk management implications of the cloud
- Understanding outsourcing and cloud contract design
- Executing vendor management
Are you interested in learning more about the CCSP certification? For more information, please visit the (ISC)2 website.