Inspiring a safe and secure cyber world
About CCSP
(ISC)² and the Cloud Security Alliance (CSA) developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration. This professional competence is measured against a globally recognized body of knowledge. The CCSP is a standalone credential that complements and builds upon existing credentials and educational programs, including (ISC)²’s Certified Information Systems Security Professional (CISSP) and CSA’s Certificate of Cloud Security Knowledge (CCSK).
The topics included in the CCSP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of cloud security. Successful candidates are competent in the following 6 domains:
• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform & Infrastructure Security
• Cloud Application Security
• Operations
• Legal & Compliance
Experience Requirements
Candidates must have a minimum of 5 years cumulative paid full-time work experience in information technology, of which 3 years must be in information security and 1 year in 1 or more of the 6 domains of the CCSP CBK. Earning CSA’s CCSK certificate can be substituted for 1 year of experience in 1 or more of the 6 domains of the CCSP CBK. Earning (ISC)²’s CISSP credential can be substituted for the entire CCSP experience requirement.
A candidate that doesn’t have the required experience to become a CCSP may become an Associate of (ISC)² by successfully passing the CCSP examination. The Associate of (ISC)² will then have 6 years to earn the 5 years required experience.
Accreditation
CCSP under ANSI review for compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.
Job Task Analysis (JTA)
(ISC)² has an obligation to its membership to maintain the relevancy of the CCSP. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by security professionals who are engaged in the profession defined by the CCSP. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals focusing on cloud technologies.
Course Curriculum
| Domain 1: Architectural Concepts and Design Requirements | |||
| 1.1 Understand Cloud Computing Concepts Details | 00:00:00 | ||
| 1.2 Describe Cloud Reference Architecture Details | 00:00:00 | ||
| 1.3 Understand Security Concepts Relevant to Cloud Computing Details | 00:00:00 | ||
| 1.4 Understand Design Principles of Secure Cloud Computing Details | 00:00:00 | ||
| 1.5 Identify Trusted Cloud Services Details | 00:00:00 | ||
| Domain 2: Cloud Data Security | |||
| 2.1 Understand Cloud Data Lifecycle (CSA Guidance) Details | 00:00:00 | ||
| 2.2 Design and Implement Cloud Data Storage Architectures Details | 00:00:00 | ||
| 2.3 Design and Apply Data Security Strategies Details | 00:00:00 | ||
| 2.4 Understand and Implement Data Discovery and Classification Technologies Details | 00:00:00 | ||
| 2.5 Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII) Details | 00:00:00 | ||
| 2.6 Design and Implement Data Rights Management Details | 00:00:00 | ||
| 2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies Details | 00:00:00 | ||
| 2.8 Design and Implement Auditability, Traceability and Accountability of Data Events Details | 00:00:00 | ||
| Domain 3: Cloud Platform and Infrastructure Security | |||
| 3.1 Comprehend Cloud Infrastructure Components Details | 00:00:00 | ||
| 3.2 Analyze Risks Associated to Cloud Infrastructure Details | 00:00:00 | ||
| 3.3 Design and Plan Security Controls Details | 00:00:00 | ||
| 3.4 Plan Disaster Recovery and Business Continuity Management Details | 00:00:00 | ||
| Domain 4: Cloud Application Security | |||
| 4.1 Recognize the need for Training and Awareness in Application Security Details | 00:00:00 | ||
| 4.2 Understand Cloud Software Assurance and Validation Details | 00:00:00 | ||
| 4.3 Use Verified Secure Software Details | 00:00:00 | ||
| 4.4 Comprehend the Software Development Life-Cycle (SDLC) Process Details | 00:00:00 | ||
| 4.5 Apply the Secure Software Development Life-Cycle Details | 00:00:00 | ||
| 4.6 Comprehend the Specifics of Cloud Application Architecture Details | 00:00:00 | ||
| 4.7 Design Appropriate Identity and Access Management (IAM) Solutions Details | 00:00:00 | ||
| Domain 5: Operations | |||
| 5.1 Support the Planning Process for the Data Center Design Details | 00:00:00 | ||
| 5.2 Implement and Build Physical Infrastructure for Cloud Environment Details | 00:00:00 | ||
| 5.3 Run Physical Infrastructure for Cloud Environment Details | 00:00:00 | ||
| 5.4 Manage Physical Infrastructure for Cloud Environment Details | 00:00:00 | ||
| 5.5 Build Logical Infrastructure for Cloud Environment Details | 00:00:00 | ||
| 5.6 Run Logical Infrastructure for Cloud Environment Details | 00:00:00 | ||
| 5.7 Manage Logical Infrastructure for Cloud Environment Details | 00:00:00 | ||
| 5.8 Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1) Details | 00:00:00 | ||
| 5.9 Conduct Risk Assesment to Logical and Physical Infrastructure Details | 00:00:00 | ||
| 5.10 Understand the Collection, Acquisition and Preservation of Digital Evidence Details | 00:00:00 | ||
| 5.11 Manage Communication with Relevant Parties Details | 00:00:00 | ||
| Domain 6: Legal and Compliance | |||
| 6.1 Understand Legal Requirements and Unique Risks within the Cloud Environment Details | 00:00:00 | ||
| 6.2 Understand Privacy Issues, Including Jurisdictional Variation Details | 00:00:00 | ||
| 6.3 Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment Details | 00:00:00 | ||
| 6.4 Understand Implications of Cloud to Enterprise Risk Management Details | 00:00:00 | ||
| 6.5 Understand Outsourcing and Cloud Contract Design Details | 00:00:00 | ||
| 6.6 Execute Vendor Management Details | 00:00:00 | ||
Course Reviews
No Reviews found for this course.
