Introduction
Welcome to Blog-1 of the CCSP – Certified Cloud Security Professional study group. I started this blog, immediately after my CompTIA SY+ 601 Certification, but could not publish new content as I wanted to wrap up my podcast on the CompTIA exam first. I will start with usual questions, like Why CCSP is important, What are the different topics covered in the exam, and Who should go for this exam.
Why one must certify in CCSP?
CCSP, or Certified Cloud Security Professional exam is one of the Industry’s Premier Cloud Security Certification, organized by (ISC)2. It is created by (ISC)2 with collaboration of the Cloud Security Alliance (CSA). The CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity experts at (ISC)².
Exam Format and Syllabus
Exam in online proctor-based and can be taken from anywhere across the globe. Various domains covered in the exam are below. They cover almost everything related to information security for cloud users, from the perspective of everyone, IaaS, PaaS, or SaaS users.
| Domain | % of Exam |
| Domain 1: Cloud concepts, architecture, and design | 17% |
| Domain 2: Cloud data security | 19% |
| Domain 3: Cloud platform and infrastructure security | 17% |
| Domain 4: Cloud application security | 17% |
| Domain 5: Cloud security operations | 17% |
| Domain 6: Legal, risk, and compliance | 13% |
| TOTAL | 100% |
Domain 1: Cloud concepts, architecture, and design
- Understand Cloud Computing Concepts
- Describe Cloud Reference Architecture
- Understand Security Concepts Relevant to Cloud Computing
- Understand Design Principles of Secure Cloud Computing
- Evaluate Cloud Service Providers
- Verify platform binaries before deploying
Domain 2: Cloud Data Security
- Describe Cloud Data Concepts
- Design and Implement Cloud Data Storage Architectures
- Design and Apply Data Security Technologies and Strategies
- Implement Data Discovery
- Implement Data Classification
- Design and Implement Information Rights Management (IRM)
- Plan and Implement Data Retention, Deletion and Archiving Policies
- Design and Implement Auditability, Traceability and Accountability of Data Events
Domain 3: Cloud Platform and Infrastructure Security
- Comprehend Cloud Infrastructure Components
- Design a Secure Data Center
- Analyze Risks Associated with Cloud Infrastructure
- Design and Plan Security Controls
- Plan Disaster Recovery (DR) and Business Continuity (BC)
Domain 4: Cloud Application Security
- Advocate Training and Awareness for Application Security
- Describe the Secure Software Development Life Cycle (SDLC) Process
- Apply the Secure Software Development Life Cycle (SDLC)
- Apply Cloud Software Assurance and Validation
- Use Verified Secure Software
- Comprehend the Specifics of Cloud Application Architecture
- Design Appropriate Identity and Access Management (IAM) Solutions
Domain 5: Cloud Security Operations
- Implement and Build Physical and Logical Infrastructure for Cloud Environment
- Operate Physical and Logical Infrastructure for Cloud Environment
- Manage Physical and Logical Infrastructure for Cloud Environment
- Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
- Support Digital Forensics
- Manage Communication with Relevant Parties
- Manage Security Operations
Domain 6: Legal, Risk and Compliance
- Articulate Legal Requirements and Unique Risks within the Cloud Environment
- Understand Privacy Issues
- Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Enviornment
- Understand Implications of Cloud to Enterprise Risk Management
- Understand Outsourcing and Cloud Contract Design
Exam Requirements
Candidates must have a minimum of 5 years cumulative paid work experience in information technology, of which 3 years must be in information security and 1 year in 1 or more of the 6 domains of the CCSP CBK. A candidate that doesn’t have the required experience to become a CCSP may become an Associate of (ISC)² by successfully passing the CCSP examination. The Associate of (ISC)² will then have 6 years to earn the 5 years required experience.
The length of the exam is 3 hours, with 125 questions to be attempted. The passing grade of the exam is 700 out of the 1000 marks.
That’s all for introduction the exam, checkout my next blog on the topics from the domain 1, Cloud Concepts, Architecture and Design.
TechnoKofe 