Certified Cloud Security Professional – CCSP [Overview]


Welcome to Blog-1 of the CCSP – Certified Cloud Security Professional study group. I started this blog, immediately after my CompTIA SY+ 601 Certification, but could not publish new content as I wanted to wrap up my podcast on the CompTIA exam first. I will start with usual questions, like Why CCSP is important, What are the different topics covered in the exam, and Who should go for this exam.

Why one must certify in CCSP?

CCSP, or Certified Cloud Security Professional exam is one of the Industry’s Premier Cloud Security Certification, organized by (ISC)2. It is created by (ISC)2 with collaboration of the Cloud Security Alliance (CSA). The CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity experts at (ISC)².

Exam Format and Syllabus

Exam in online proctor-based and can be taken from anywhere across the globe. Various domains covered in the exam are below. They cover almost everything related to information security for cloud users, from the perspective of everyone, IaaS, PaaS, or SaaS users.

Domain% of Exam
Domain 1: Cloud concepts, architecture, and design17%
Domain 2: Cloud data security19%
Domain 3: Cloud platform and infrastructure security17%
Domain 4: Cloud application security17%
Domain 5: Cloud security operations17%
Domain 6: Legal, risk, and compliance13%

Domain 1: Cloud concepts, architecture, and design

  • Understand Cloud Computing Concepts
  • Describe Cloud Reference Architecture
  • Understand Security Concepts Relevant to Cloud Computing
  • Understand Design Principles of Secure Cloud Computing
  • Evaluate Cloud Service Providers
  • Verify platform binaries before deploying

Domain 2: Cloud Data Security

  • Describe Cloud Data Concepts
  • Design and Implement Cloud Data Storage Architectures
  • Design and Apply Data Security Technologies and Strategies
  • Implement Data Discovery
  • Implement Data Classification
  • Design and Implement Information Rights Management (IRM)
  • Plan and Implement Data Retention, Deletion and Archiving Policies
  • Design and Implement Auditability, Traceability and Accountability of Data Events

Domain 3: Cloud Platform and Infrastructure Security

  • Comprehend Cloud Infrastructure Components
  • Design a Secure Data Center
  • Analyze Risks Associated with Cloud Infrastructure
  • Design and Plan Security Controls
  • Plan Disaster Recovery (DR) and Business Continuity (BC)

Domain 4: Cloud Application Security

  • Advocate Training and Awareness for Application Security
  • Describe the Secure Software Development Life Cycle (SDLC) Process
  • Apply the Secure Software Development Life Cycle (SDLC)
  • Apply Cloud Software Assurance and Validation
  • Use Verified Secure Software
  • Comprehend the Specifics of Cloud Application Architecture
  • Design Appropriate Identity and Access Management (IAM) Solutions

Domain 5: Cloud Security Operations

  • Implement and Build Physical and Logical Infrastructure for Cloud Environment
  • Operate Physical and Logical Infrastructure for Cloud Environment
  • Manage Physical and Logical Infrastructure for Cloud Environment
  • Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
  • Support Digital Forensics
  • Manage Communication with Relevant Parties
  • Manage Security Operations

Domain 6: Legal, Risk and Compliance

  • Articulate Legal Requirements and Unique Risks within the Cloud Environment
  • Understand Privacy Issues
  • Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Enviornment
  • Understand Implications of Cloud to Enterprise Risk Management
  • Understand Outsourcing and Cloud Contract Design

Exam Requirements

Candidates must have a minimum of 5 years cumulative paid work experience in information technology, of which 3 years must be in information security and 1 year in 1 or more of the 6 domains of the CCSP CBK. A candidate that doesn’t have the required experience to become a CCSP may become an Associate of (ISC)² by successfully passing the CCSP examination. The Associate of (ISC)² will then have 6 years to earn the 5 years required experience.

The length of the exam is 3 hours, with 125 questions to be attempted. The passing grade of the exam is 700 out of the 1000 marks.

That’s all for introduction the exam, checkout my next blog on the topics from the domain 1, Cloud Concepts, Architecture and Design.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s