Scroll to top button

Managing Cloud Security

Kick start your prep for the ISC2 CCSP exam with CCSP - Managing Cloud Security course. The cert guide provides complete coverage of the CCSP exam objectives and includes topics such as architectural concepts & design requirements, cloud data security, cloud platform & infrastructure security, cloud application, security, operations, legal & compliance. The CCSP credential provides professionals with deep-seated knowledge and competency derived from experience with cyber, information, software and cloud computing infrastructure security.

Here's what you will get

ISC2 and the Cloud Security Alliance (CSA) developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration.

Glossary of terms
Test prep
Pre-assessment Questions
Full Length Tests
Post-Assessment Questions

Videos and How To..

uCertify course includes videos to help understand concepts. It also includes How Tos that help learners with how to accomplish certain tasks.

Video Lessons
Exam FAQs
What are the prerequisites for this exam?

ISC2 has the following pre-requisites:

  • A minimum of five years cumulative, paid, full-time work experience in information technology.
  • Of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).
What is the exam registration fee? USD 549
Where do I take the exam? Pearson VUE
How many questions are asked in the exam? The exam contains 125 questions.
What is the duration of the exam? 240 minutes
What is the passing score? 700

(on a scale of 0-1000)

What is the exam's retake policy?

In the event that you fail your first attempt at passing the CCSP certification, ISC2's retake policy is:

  • Candidates who do not pass the exam the first time will be able to retest after 30 days.
  • Candidates that fail a second time will need to wait 90 days prior sitting for the exam again
  • If a candidate fails third time, the next available time to sit for the exam will be 180 days after the most recent exam attempt.
Where can I find more information about this exam? To know more about the CCSP, click here.
Which certification covers this exam?
What are the career opportunities after passing this exam?
  • Security Engineer
  • Security Manager
  • Security Architect
  • Systems Architect
  • Systems Engineer
  • Enterprise Architect
  • Security Consultant
  • Security Administrator

Here's what you will learn

  • Introduction
  • Cloud Computing Definitions
  • Cloud Computing Roles
  • Key Cloud Computing Characteristics
  • Cloud Transition Scenario
  • Building Blocks
  • Cloud Computing Functions
  • Cloud Service Categories
  • Cloud Deployment Models
  • Cloud Cross-Cutting Aspects
  • Network Security and Perimeter
  • Cryptography
  • IAM and Access Control
  • Data and Media Sanitization
  • Virtualization Security
  • Common Threats
  • Security Considerations for Different Cloud Categories
  • Open Web Application Security Project Top Ten Security Threats
  • Cloud Secure Data Lifecycle
  • Information and Data Governance Types
  • Business Continuity and Disaster Recovery Planning (BCDR)
  • Cost-Benefit Analysis
  • Certification Against Criteria
  • System and Subsystem Product Certification
  • Summary
  • Introduction
  • The Cloud Data Lifecycle Phases
  • Location and Access of Data
  • Functions, Actors, and Controls of the Data
  • Cloud Services, Products, and Solutions
  • Data Storage
  • Relevant Data Security Technologies
  • Application of Security Strategy Technologies
  • Emerging Technologies
  • Data Discovery
  • Data Classification
  • Data Privacy Acts
  • Typical Meanings for Common Privacy Terms
  • Privacy Roles for Customers and Service Providers
  • Responsibility Depending on the Type of Cloud Services
  • Implementation of Data Discovery
  • Classification of Discovered Sensitive Data
  • Mapping and Definition of Controls
  • Privacy Level Agreement
  • PLA Versus Essential P&DP Requirements Activity
  • Application of Defined Controls for PII
  • Data Rights Management Objectives
  • Data-Protection Policies
  • Events
  • Supporting Continuous Operations
  • Chain of Custody and Nonrepudiation
  • Summary
  • Introduction
  • Network and Communications in the Cloud
  • The Compute Parameters of a Cloud Server
  • Storage Issues in the Cloud
  • Management of Cloud Computing Risks
  • Countermeasure Strategies Across the Cloud
  • Physical and Environmental Protections
  • System and Communication Protections
  • Virtualization Systems Controls
  • Managing Identification, Authentication, and Authorization in the Cloud Infrastructure
  • Risk Audit Mechanisms
  • Understanding the Cloud Environment Related to Business Continuity and Disaster Recovery (BCDR)
  • Understanding the Business Requirements Related to BCDR
  • Understanding the BCDR Risks
  • BCDR Strategies
  • Creating the BCDR Plan
  • Summary
  • Introduction
  • Determining Data Sensitivity and Importance
  • Understanding the API Formats
  • Common Pitfalls of Cloud Security Application Deployment
  • Awareness of Encryption Dependencies
  • Understanding the Software Development Lifecycle Process for a Cloud Environment
  • Assessing Common Vulnerabilities
  • Cloud-Specific Risks
  • Threat Modeling
  • Identity and Access Management
  • Federated Identity Management
  • Multifactor Authentication
  • Supplemental Security Devices
  • Cryptography
  • Tokenization
  • Data Masking
  • Sandboxing
  • Application Virtualization
  • Cloud-Based Functional Data
  • Cloud-Secure Development Lifecycle
  • Application Security Testing
  • Summary
  • Introduction
  • Modern Data Centers and Cloud Service Offerings
  • Factors That Affect Data Center Design
  • Enterprise Operations
  • Secure Configuration of Hardware: Specific Requirements
  • Installation and Configuration of Virtualization Management Tools for the Host
  • Securing the Network Configuration
  • Identifying and Understanding Server Threats
  • Using Standalone Hosts
  • Using Clustered Hosts
  • Accounting for Dynamic Operation
  • Using Storage Clusters
  • Using Maintenance Mode
  • Providing High Availability (HA) on the Cloud
  • The Physical Infrastructure for Cloud Environments
  • Configuring Access Control for Remote Access
  • Performing Patch Management
  • Performance Monitoring
  • Backing Up and Restoring the Host Configuration
  • Implementing Network Security Controls: Defense in Depth
  • Developing a Management Plan
  • Building a Logical Infrastructure for Cloud Environments
  • Running a Logical Infrastructure for Cloud Environments
  • Managing the Logical Infrastructure for Cloud Environments
  • Implementation of Network Security Controls
  • Using an ITSM Solution
  • Considerations for Shadow IT
  • Operations Management
  • Managing Risk in Logical and Physical Infrastructures
  • The Risk-Management Process Overview
  • Understanding the Collection and Preservation of Digital Evidence
  • Managing Communications with Relevant Parties
  • Wrap-Up: Data Breach Example
  • Summary
  • Introduction
  • International Legislation Conflicts
  • Legislative Concepts
  • Frameworks and Guidelines Relevant to Cloud Computing
  • Common Legal Requirements
  • Legal Controls and Cloud Service Providers
  • e-Discovery
  • Cloud Forensics and ISO/IEC 27050-1
  • Protecting Personal Information in the Cloud
  • Auditing in the Cloud
  • Standard Privacy Requirements (ISO/IEC 27018)
  • GAPP
  • Internal Information Security Management System (ISMS)
  • Implementing Policies
  • Identifying and Involving the Relevant Stakeholders
  • Impact of Distributed IT Models
  • Understanding the Implications of the Cloud to Enterprise Risk Management
  • Risk Mitigation
  • Understanding Outsourcing and Contract Design
  • Business Requirements
  • Vendor Management
  • Cloud Computing Certification
  • Contract Management
  • Supply Chain Management
  • Summary
Managing Cloud Security
ISBN : 9781616918620