CONTENTS
Chapter 1 How to Obtain the CCSP and Introduction to Security
Domain 1: Cloud Concepts, Architecture, and Design
Domain 3: Cloud Platform and Infrastructure Security
Domain 4: Cloud Application Security
Domain 5: Cloud Security Operations
Domain 6: Legal, Risk, and Compliance
Business Continuity and Disaster Recovery
Chapter 2 Cloud Concepts, Architecture, and Design
Key Cloud Computing Characteristics
Impact of Related Technologies
Security Concepts Relevant to Cloud Computing
Security Considerations for the Different Cloud Categories
Design Principles of Secure Cloud Computing
Cloud-Based Business Continuity/Disaster Recovery Planning
Identify Trusted Cloud Services
Certification Against Criteria
System/Subsystem Product Certifications
Sherwood Applied Business Security Architecture (SABSA)
IT Infrastructure Library (ITIL)
The Open Group Architecture Framework (TOGAF)
Design and Implement Cloud Data Storage Architectures
Design and Apply Data Security Strategies
Relevant Jurisdictional Data Protections for Personally Identifiable Information
Privacy Roles and Responsibilities
Implementation of Data Discovery
Classification of Discovered Sensitive Data
Mapping and Definition of Controls
Application of Defined Controls
Data Retention, Deletion, and Archiving Policies
Auditability, Traceability, and Accountability of Data Events
Identity Attribution Requirements
Storage and Analysis of Data Events
Chain of Custody and Nonrepudiation
Chapter 4 Cloud Platform and Infrastructure Security
Comprehend Cloud Infrastructure Components
Analyze Risks Associated with Cloud Infrastructure
Design and Plan Security Controls
Physical and Environmental Protection
System and Communication Protection
Virtualization Systems Protection
Identification, Authentication, and Authorization in a Cloud Infrastructure
Disaster Recovery and Business Continuity Management Planning
Understanding the Cloud Environment
Understanding Business Requirements
Disaster Recovery/Business Continuity Strategy
Chapter 5 Cloud Application Security
Advocate Training and Awareness for Application Security
Describe the Secure Software Development Lifecycle (SDLC) Process
Apply the Secure Software Development Lifecycle
Avoid Common Vulnerabilities During Development
Software Configuration Management and Versioning
Cloud Software Assurance and Validation
Cloud-Based Functional Testing
Cloud Secure Development Lifecycle (CSDLC)
Cloud Application Architecture
Identity and Access Management (IAM) Solutions
Chapter 6 Cloud Security Operations
Support the Planning Process for the Data Center Design
Implement and Build the Physical Infrastructure for the Cloud Environment
Secure Configuration of Hardware-Specific Requirements
Installation and Configuration of Virtualization Management Tools
Virtual Hardware Specific Security Configuration Requirements
Installation of Guest Operating System Virtualization Toolsets
Operate the Physical and Logical Infrastructure for the Cloud Environment
Configuration of Access Control for Local and Remote Access
OS Hardening via Application of Baselines
Availability of Standalone Hosts
Availability of Clustered Hosts
Availability of the Guest Operating System
Manage the Physical and Logical Infrastructure for Cloud Environment
Access Controls for Remote Access
OS Baseline Compliance Monitoring and Remediation
Implement Operational Controls and Standards
Information Security Management
Continual Service Improvement Management
Release and Deployment Management
Proper Methodologies for the Forensic Collection of Data
Manage Communication with Relevant Parties
Monitoring of Security Controls
Chapter 7 Legal, Risk, and Compliance
Articulate Legal Requirements and Unique Risks Within the Cloud Environment
Conflicting International Legislation
Evaluation of Legal Risks Specific to Cloud Computing
Legal Framework and Guidelines
Difference Between Contractual and Regulated Personally Identifiable Information (PII)
Country-Specific Legislation Related to PII and Data Privacy
Differences Among Confidentiality, Integrity, Availability, and Privacy
Understand Audit Processes, Methodologies, and Required Adaptations for a Cloud Environment
Internal and External Audit Controls
Identify Assurance Challenges of Virtualization and Cloud
Restrictions of Audit Scope Statements
Internal Information Security Management System (ISMS)
Internal Information Security Controls System
Identification and Involvement of Relevant Stakeholders
Specialized Compliance Requirements for Highly Regulated Industries
Impact of Distributed IT Model
Understand Implications of Cloud to Enterprise Risk Management
Assess Provider’s Risk Management
Difference Between Data Owner/Controller vs. Data Custodian/Processor
Assessment of the Risk Environment
Understand Outsourcing and Cloud Contract Design
Appendix A Exam Review Questions
Questions and Comprehensive Answer Explanations
Appendix B About the Online Content
Your Total Seminars Training Hub Account