CCSP Certified Cloud Security Professional Preparation

CCSP Certified Cloud Security Professional Preparation

by Dean Bushmiller
Released September 2022
Publisher(s): Expanding Security
ISBN: 9780996619165

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

The complete Certified Cloud Security Professional video course with CCSK extras by Dean Bushmiller

Domain 1 Cloud Concepts, Architecture and Design

1.1 Understand cloud computing concepts

  • Cloud computing definitions
  • Cloud computing roles and responsibilities
  • Key cloud computing characteristics
  • Building block technologies

    • 1.2 Describe cloud reference architecture

  • Cloud computing activities
  • Cloud service capabilities
  • Cloud service categories IaaS, PaaS, SaaS
  • Cloud deployment models
  • Cloud shared considerations , auditability, regulatory, outsourcing

    • 1.3 Understand security concepts relevant to cloud computing

  • Cryptography and key management
  • Identity and access control
  • Data and media sanitization
  • Network security
  • Virtualization security
  • Common threats
  • Security hygiene

    • 1.4 Understand design principles of secure cloud computing

  • Cloud secure data lifecycle
  • Cloud-based business continuity and disaster recovery plan
  • Business impact analysis
  • Functional security requirements
  • Security considerations and responsibilities for different cloud categories
  • Cloud design patterns Enterprise Architecture
  • DevOps security

    • 1.5 Evaluate cloud service providers

  • Verification against criteria
  • System/subsystem product certifications

    • Domain 2 Cloud Data Security

    2.1 Describe cloud data concepts

  • Cloud data life cycle phases
  • Data dispersion
  • Data flows

    • 2.2 Design and implement cloud data storage architectures

  • Storage types
  • Threats to storage types

    2.3 Design and apply data security technologies and strategies

  • Encryption and key management
  • Hashing
  • Data obfuscation
  • Tokenization
  • Data loss prevention
  • Keys, secrets and certificates management

    • 2.4 Implement data discovery

  • Structured data
  • Unstructured data
  • Semi-structured data
  • Data location

    • 2.5 Plan and implement data classification

  • Data classification policies
  • Data mapping
  • Data labeling

    • 2.6 Design and implement Information Rights Management

  • Legal hold

    • 2.7 Design and implement auditability, traceability and accountability of data events

  • Definition of event sources and requirement of event attributes address, geolocation
  • Logging, storage and analysis of data events
  • Chain of custody and non repudiation

    • Domain 3 Cloud Platform and Infrastructure Security

    3.1 Comprehend cloud infrastructure and platform components

  • Physical environment
  • Network and communications
  • Compute
  • Virtualization
  • Storage
  • Management plane

    • 3.2 Design a secure data center

  • Logical design
  • Physical design
  • Environmental design
  • Design resilient

    • 3.3 Analyze risks associated with cloud infrastructure and platforms

  • Risk assessment
  • Cloud vulnerabilities, threats and attacks
  • Risk mitigation strategies

    • 3.4 Plan and implementation of security controls

  • Physical and environmental protection
  • System, storage and communication protection
  • Identification, authentication and authorization in cloud environments
  • Audit mechanisms correlation, packet capture

    • 3.5 Plan business continuity and disaster recovery

  • Business continuity and disaster recovery strategies
  • Business requirements , Recovery Point Objective
  • Creation, implementation and testing of plan

    • Domain 4 Cloud Application Security

    4.1 Advocate training and awareness for application security

  • Cloud development basics
  • Common pitfalls
  • Common cloud vulnerabilities OWASP Top 10

    • 4.2 Describe the Secure Software Development Life Cycle process

  • Business requirements
  • Phases and methodologies

    • 4.3 Apply the Secure Software Development Life Cycle

  • Cloud specific risks
  • Threat modeling STRIDE and DREAD
  • Avoid common vulnerabilities during development
  • Secure coding Application Security Verification Standard
  • Software configuration management and versioning

    • 4.4 Apply cloud software assurance and validation

  • Functional and non functional testing
  • Security testing methodologies SAST DAST
  • Quality assurance
  • Abuse case testing

    • 4.5 Use verified secure software

  • Securing application programming interfaces
  • Supply chain management
  • Third party software management
  • Validated open source software

    • 4.6 Comprehend the specifics of cloud application architecture

  • Supplemental security components , Database Activity Monitoring, Extensible Markup Language firewalls, application programming interface gateway
  • Cryptography
  • Sandboxing
  • Application virtualization and orchestration

    • 4.7 Design appropriate identity and access management solutions

  • Federated identity
  • Identity providers
  • Single sign on
  • Multi factor authentication
  • Cloud access security broker
  • Secrets management

    • Domain 5 Cloud Security Operations

    5.1 Build and implement physical and logical infrastructure for cloud environment

  • Hardware specific security configuration requirements and Trusted Platform Module
  • Installation and configuration of management tools
  • Virtual hardware specific security configuration requirements , Hypervisor types
  • Installation of guest operating system virtualization toolsets

    • 5.2 Operate and maintain physical and logical infrastructure for cloud environment

  • Access controls for local and remote access , secure terminal access, Secure Shell, console based access mechanisms, jumpboxes, virtual client
  • Secure network configuration , Transport Layer Security, Dynamic Host Configuration Protocol, Domain Name System Security Extensions, virtual private network
  • Network security controls , intrusion prevention systems, honeypots, vulnerability assessments, network security groups, bastion host
  • Operating system hardening through the application of baselines, monitoring and remediation
  • Patch management
  • Infrastructure as Code strategy
  • Availability of clustered hosts
  • Availability of guest operating system
  • Performance and capacity monitoring
  • Hardware monitoring
  • Configuration of host and guest operating system backup and restore functions
  • Management plane

    • 5.3 Implement operational controls and standards

  • Change management
  • Continuity management
  • Information security management
  • Continual service improvement management
  • Incident management
  • Problem management
  • Release management
  • Deployment management
  • Configuration management
  • Service level management
  • Availability management
  • Capacity management

    • 5.4 Support digital forensics

  • Forensic data collection methodologies
  • Evidence management
  • Collect, acquire, and preserve digital evidence

    • 5.5 Manage communication with relevant parties

  • Vendors
  • Customers
  • Partners
  • Regulators
  • Other stakeholders

    • 5.6 Manage security operations

  • Security operations center
  • Intelligent monitoring of security controls , intrusion prevention systems, honeypots, network security groups, artificial intelligence
  • Log capture and analysis , log management
  • Incident management
  • Vulnerability assessments

    • Domain 6 Legal, Risk and Compliance

    6.1 Articulate legal requirements and unique risks within the cloud environment

  • Conflicting international legislation
  • Evaluation of legal risks specific to cloud computing
  • Legal framework and guidelines
  • eDiscovery
  • Forensics requirements

    • 6.2 Understand privacy issues

  • Difference between contractual and regulated private data , personally identifiable information
  • Country specific legislation related to private data , personally identifiable information
  • Jurisdictional differences in data privacy
  • Standard privacy requirements
  • Privacy Impact Assessments

    • 6.3 Understand audit process, methodologies, and required adaptations for a cloud environment

  • Internal and external audit controls
  • Impact of audit requirements
  • Identify assurance challenges of virtualization and cloud
  • Types of audit reports
  • Restrictions of audit scope statements
  • Gap analysis
  • Audit planning
  • Internal information security management system
  • Internal information security controls system
  • Policies
  • Identification and involvement of relevant stakeholders
  • Specialized compliance requirements for highly regulated industries
  • Impact of distributed information technology model

    • 6.4 Understand implications of cloud to enterprise risk management

  • Assess providers risk management programs
  • Difference between data owner/controller vs. data custodian/processor
  • Regulatory transparency requirements , General Data Protection Regulation
  • Risk treatment
  • Different risk frameworks
  • Metrics for risk management
  • Assessment of risk environment

    • 6.5 Understand outsourcing and cloud contract design

  • Business requirements , master service agreement, statement of work
  • Vendor management
  • Contract management
  • Supply chain management
    •

    Publisher resources

    Download Example Code

    Table of contents

    1. Meta Material 0 Preparation for all topics
      1. Welcome
      2. Mindmaps
      3. Notecards Activity
      4. Readings
      5. Cloud lab or NOT Choose a Cloud Management Platform
      6. Cloud+, CCSK, CCSP
      7. CCSP Exam Overview
    2. Core Cloud Concepts
      1. Core Cloud Concepts Introduction
      2. Storage, Networking, CPU, RAM
      3. Metal Enterprise computing before cloud
      4. Virtualization of everything but not cloud yet
      5. Concepts reference architecture
      6. Vendor component names
      7. From Containers to Serverless
      8. Architecture
      9. Governance
    3. Data security
      1. Data security Introduction
      2. Data storage architectures
      3. Security technologies and strategies
      4. Data discovery
      5. Information rights management
      6. Data retention
      7. Auditability
    4. Platform and infrastructure security
      1. Platform and infrastructure security Introduction
      2. Infrastructure and platform components
      3. Risks of infrastructure and platform
      4. Infrastructure and platform security controls
      5. Business Continuity and Disaster Recovery
    5. Application security
      1. Application security Introduction
      2. Training and awareness for application security
      3. Secure software development life cycle SDLC process
      4. Software assurance and validation
      5. Verify secure software
      6. Application architecture
      7. Identity and Access Management
    6. Operations security
      1. Operations security Introduction
      2. Build and implement infrastructure
      3. Operate and maintain infrastructure
      4. Digital forensics
      5. Manage security operations
    7. Legal, risk, compliance, audit
      1. Legal, risk, compliance, audit Introduction
      2. Legal requirements unique to cloud
      3. Privacy issues
      4. Audit process methodologies
      5. Cloud enterprise risk management
    8. Cloud Security Alliance Security as a Service
      1. Security as a Service Introduction
      2. Identity and Access Management
      3. Data Loss Prevention
      4. Web Security
      5. Email Security
      6. Security Assessments
      7. Intrusion Management
      8. Security Information and Event Management
      9. Encryption
      10. BCP and DR
      11. Network Security

    Product information

    • Title: CCSP Certified Cloud Security Professional Preparation
    • Author(s): Dean Bushmiller
    • Release date: September 2022
    • Publisher(s): Expanding Security
    • ISBN: 9780996619165