Certified Cloud Security Professional Course Outline
Our CCSP course looks at the following areas:
Domain 1: Cloud Concepts, Architecture, and Design
Module 1: Understand Cloud Computing Concepts
- Introduction to Cloud Computing
- Benefits of Cloud Computing
- Cloud Computing Definitions
- Cloud Computing Roles
- Key Cloud Computing Characteristics
- Building Block Technologies
Module 2: Describe Cloud Reference Architecture
- Cloud Reference Model
- Conceptual Reference Model
- Cloud Computing Activities
- Cloud Service Capabilities
- Deployment Models
- Cloud Shared Considerations
- Impact of Related Technologies
Module 3: Understand Security Concepts Relevant to Cloud Computing
- Cryptography
- Key Management
- IAM and Access Control
- Data and Media Sanitisation
- Virtualisation Security
- Common Threats
- Network Security
Module 4: Understand Design Principles of Secure Cloud Computing
- Cloud Secure Data Lifecycle
- Cloud-Based Disaster Recovery (DR) Planning
- Business Continuity Planning
- Cost-Benefit Analysis
- Security Considerations for Different Cloud Categories
Module 5: Identify Trusted Cloud Services
- Certification Against Criteria
Domain 2: Cloud Data Security
Module 6: Describe Cloud Data Concepts
- Cloud Data Life Cycle Phases
- Data Dispersion
Module 7: Design and Implement Cloud Data Storage Architectures
- Storage Types
- Threats to Storage Types
Module 8: Design and Apply Data Security Technologies and Strategies
- Encryption
- Key Management
- Hashing
- Data De-identification
- Data Masking
- Tokenisation
- Data Loss Prevention (DLP)
Module 9: Implement Data Discovery
- Structured Data
- Unstructured Data
Module 10: Implement Data Classification
- Mapping
- Labelling
- Sensitive Data
Module 11: Design and Implement Information Rights Management (IRM)
- Objectives
- Provisioning
- Access Models
- Appropriate Tools
Module 12: Plan and Implement Data Retention, Deletion and Archiving Policies
- Data Protection Policies
- Data Retention Policies
- Data Deletion Procedures and Mechanisms
- Data Archiving Policies
- Legal Hold
Module 13: Design and Implement Auditability, Traceability and Accountability of Data Events
- Definition of Event Sources
- Requirement of Identity Attribution
- Logging
- Storage and Analysis of Data Events
- Chain of Custody and Nonrepudiation
Domain 3: Cloud Platform Infrastructure Security
Module 14: Comprehend Cloud Infrastructure Components
- Cloud Infrastructure
- Physical Environment
- Network and Communications
- Compute Parameters of a Cloud Server
- Virtualisation
- Storage
- Management Plane
Module 15: Design a Secure Data Centre
- Logical Design
- Physical Design
- Environmental Design
Module 16: Analyse Risks Associated with Cloud Infrastructure
- Risk Assessment and Analysis
- Virtualisation Risks
- Counter-Measure Strategies
Module 17: Design and Plan Security Controls
- Physical and Environmental Protection
- System and Communication Protection
- Virtualisation Systems Protection
- Identification, Authentication, and Authorisation in Cloud Infrastructure
- Audit Mechanisms
Module 18: Plan Disaster Recovery and Business Continuity Management
- Risks Related to the Cloud Environment
- Business Requirements
- Business Continuity/Disaster Recovery Strategy
- Creation, Implementation, and Testing of Plan
Domain 4: Cloud Application Security
Module 19: Advocate Training and Awareness for Application Security
- Cloud Development Basics
- Common Pitfalls
- Common Cloud Vulnerabilities
Module 20: Describe the Secure Software Development Life Cycle (SDLC) Process
- Business Requirements
- Phases and Methodologies
Module 21: Apply the Secure Software Development Life Cycle (SDLC)
- Cloud-Specific Risks
- Threat Modelling
- Software Configuration Management and Versioning
- Quality of Service (QoS)
Module 22: Apply Cloud Software Assurance and Validation
- Functional Testing
- Security Testing Methodologies
Module 23: Use Verified Secure Software
- Approved API
- Supply-Chain Management
- Validated Open Source Software
Module 24: Comprehend the Specifics of Cloud Application Architecture
- Supplement Security Devices
- Cryptography
- Sandboxing
- Application Virtualisation
- Orchestration
Module 25: Design Appropriate Identity and Access Management (IAM) Solutions
- Federated Identity
- Identity Providers
- Single Sign-On (SSO)
- Multifactor Authentication
- Cloud Access Security Broker (CASB)
Domain 5: Cloud Security Operations
Module 26: Implement and Build Physical and Logical Infrastructure for Cloud Environment
- Hardware Specific Security Configuration Requirements
- Installation and Configuration of Virtualisation Management Tools
- Virtual Hardware Specific Security Configuration Requirements
- Installation of Guest Operating System (OS) Virtualisation Toolsets
Module 27: Operate Physical and Logical Infrastructure for Cloud Environment
- Configure Access Control for Local and Remote Access
- Securing Network Configuration
- Dynamic Host Configuration Protocol
- Securing Network Configuration
- Operating System (OS) Hardening Through the Application of Baselines
- Availability of Stand-Alone Hosts
- Availability of Clustered Hosts
- Availability of the Guest OS
Module 28: Manage Physical and Logical Infrastructure for Cloud Environment
- Access Control for Remote Access
- Operating System (OS) Baseline Compliance Monitoring and Remediation
- Patch Management
- Performance and Capacity Monitoring
- Hardware Monitoring
- Configuration of Host and Guest Operating System (OS) Backup and Restore Functions
- Implementation of Network Security Controls
Module 29: Implement Operational Controls and Standards
- Overview
- Change Management
- Continuity Management
- Information Security Management
- Continual Service Improvement Management
- Incident Management
- Problem Management
- Release and Deployment Management
- Configuration Management
- Service Level Management
- Availability Management
- Capacity Management
Module 30: Support Digital Forensics
- Support Digital Forensics
- Forensic Data Collection Methodologies
- Evidence Management
- Collect, Acquire and Preserve Digital Evidence
Module 31: Manage Communication with Relevant Parties
- Vendors
- Customers
- Partners
- Regulators
- Other Stakeholders
Module 32: Manage Security Operations
- Security Operations Center (SOC)
- Log Capture and Analysis
Domain 6: Legal, Risk and Compliance
Module 33: Articulate Legal Requirements and Unique Risks within the Cloud Environment
- Conflicting International Legislation
- Evaluation of Legal Risks Specific to Cloud Computing
- Legal Framework and Guidelines
- eDiscovery
- Forensics Requirements
Module 34: Understand Privacy Issues
- Contractual and Regulated PII
- Country-Specific Legislation and Regulation of PII
- Difference between Confidentiality, Authentication, and Integrity
- Standard Privacy Requirements
Module 35: Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
- Internal and External Audit Control
- Impact of Audit Requirements
- Identify Assurance Challenges of Virtualisation and Cloud
- Types of Audit Reports
- Restrictions of Audit Scope Statements
- Gap Analysis
- Audit Planning
- Internal Information Security Management System (ISMS)
- Internal Information Security Controls System
- Policies
- Identification and Involvement of Relevant Stakeholders
- Specialised Compliance Requirements for Highly-Regulated Industries
- Impact of Distributed IT Models
Module 36: Understand Implications of Cloud to Enterprise Risk Management
- Assess Providers Risk Management Programs
- Difference
- Regulatory Transparency Requirements
- Risk Treatment
- Different Risk Frameworks
- Metrics for Risk Management
- Assessment of the Risk Environment
Module 37: Understand Outsourcing and Cloud Contract Design
- Business Requirements
- Vendor Management
- Contract Management
- Supply Chain Management
- Implementation of Network Security Controls
- Management Plane