Course Overview
The Certified Cloud Security Professional (CCSP) credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with cyber, information, software and cloud computing infrastructure security. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration.This training provides a comprehensive review of cloud security concepts and industry best practices, covering 6 domains of the CCSP CBK in order to prepare for CCSP Examination.
Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.
Target Audience
The CCSP credential is designed for experienced information security professionals with at least five years of full-time IT experience, including three years of information security and at least one year of cloud security experience. The CCSP credential is suitable for mid-level to advanced professionals involved with IT architecture, web and cloud security engineering, information security, governance, risk and compliance, and even IT auditing.
CCSP is most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services. In other words, CCSPs are heavily involved with the cloud. Many CCSPs will be responsible for cloud security architecture, design, operations, and/or service orchestration.
Course Objectives
After completing this course, you will be able to:
- Describe the physical and virtual components of and identify the principle technologies of cloud based systems.
- Define the roles and responsibilities of customers, providers, partners, brokers and the various technical professionals that support cloud computing environments.
- Identify and explain the five characteristics required to satisfy the NIST definition of cloud computing.
- Differentiate between various as a Service delivery models and frameworks that are incorporated into the cloud computing reference architecture.
- Discuss strategies for safeguarding data, classifying data, ensuring privacy, assuring compliance with regulatory agencies and working with authorities during legal investigations.
- Contrast between forensic analysis in corporate data center and cloud computing environments.
- Evaluate and implement the security controls necessary to ensure confidentiality, integrity and availability in cloud computing.
- Identify and explain the six phases of the data lifecycle.
- Explain strategies for protecting data at rest and data in motion.
- Describe the role of encryption in protecting data and specific strategies for key management.
- Compare a variety of cloud based business continuity / disaster recovery strategies and select an appropriate solution to specific business requirements.
- Contrast security aspects of Software Development Life Cycle in standard data center and cloud computing environments.
- Describe how federated identity and access management solutions mitigate risks in cloud computing systems.
- Conduct gap analysis between baseline and industry standard best practices.
- Develop Service Level Agreements (SLA) for cloud computing environments.
- Conduct risk assessments of existing and proposed cloud-based environments.
- State the professional and ethical standards of (ISC)? and the Certified Cloud Security Professional.
Course Prerequisites
experienced information security professionals with at least five years of full-time IT experience, including three years of information security and at least one year of cloud security experience
Course Outline
- Domain 1: Architectural Concepts & Design Requirements
- Domain 2: Cloud Data Security
- Domain 3: Cloud Platform & Infrastructure Security
- Domain 4: Cloud Application Security
- Domain 5: Operations
- Domain 6: Legal & Compliance