CCSP logo

(CCSP) Certified Cloud Security Professional

Achieve the CCSP credential to validate your expertise in cloud security design, implementation, and compliance with global standards.

Category:

In-depth coverage of the six domains required to pass the CCSP exam:

Domain 1. Cloud Concepts, Architecture & Design

Domain 2. Cloud Data Security

Domain 3. Cloud Platform & Infrastructure Security

Domain 4. Cloud Application Security

Domain 5. Cloud Security Operations

Domain 6. Legal, Risk and Compliance

Candidates must have a minimum of five years cumulative paid work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP CBK. Earning CSA CCSK certificate can be substituted for one year of experience in one or more of the six domains of the CCSP CBK. Earning the CISSP credential can be substituted for the entire CCSP experience requirement.

The CCSP is ideal for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration, including those in the following positions:

  • Cloud Architect
  • Cloud Engineer
  • Cloud Consultant
  • Cloud Administrator
  • Cloud Security Analyst
  • Cloud Specialist
  • Auditor of Cloud Computing Services
  • Professional Cloud Developer
1.1 Understand Cloud Computing Concepts
1.2 Describe Cloud Reference Architecture
1.3 Understand Security Concepts Relevant to Cloud Computing
1.4 Understand Design Principles of Secure Cloud Computing
1.5 Evaluate Cloud Service Providers
2.1 Describe Cloud Data Lifecycle
2.2 Design and Implement Cloud Data Storage Architectures
2.3 Design and Apply Data Security Technologies Strategies
2.4 Implement Data Discovery
2.5 Plan and implement data classification.
2.6 Design and Implement Information Rights Management (IRM)
2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies
2.8 Design and Implement Auditability, Traceability, and Accountability of Data Events
3.1 Comprehend Cloud Infrastructure and Platform Components
3.2 Design a Secure Data Center
3.3 Analyze Risks Associated with Cloud Infrastructure and Platforms
3.4 Plan and Implementation of Security Controls
3.5 Plan business continuity (BC) and disaster recovery (DR)
4.1 Advocate Training and Awareness for Application Security
4.2 Describe the Secure Software Development Life Cycle (SDLC) process
4.3 Apply the Software Development Life-Cycle (SDLC)
4.4 Apply Cloud Software Assurance and Validation
4.5 Use verified secure software
4.6 Comprehend The Specifics of Cloud Application Architecture
4.7 Design appropriate identity and access management (IAM) solutions
5.1 Build and Implement Physical and Logical Infrastructure for Cloud Environment
5.2 Operate and Maintain Physical and Logical Infrastructure for Cloud Environment
5.3 Implement Operational Controls and Standards (E.G., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
5.4 Support Digital Forensics
5.5 Manage Communication with Relevant Parties
5.6 Manage Security Operations
6.1 Articulate Legal Requirements and Unique Risks within the Cloud Environment
6.2 Understand Privacy Issues
6.3 Understand Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
6.4 Understand Implications of Cloud to Enterprise Risk Management
6.5 Understand Outsourcing and Cloud Contract Design
Length of exam 3 hours
Number of questions 125
Question format Multiple choice
Passing grade 700 out of 1000 points
Exam availability English, Chinese, German, Japanese
Testing center Pearson VUE Testing Center

Description

Course Code: 2364

ISC2 developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration. This professional competence is measured against a globally recognized body of knowledge.

Related Courses