(ISC)2 |Certified Cloud Security Professional | CCSP

Description

 Securing the Power of the Cloud

As powerful as cloud computing is for the organization, understanding its information security risks and mitigation strategies is critical. Legacy approaches are inadequate, and organizations need competent, experienced professionals equipped with the right cloud security knowledge and skills to be successful. They need CCSPs.

Recognizing the need to identify and validate information security professionals’ competency in securing cloud services, the two leading membership organizations focused on cloud and information security, the Cloud Security Alliance® (CSA) and (ISC)2®, joined together to develop an international cloud security credential that reflects the most current and comprehensive best practices for securing and optimizing cloud computing environments. Result: The Certified Cloud Security Professional (CCSPSM) credential.

Globally Recognized Proficiency in Cloud Security

CCSP is a global credential born from the expertise of the two industry-leading stewards of information systems and cloud computing security, (ISC)² and CSA. The CCSP credential is appropriate and applicable to cloud security in a global environment.

Who should obtain the CCSP ?

The CCSP credential is designed for experienced information security professionals with at least five years of full-time IT experience, including three years of information security and at least one year of cloud security experience. The CCSP credential is suitable for mid-level to advanced professionals involved with IT architecture, web and cloud security engineering, information security, governance, risk and compliance, and even IT auditing.

CCSP Domains

Architectural Concepts & Design Requirements – Cloud computing concepts & definitions based on the ISO/IEC 17788 standard; security concepts and principles relevant to secure cloud computing.

• Understand Cloud Computing Concepts
• Describe Cloud Reference Architecture
• Understand Security Concepts Relevant to Cloud Computing
• Understand Design Principles of Secure Cloud Computing
• Identify Trusted Cloud Services

Cloud Data Security – Concepts, principles, structures, and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability in cloud environments.

• Understand Cloud Data Lifecycle
• Design and Implement Cloud Data Storage Architectures
• Design and Apply Data Security Strategies
• Understand and Implement Data Discovery and Classification Technologies
• Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
• Design and Implement Data Rights Management
• Plan and Implement Data Retention, Deletion, and Archiving Policies
• Design and Implement Auditability, Traceability and Accountability of Data Events

Cloud Platform & Infrastructure Security – Knowledge of the cloud infrastructure components, both the physical and virtual, existing threats, and mitigating and developing plans to deal with those threats.

• Comprehend Cloud Infrastructure Components
• Analyze Risks Associated to Cloud Infrastructure
• Design and Plan Security Controls
• Plan Disaster Recovery and Business Continuity Management

Cloud Application Security – Processes involved with cloud software assurance and validation; and the use of verified secure software.

• Recognize the need for Training and Awareness in Application Security
• Understand Cloud Software Assurance and Validation
• Use Verified Secure Software
• Comprehend the Software Development Life-Cycle (SDLC) Process
• Apply the Secure Software Development Life-Cycle
• Comprehend the Specifics of Cloud Application Architecture
• Design Appropriate Identity and Access Management (IAM) Solutions

Operations – Identifying critical information and the execution of selected measures that eliminate or reduce adversary exploitation of it; requirements of cloud architecture to running and managing that infrastructure; definition of controls over hardware, media, and the operators with access privileges as well as the auditing and monitoring are the mechanisms, tools and facilities.

• Support the Planning Process for the Data Center Design
• Implement and Build Physical Infrastructure for Cloud Environment
• Run Physical Infrastructure for Cloud Environment
• Manage Physical Infrastructure for Cloud Environment
• Build Logical Infrastructure for Cloud Environment
• Run Logical Infrastructure for Cloud Environment
• Manage Logical Infrastructure for Cloud Environment
• Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1)
• Conduct Risk Assessment to Logical and Physical Infrastructure
• Understand the Collection, Acquisition and Preservation of Digital Evidence
• Manage Communication with Relevant Parties

Legal & Compliance – Addresses ethical behavior and compliance with regulatory frameworks. Includes investigative measures and techniques, gathering evidence (e.g., Legal Controls, eDiscovery, and Forensics); privacy issues and audit process and methodologies; implications of cloud environments in relation to enterprise risk management.

• Understand Legal Requirements and Unique Risks within the Cloud Environment
• Understand Privacy Issues, Including Jurisdictional Variation
• Understand Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
• Understand Implications of Cloud to Enterprise Risk Management
• Understand Outsourcing and Cloud Contract Design
• Execute Vendor Management

for any inquires , please contact us