Certified Cloud Security Professional (CCSP)

Getting Started
1 About the Author
2 About the Course
3 Course Prerequisites

Cloud Computing Concepts
4 Roles, Characteristics and Building Block Technologies

Cloud Reference Architecture
5 Cloud Computing Activities and Service Categories
6 Cloud Deployment Models
7 Cloud Shared Considerations
8 Impact of Related Technologies
9 Lab Preparation Video (Important)

Cloud Security Concepts
10 Cryptography and Key Management
11 Data and Media Sanitization
12 Access Control
13 Network Security and Virtualization Security
14 Common Threats

Design Principles
15 Secure Cloud Data Lifecycle
16 Cloud-Based Disaster Recovery (DR) and Business Continuity (BC)
17 Cost-Benefit Analysis
18 Functional Security Requirements
19 Security Considerations for Different Cloud Categories

Evaluate Cloud Service Providers
20 Verification Against Criteria
21 System and Subsystem Product Certifications

Describe Cloud Data Concepts
22 Cloud Data Lifecycle Phases
23 Data Dispersion

Design and Implement Cloud Data Storage Architecture
24 Storage Types
25 Threats to Storage Types

Design and Apply Data Security Technologies and Strategies
26 Encryption and Key Management
27 Hashing, Masking, and Obfuscation
28 Tokenization
29 Data Loss Prevention (DLP)
30 Data De-identification

Implement Data Discovery and Classification
31 Structured and Unstructured Data
32 Mapping, Labeling, and Sensitive Data

Design and Implement Information Rights Management (IRM)
33 IRM Objectives and Tools

Plan and Implement Data Retention, Deletion, and Archival Policies
34 Data Retention Policies
35 Data Deletion Procedures and Mechanisms
36 Data Archival Procedures and Mechanisms
37 Legal Hold

Design and Implement Auditability, Traceability, and Accountability of Data Events
38 Definition of Event Sources and Requirements
39 Logging, Storage, and Analysis of Data Events
40 Chain of Custody and Non-Repudiation

Cloud Infrastructure Components
41 Physical Environment
42 Network and Communications
43 Compute and Virtualization
44 Storage and Management Plane

Design a Secure Datacenter
45 Logical Design
46 Physical Design
47 Environmental Design

Analyze Risks Associated with Cloud Infrastructure
48 Risk Assessment and Analysis
49 Cloud Vulnerabilities, Risks, Threats, and Attacks
50 Countermeasure Strategies

Design and Plan Security Controls
51 Physical and Environmental Protection
52 System and Communication Protection
53 Identification, Authentication, and Authorization in Cloud Infrastructure
54 Audit Mechanisms

Plan Disaster Recovery (DR) and Business Continuity (BC)
55 Risks Related to the Cloud Environment
56 Business Requirements
57 Business ContinuityDisaster Recovery Strategy
58 Creating a BCDR Plan
59 Testing a BCDR Plan

Advocate Training and Awareness for Application Security
60 Cloud Development Basics
61 Common Pitfalls and Vulnerabilities

Describe the Secure Software Development Life Cycle (SDLC) Process
62 Business Requirements and PhasesMethodologies

Apply the Secure Software Development Life Cycle (SDLC)
63 Avoid Common Vulnerabilities During Development
64 Cloud-Specific Risks and Quality Assurance
65 Threat Modeling and Configuration Management

Apply Cloud Software Assurance and Validation
66 Functional Testing and Security Testing Methodologies

Use Verified Secure Software
67 Approved APIs and Third-Party Software

Comprehend the Specifics of Cloud Application Architecture
68 Supplemental Security Components
69 Cryptography
70 Sandboxing and Application Virtualization

Design Appropriate Identity and Access Management (IAM) Solutions
71 Federated Identity and Identity Providers
72 Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
73 Cloud Access Security Broker (CASB)

Implement and Build Physical and Logical Infrastructure for a Cloud Environment
74 Hardware-Specific Security Configuration Requirements
75 Virtualization Management Toolsets

Operate Physical and Logical Infrastructure for the Cloud Environment
76 Configure Access Control for Local and Remote Access
77 Secure Network Configuration
78 Operating System (OS) Hardening through the Application of Baselines
79 Stand-Alone Hosts
80 Availability of Clustered Hosts and Guest OSs

Manage Physical and Logical Infrastructure for the Cloud Environment
81 Access Controls for Remote Access
82 Patch Management
83 Performance, Capacity, and Hardware Monitoring
84 Backup and Restore Functions
85 Network Security Controls and Management Plane

Implement Operational Controls and Standards
86 Change and Continuity Management
87 Information Security and Incident Management
88 Problem and Deployment Management
89 Additional Operational Management

Support Digital Forensics
90 Forensic Data Collection Methodologies
91 Evidence Management

Manage Communication with Relevant Parties
92 Managing Communications

Manage Security Operations
93 Security Operations Center (SOC) and Monitoring Security Controls
94 Log Capture and Analysis
95 Incident Management

Articulate Legal Requirements and Unique Risks with the Cloud Environment
96 Conflicting International Legislation
97 Legal Risks Specific to Cloud Computing
98 Legal Frameworks and Guidelines
99 eDiscovery
100 Forensics Requirements

Understand Privacy Issues
101 Contractual vs. Regulated Private Data
102 Country-Specific Legislation Related to Private Data
103 Jurisdictional Differences and Standard Privacy Requirements

Understand Audit Processes, Methodologies, and Required Adaptations for a Cloud Environment
104 Audit Controls and Requirements
105 Assurance Challenges of Virtualization and Cloud
106 Types of Audit Reports
107 Restrictions of Audit Scope Statements
108 Gap Analysis and Audit Planning
109 Internal Security Management System (ISMS)
110 Policies and Involvement of Relevant Stakeholders
111 Specialized Compliance Requirements for Highly Regulated Industries
112 Impact of Distributed Information Technology (IT) Model

Understand the Implications of Cloud-to-Enterprise Risk Management
113 Assess Providers' Risk Management Programs
114 Data OwnerController vs. Data CustodianProcessor
115 Regulatory Transparency Requirements
116 Risk Treatment and Frameworks
117 Metrics for Risk Management
118 Assessment of Risk Environment

Understand Outsourcing and Cloud Contract Design
119 Business Requirements
120 Vendor Management
121 Contract Management
122 Supply Chain Management

Next Steps
123 How to Prepare for the Exam
124 What's Next After Certification