A+ Study Guide Ancillaries: Introduction and Syllabus

Instructor Materials

CCSP Study Guide

Syllabus

Session 1

This session focuses on the concepts in the first half of Chapter 1 of the CCSP Study Guide:

Chapter 1: Architectural Concepts
Introduction: The CCSP is not an introductory certificate; it is for experienced practitioners.
Basic understanding of IT and security concepts is expected and assumed.
Understand Cloud Computing Concepts
Definitions (e.g., NIST)
Broad network access
On-demand services
Resource pooling
Metered service
Business Requirements
Tradeoff between security and operations
Functional vs. non-functional requirements
Gathering requirements
Interviewing functional managers
Interviewing users
Interviewing senior management
Customer response surveys
Network traffic collection
Asset inventory
Financial record collection
Insurance record collection
Marketing data collection
Regulatory mandates collection
Analyze requirements (the Business Impact Analysis (BIA))
Tangible and intangible assets
Processes
People

Session 2

This session focuses on the concepts in the second half of Chapter 1 of the CCSP Study Guide:

Chapter 1: Architectural Concepts (continued)
Considering cloud migration
Quantifying costs/benefits
Reduction in capital expenditures
Reduction in personnel costs
Reduction in operational costs
Transferring some regulatory costs
Introduce concepts: PII and SLA
Reduction in costs for data archival/backups
Intended impact
Vernacular
Elasticity
Scalability
Simplicity
Explaining: the difference between a “cloud customer” and a “cloud user”
Cloud computing service models
IaaS
PaaS
SaaS
Cloud deployment models
Public
Private
Community
Hybrid
Cloud computing roles and responsibilities
Cloud service provider
Cloud customer
Cloud access security broker
Regulators
Cloud computing definitions (review list in text)
Foundational concepts for cloud computing
Data sensitivity
Virtualization
Encryption
Auditing and compliance
Cloud service provider contracts

Session 3

This session focuses on the concepts in the first half of Chapter 2 of the CCSP Study Guide:

Chapter 2: Design Requirements
Inventory of all assets
Valuation of assets
Determination of criticality
Risk appetite
Risk management
Avoidance
Transfer
Mitigation
Residual risk
Acceptance
Health and human safety risks
Boundaries of cloud models
IaaS boundaries
PaaS boundaries
SaaS boundaries

Session 4

This session focuses on the concepts in the second half of Chapter 2 of the CCSP Study Guide:

Chapter 2: Design Requirements (continued)
Design principles for securing sensitive data
Hardening devices
All guest accounts are removed
All unused ports are closed
No default passwords remain
Strong password policies are in effect
Any admin accounts are significantly secured and logged
All unnecessary services are disabled
Physical access is severely limited and controlled
Systems are patched, maintained, and updated according to vendor guidance and industry best practices
Harden BYOD endpoints
Be protected with some form of antimalware/security software
Have remote wipe/remote lock capability in the event of loss/theft, with the user granting written permission to the organization to wipe/lock via a signed Authorized Use Policy
Utilize some form of local encryption
Be secured with strong access controls (a password, or perhaps a biometric, etc.) in a multifactor configuration
Have and properly employ VPN solutions for cloud access
Have some sort of data loss/leak prevention/protection (DLP) solution installed
Encryption
In the cloud data center, for
long-term storage/archiving
protecting near-term stored files, such as snapshots of virtualized instances
preventing unauthorized access to specific datasets by authorized personnel (for instance, securing fields in databases such that database admins can manage software but not modify/view content)
In communications between cloud providers and users, for
creating secure sessions
ensuring the integrity and confidentiality of data in transit
Homomorphic encryption
Layered defense

Session 5

This session focuses on the concepts in the first half of Chapter 3 of the CCSP Study Guide:

Chapter 3: Data Classification
Data inventory and discovery
Data ownership
The data lifecycle
Data categorization
Data classification
Data labeling
Data analytics
Introduction to jurisdictional requirements
United States
European Union
South/Central America
Australia/New Zealand

Session 6

This session focuses on the concepts in the second half of Chapter 3 of the CCSP Study Guide:

Chapter 3: Data Classification (continued)
Data rights management (DRM)
Intellectual property protections
Copyright
The DMCA
Trademarks
Patents
Trade secrets
DRM tool traits
Data control
Data retention
Data audit
Data destruction/disposal

Session 7

This session focuses on the concepts in the first half of Chapter 4 of the CCSP Study Guide:

Chapter 4: Cloud Data Security
Cloud data lifecycle
Create
Store
Use
Share
Archive
Destroy
Cloud data storage architectures
Volume storage
Object storage
Databases
Content-delivery networking (CDN)

Session 8

This session focuses on the concepts in the second half of Chapter 4 of the CCSP Study Guide:

Chapter 4: Cloud Data Security (continued)
Cloud data security foundational strategies
Encryption
Key management
Masking, obfuscation, anonymization, tokenization
SIEM/SEM/SIM
Egress monitoring (DLP)

Session 9

This session focuses on the concepts in the first half of Chapter 5 of the CCSP Study Guide:

Chapter 5: Security in the Cloud
Shared risks and ultimate liability
Risks by cloud platform
Private cloud
Community cloud
Public cloud
Hybrid cloud
Risks by cloud service model
IaaS
PaaS
SaaS

Session 10

This session focuses on the concepts in the second half of Chapter 5 of the CCSP Study Guide:

Chapter 5:Security in the Cloud (continued)
Threats by cloud model
Public/Private/Community/Hybrid
Applying countermeasures to specific threats
Business continuity/disaster recovery (BC/DR)
Business impact analysis (BIA) in the cloud
Shared BC/DR responsibilities (customer/provider)

Session 11

This session focuses on the concepts in the first half of Chapter 6 of the CCSP Study Guide:

Chapter 6: Responsibilities in the Cloud
Build/buy decisions for the data center
Provider responsibilities
Physical plant
Logical framework
Networking
Mapping and selecting controls

Session 12

This session focuses on the concepts in the second half of Chapter 6 of the CCSP Study Guide:

Chapter 6: Responsibilities in the Cloud(cont.)
Shared responsibilities by cloud model (IaaS, PaaS, SaaS)
Shared administration responsibilities (OS, applications, middleware)
OS baseline configuration and management
Shared responsibilities: data access
Customer challenges due to lack of physical access
audit
SOC reports
policy/governance
monitoring/testing

Session 13

This session focuses on the concepts in the first half of Chapter 7 of the CCSP Study Guide:

Chapter 7: Cloud Application Security
Awareness of cloud migration concerns
Common application migration pitfalls
Cloud secure software development lifecycle
ISO 27034: ONF vs. ANF
Identity and access management (IAM)
Identity repositories and directory services
Single sign-on (SSO)
Federation

Session 14

This session focuses on the concepts in the second half of Chapter 7 of the CCSP Study Guide:

Chapter 7: Cloud Application Security(cont.)
Multifactor authentication
Supplemental security devices
APIs
Tenancy separation
Cryptography
Sandboxing
Application virtualization
Threat modeling
STRIDE
OWASP Top Ten
Software security testing
SAST vs. DAST

Session 15

This session focuses on the concepts in the first half of Chapter 8 of the CCSP Study Guide:

Chapter 8: Operations Elements
Uptime/availability
Facilities and redundancy
power
communications
personnel
security
Uptime Institute Tier rating system

Session 16

This session focuses on the concepts in the second half of Chapter 8 of the CCSP Study Guide:

Chapter 8: Operations Elements (cont.)
Virtualization operations
personnel isolation
hypervisor hardening
instance isolation
host isolation
Storage operations
coupled/decoupled
volume vs. object storage
resiliency (RAID and data dispersion)
SAN vs. NAS
Physical/logical isolation of operations
secure KVM
Security training and awareness

Session 17

This session focuses on the concepts in the first half of Chapter 9 of the CCSP Study Guide:

Chapter 9: Operations Management
Monitoring
Capacity
Maintenance

Session 18

This session focuses on the concepts in the second half of Chapter 9 of the CCSP Study Guide:

Chapter 9: Operations Management (cont.)
Configuration/change management (CM)
baselines
deviations/exceptions
roles/process
BC/DR
roles
the BC/DR kit
relocation
power
testing

Session 19

This session focuses on the concepts in the first half of Chapter 10 of the CCSP Study Guide:

Chapter 10: Legal and Compliance Part 1
Legal concepts
criminal law
civil law
administrative law
intellectual property

Session 20

This session focuses on the concepts in the second half of Chapter 10 of the CCSP Study Guide:

Chapter 10: Legal and Compliance Part 1 (cont.)
US laws
International law
Laws, regulations, and standards
eDiscovery
Chain of custody
Forensics

Session 21

This session focuses on the concepts in Chapter 11 of the CCSP Study Guide:

Chapter 11: Legal and Compliance Part 2
The impact of multiple jurisdictions on cloud operations
Risk management frameworks
Contracts and Service-level agreements (SLAs)
Cloud certification (CSA STAR)
Supply chain risk and management