Instructor Materials
CCSP Study Guide
Syllabus
Session 1
This session focuses on the concepts in the first half of Chapter 1 of the CCSP Study Guide:
- Chapter 1: Architectural Concepts
- Introduction: The CCSP is not an introductory certificate; it is for experienced practitioners.
- Basic understanding of IT and security concepts is expected and assumed.
- Understand Cloud Computing Concepts
- Definitions (e.g., NIST)
- Broad network access
- On-demand services
- Resource pooling
- Metered service
- Business Requirements
- Tradeoff between security and operations
- Functional vs. non-functional requirements
- Gathering requirements
- Interviewing functional managers
- Interviewing users
- Interviewing senior management
- Customer response surveys
- Network traffic collection
- Asset inventory
- Financial record collection
- Insurance record collection
- Marketing data collection
- Regulatory mandates collection
- Analyze requirements (the Business Impact Analysis (BIA))
- Tangible and intangible assets
- Processes
- People
Session 2
This session focuses on the concepts in the second half of Chapter 1 of the CCSP Study Guide:
- Chapter 1: Architectural Concepts (continued)
- Considering cloud migration
- Quantifying costs/benefits
- Reduction in capital expenditures
- Reduction in personnel costs
- Reduction in operational costs
- Transferring some regulatory costs
- Introduce concepts: PII and SLA
- Reduction in costs for data archival/backups
- Intended impact
- Vernacular
- Elasticity
- Scalability
- Simplicity
- Explaining: the difference between a “cloud customer” and a “cloud user”
- Cloud computing service models
- IaaS
- PaaS
- SaaS
- Cloud deployment models
- Public
- Private
- Community
- Hybrid
- Cloud computing roles and responsibilities
- Cloud service provider
- Cloud customer
- Cloud access security broker
- Regulators
- Cloud computing definitions (review list in text)
- Foundational concepts for cloud computing
- Data sensitivity
- Virtualization
- Encryption
- Auditing and compliance
- Cloud service provider contracts
Session 3
This session focuses on the concepts in the first half of Chapter 2 of the CCSP Study Guide:
- Chapter 2: Design Requirements
- Inventory of all assets
- Valuation of assets
- Determination of criticality
- Risk appetite
- Risk management
- Avoidance
- Transfer
- Mitigation
- Residual risk
- Acceptance
- Health and human safety risks
- Boundaries of cloud models
- IaaS boundaries
- PaaS boundaries
- SaaS boundaries
Session 4
This session focuses on the concepts in the second half of Chapter 2 of the CCSP Study Guide:
- Chapter 2: Design Requirements (continued)
- Design principles for securing sensitive data
- Hardening devices
- All guest accounts are removed
- All unused ports are closed
- No default passwords remain
- Strong password policies are in effect
- Any admin accounts are significantly secured and logged
- All unnecessary services are disabled
- Physical access is severely limited and controlled
- Systems are patched, maintained, and updated according to vendor guidance and industry best practices
- Harden BYOD endpoints
- Be protected with some form of antimalware/security software
- Have remote wipe/remote lock capability in the event of loss/theft, with the user granting written permission to the organization to wipe/lock via a signed Authorized Use Policy
- Utilize some form of local encryption
- Be secured with strong access controls (a password, or perhaps a biometric, etc.) in a multifactor configuration
- Have and properly employ VPN solutions for cloud access
- Have some sort of data loss/leak prevention/protection (DLP) solution installed
- Encryption
- In the cloud data center, for
- long-term storage/archiving
- protecting near-term stored files, such as snapshots of virtualized instances
- preventing unauthorized access to specific datasets by authorized personnel (for instance, securing fields in databases such that database admins can manage software but not modify/view content)
- In communications between cloud providers and users, for
- creating secure sessions
- ensuring the integrity and confidentiality of data in transit
- Homomorphic encryption
- Layered defense
Session 5
This session focuses on the concepts in the first half of Chapter 3 of the CCSP Study Guide:
- Chapter 3: Data Classification
- Data inventory and discovery
- Data ownership
- The data lifecycle
- Data categorization
- Data classification
- Data labeling
- Data analytics
- Introduction to jurisdictional requirements
- United States
- European Union
- South/Central America
- Australia/New Zealand
Session 6
This session focuses on the concepts in the second half of Chapter 3 of the CCSP Study Guide:
- Chapter 3: Data Classification (continued)
- Data rights management (DRM)
- Intellectual property protections
- Copyright
- The DMCA
- Trademarks
- Patents
- Trade secrets
- DRM tool traits
- Data control
- Data retention
- Data audit
- Data destruction/disposal
Session 7
This session focuses on the concepts in the first half of Chapter 4 of the CCSP Study Guide:
- Chapter 4: Cloud Data Security
- Cloud data lifecycle
- Create
- Store
- Use
- Share
- Archive
- Destroy
- Cloud data storage architectures
- Volume storage
- Object storage
- Databases
- Content-delivery networking (CDN)
Session 8
This session focuses on the concepts in the second half of Chapter 4 of the CCSP Study Guide:
- Chapter 4: Cloud Data Security (continued)
- Cloud data security foundational strategies
- Encryption
- Key management
- Masking, obfuscation, anonymization, tokenization
- SIEM/SEM/SIM
- Egress monitoring (DLP)
Session 9
This session focuses on the concepts in the first half of Chapter 5 of the CCSP Study Guide:
- Chapter 5: Security in the Cloud
- Shared risks and ultimate liability
- Risks by cloud platform
- Private cloud
- Community cloud
- Public cloud
- Hybrid cloud
- Risks by cloud service model
- IaaS
- PaaS
- SaaS
Session 10
This session focuses on the concepts in the second half of Chapter 5 of the CCSP Study Guide:
- Chapter 5:Security in the Cloud (continued)
- Threats by cloud model
- Public/Private/Community/Hybrid
- Applying countermeasures to specific threats
- Business continuity/disaster recovery (BC/DR)
- Business impact analysis (BIA) in the cloud
- Shared BC/DR responsibilities (customer/provider)
Session 11
This session focuses on the concepts in the first half of Chapter 6 of the CCSP Study Guide:
- Chapter 6: Responsibilities in the Cloud
- Build/buy decisions for the data center
- Provider responsibilities
- Physical plant
- Logical framework
- Networking
- Mapping and selecting controls
Session 12
This session focuses on the concepts in the second half of Chapter 6 of the CCSP Study Guide:
- Chapter 6: Responsibilities in the Cloud(cont.)
- Shared responsibilities by cloud model (IaaS, PaaS, SaaS)
- Shared administration responsibilities (OS, applications, middleware)
- OS baseline configuration and management
- Shared responsibilities: data access
- Customer challenges due to lack of physical access
- audit
- SOC reports
- policy/governance
- monitoring/testing
Session 13
This session focuses on the concepts in the first half of Chapter 7 of the CCSP Study Guide:
- Chapter 7: Cloud Application Security
- Awareness of cloud migration concerns
- Common application migration pitfalls
- Cloud secure software development lifecycle
- ISO 27034: ONF vs. ANF
- Identity and access management (IAM)
- Identity repositories and directory services
- Single sign-on (SSO)
- Federation
Session 14
This session focuses on the concepts in the second half of Chapter 7 of the CCSP Study Guide:
- Chapter 7: Cloud Application Security(cont.)
- Multifactor authentication
- Supplemental security devices
- APIs
- Tenancy separation
- Cryptography
- Sandboxing
- Application virtualization
- Threat modeling
- STRIDE
- OWASP Top Ten
- Software security testing
- SAST vs. DAST
Session 15
This session focuses on the concepts in the first half of Chapter 8 of the CCSP Study Guide:
- Chapter 8: Operations Elements
- Uptime/availability
- Facilities and redundancy
- power
- communications
- personnel
- security
- Uptime Institute Tier rating system
Session 16
This session focuses on the concepts in the second half of Chapter 8 of the CCSP Study Guide:
- Chapter 8: Operations Elements (cont.)
- Virtualization operations
- personnel isolation
- hypervisor hardening
- instance isolation
- host isolation
- Storage operations
- coupled/decoupled
- volume vs. object storage
- resiliency (RAID and data dispersion)
- SAN vs. NAS
- Physical/logical isolation of operations
- secure KVM
- Security training and awareness
Session 17
This session focuses on the concepts in the first half of Chapter 9 of the CCSP Study Guide:
- Chapter 9: Operations Management
- Monitoring
- Capacity
- Maintenance
Session 18
This session focuses on the concepts in the second half of Chapter 9 of the CCSP Study Guide:
- Chapter 9: Operations Management (cont.)
- Configuration/change management (CM)
- baselines
- deviations/exceptions
- roles/process
- BC/DR
- roles
- the BC/DR kit
- relocation
- power
- testing
Session 19
This session focuses on the concepts in the first half of Chapter 10 of the CCSP Study Guide:
- Chapter 10: Legal and Compliance Part 1
- Legal concepts
- criminal law
- civil law
- administrative law
- intellectual property
Session 20
This session focuses on the concepts in the second half of Chapter 10 of the CCSP Study Guide:
- Chapter 10: Legal and Compliance Part 1 (cont.)
- US laws
- International law
- Laws, regulations, and standards
- eDiscovery
- Chain of custody
- Forensics
Session 21
This session focuses on the concepts in Chapter 11 of the CCSP Study Guide:
- Chapter 11: Legal and Compliance Part 2
- The impact of multiple jurisdictions on cloud operations
- Risk management frameworks
- Contracts and Service-level agreements (SLAs)
- Cloud certification (CSA STAR)
- Supply chain risk and management
Ancillaries to accompany CCSP: Cloud Certified Security Professional Study Guide© Wiley Inc. 2017. All Rights Reserved.