Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Certifications

Certified Cloud Security Professional (CCSP)

via Cybrary

Description

The CCSP certification allows you to showcase your cloud computing knowledge and improve your organization’s security posture. It can also help you obtain an increase in compensation and create better positioning for new job opportunities. Prerequisites for this ISC2 CCSP Training While there are no prerequisites for this course, you should have basic knowledge of information security and cloud computing concepts. CCSP Course Goals By the end of this CCSP course, students should be able to: Know what the CCSP exam is about Understand all six CCSP domains Be prepared for the CCSP exam In our CCSP training course, you will obtain a complete understanding of security risks and mitigation strategies associated with data security in the cloud and become prepared to pass the CCSP exam. What is a Certified Cloud Security Professional? The Certified Cloud Security Professional (CCSP) is a fairly new certification, introduced in 2015 by the ISC2 and the Cloud Security Alliance (CSA), that was created due to the increased popularity of cloud computing and the security risks that came along with it. The CCSP certification signifies that individuals who have earned it not only have a thorough understanding of security associated with the cloud platform and infrastructure, but also with software, information, and other cyber environments. What Does this Online CCSP Training Entail? Our online Certified Cloud Security Professional course will provide you with the knowledge and skills to protect your organization’s cloud environment. With more and more companies moving information to the cloud, it has become crucial to have experts in cloud computing. This course will allow you to become one of those experts. CCSP training prepares you to successfully pass the CCSP exam to become a certified professional. Upon completion, you will have comprehensive knowledge to understand the security challenges that are common to different types of cloud computing services, to select and implement appropriate controls to ensure the security of cloud environments, and to identify, evaluate, and mitigate risks to your organization's cloud infrastructure. The course covers key topics like cloud computing concepts, cloud software assurance, data security strategies, cloud data storage architectures, cloud reference architecture, and application security. You will take an in-depth look at all six core domains of the CCSP Common Body of Knowledge (CBK): Domain 1 - Cloud security architecture design concepts and requirements Domain 2 - Cloud data security Domain 3 - Cloud platform/infrastructure security Domain 4 - Cloud application security Domain 5 - Cloud security operations Domain 6 - Legal risk and compliance The CCSP training will introduce you to best practices in cloud services associated with security controls. This CCSP course is self-paced, so you can study and practice on your own schedule. How Useful is ISC2 CCSP Certification? Obtaining your certification shows that you are a competent, knowledgeable cloud security specialist who has hands-on experience in the field. Just by having the certification, you will be qualified for a number of job opportunities and a better salary. Some of the common job titles for CCSP certified employees include: Security Administrator Security Manager Security Architect Cloud Security Engineer Security Consultant Systems Engineer Systems Architect Enterprise Architect This, of course, isn’t an exhaustive list. The above job titles could potentially represent many different roles within an organization. Becoming CCSP certified also means that you will likely be able to secure a higher salary than counterparts without certification. Exact salaries are hard to quote because the positions and organizations for CCSPs are so varied. What Do Cloud Security Professionals Do? A major part of being a CCSP is identifying critical information and executing the measures that reduce or eliminate the risk of exploitation for organizations. Knowledge of cloud architecture is needed to run and manage it. Some of the responsibilities of a CCSP may include: Building and implementing infrastructures for cloud environments Operating and overseeing infrastructures for cloud environments Managing physical infrastructures for cloud environments Building and operating logical infrastructures for cloud environments Ensuring compliance with regulation and controls Conducting risk assessments of physical and logical infrastructures Understanding how to acquire, collect and preserve digital evidence Managing communication with and identifying relevant parties Auditing and monitoring of tools, mechanisms, and facilities What is Involved in the ISC2 CCSP Certification Exam? The exam is a three-hour exam with 125 multiple-choice questions. You must earn at least 700 out of 1,000 points to pass successfully. The CCSP exam covers the six CCSP domains, which are as follows: Cloud concepts and design Cloud data security Cloud platform and infrastructure security Cloud application security Security architecture design operations and service orchestration Legal, Risk, and Compliance You also must have the following to qualify for certification: At least five years paid work experience in information technology Three of the five years must consist of work in information security, and one year in one or more of the six domains (above)

Tags
CCNA Certification

Syllabus

Syllabus Cloud Concepts, Architecture, and DesignIntroductionDomain 1: Cloud Concepts, Architecture, and DesignWhat is Cloud Computing and What are its Key Characteristics?What are the Different Roles in Cloud Computing?Cloud Security ConceptsWhat are the Cloud Service Models?Infrastructure as Service as a Service (IaaS)Infrastructure as Service as a Service (IaaS) RisksPlatform as a Service (PaaS)Platform as a Service (PaaS) RisksSoftware as a Service (SaaS)Software as a Service (SaaS) RisksVirtualization RisksCloud Deployment ModelsPublic Cloud DeploymentsPublic Cloud Deployments RisksVendor Lock-InVendor Lock-OutMulti-Tenant Environment RisksPrivate Cloud DeploymentsPrivate Cloud Deployments RisksCommunity Cloud DeploymentsCommunity Cloud Deployments RisksCloud Security ProcessSecurity Responsibility by Service ModelDefense in DepthCloud Security Frameworks and StandardsCost Benefit AnalysisDeveloping Business RequirementsBusiness Impact AnalysisDeveloping Security RequirementsDomain 1 SummaryCloud Data SecurityDomain 2: Cloud Data SecurityData ClassificationData RolesCloud Data LifecycleData DiscoveryCloud Data Security StrategyEncrypting DataEncryption TypesEncryption and Key ManagementFederal Information Processing Standard (FIPS PUB140-2)Hardening DevicesJurisdiction RequirementsProtecting Data in TransitData Storage ArchitectureData Retention PolicyData Destruction MethodsAuditingData Audit PolicyData PrivacyPrivacy SafeguardsData ObfuscationData MaskingTokenizationInformation Rights Management (IRM)Information Rights ImplementationInformation Rights ChallengesIntellectual Property (US)Data EgressDomain 2 SummaryCloud Platform and Infrastructure SecurityDomain 3: Cloud Platform and Infrastructure SecurityCloud Infrastructure ComponentsThe Management PlaneAdministering MiddlewareVirtualizationData AccessSecure NetworkingNetwork SecuritySystem Information and Event Management (SIEM)Cloud Provider Responsibility for Physical PlantPower RedundancyOther Redundancy and Safety ConsiderationsData Center TiersCloud Threats Part 1Cloud Threats Part 2Protecting Against Cloud Threats Part 1Protecting Against Cloud Threats Part 2Shared Responsibility for Cloud Platform OversightCloud-Based Business Continuity and Disaster RecoveryDisaster DeclarationDisaster Recovery CriteriaDisaster Recovery TestingDomain 3 SummaryCloud Application SecurityDomain 4: Cloud Application SecurityChallenges of Cloud Application DeploymentTraining and AwarenessCloud Software Development Lifecycle (SDLC)Secure Software Development Lifecycle (SSDL)Application Security Standards (ISO/IEC) 27034-1Identify and Access Management (IAM)Multi Factor Authentication (MFA)Single Sign-on and Federated Identity ManagementFederation StandardsApplication Programming Interfaces (APIs)API Approval and ManagementOpen-Source SoftwareSandboxingCloud Application Security Testing Concepts and MethodsOWASP Top 10 OverviewOWASP Top 10 Part 1: Code InjectionOWASP Top 10 Part 2: Broken AuthenticationOWASP Top 10 Part 3: Sensitive Data ExposureOWASP Top 10 Part 4: XML External Entities (XXE)OWASP Top 10 Part 5: Broken Access ControlOWASP Top 10 Part 6: Security MisconfigurationOWASP Top 10 Part 7: Cross-Site Scripting (XSS)OWASP Top 10 Part 8: Insecure DeserializationOWASP Top 10 Part 9: Using Components with Known VulnerabilitiesOWASP Top 10 Part 10: Insufficient Logging and MonitoringSTRIDEApplication Security Testing Approaches Part 1Application Security Testing Approaches Part 2Domain 4 SummaryCloud Security OperationsDomain 5: Cloud Security OperationsChange and Configuration ManagementChange ManagementSecurity Operations Center (SOC)Log Review ChallengesIncident ResponseTreacherous 12 OverviewTreacherous 12 Part 1: Data BreachTreacherous 12 Part 2: Insufficient Identity, Credential and Access ManagementTreacherous 12 Part 3: Insure APIsTreacherous 12 Part 4: System VulnerabilityTreacherous 12 Part 5: Account HijackingTreacherous 12 Part 6: Malicious InsiderTreacherous 12 Part 7: Advanced Persistent Threats (APTs)Treacherous 12 Part 8: Data LossTreacherous 12 Part 9: Insufficient Due Diligence Treacherous 12 Part 10: Abuse of Cloud ServicesTreacherous 12 Part 11: Denial of ServiceTreacherous 12 Part 12: Shared Technology VulnerabilityDomain 5 SummaryLegal, Risk, and ComplianceDomain 6: Legal, Risk and ComplianceLegal Risks of Cloud ComputingDue Diligence and Due CareLegal and Compliance TermsUS Laws and RegulationsSarbanes-Oxley (SOX)Gramm-Leach-Bliley act (GLBA)Health Information Portability and Accountability Act (HIPAA)Payment Card Industry (PCI)General Data Protection Regulation (GDPR)General Data Protection Regulation Privacy PrinciplesRisk ManagementRisk Management FrameworksVendor ManagementStatement on Standards for Attestation Engagements (SSAE-18)Domain 6 SummaryConclusion Read more

Start Learning Find study partner
Certifications

Certified Cloud Security Professional (CCSP)

via Cybrary
Start Learning Find study partner
Affiliate notice

The CCSP certification allows you to showcase your cloud computing knowledge and improve your organization’s security posture. It can also help you obtain an increase in compensation and create better positioning for new job opportunities. Prerequisites for this ISC2 CCSP Training While there are no prerequisites for this course, you should have basic knowledge of information security and cloud computing concepts. CCSP Course Goals By the end of this CCSP course, students should be able to: Know what the CCSP exam is about Understand all six CCSP domains Be prepared for the CCSP exam In our CCSP training course, you will obtain a complete understanding of security risks and mitigation strategies associated with data security in the cloud and become prepared to pass the CCSP exam. What is a Certified Cloud Security Professional? The Certified Cloud Security Professional (CCSP) is a fairly new certification, introduced in 2015 by the ISC2 and the Cloud Security Alliance (CSA), that was created due to the increased popularity of cloud computing and the security risks that came along with it. The CCSP certification signifies that individuals who have earned it not only have a thorough understanding of security associated with the cloud platform and infrastructure, but also with software, information, and other cyber environments. What Does this Online CCSP Training Entail? Our online Certified Cloud Security Professional course will provide you with the knowledge and skills to protect your organization’s cloud environment. With more and more companies moving information to the cloud, it has become crucial to have experts in cloud computing. This course will allow you to become one of those experts. CCSP training prepares you to successfully pass the CCSP exam to become a certified professional. Upon completion, you will have comprehensive knowledge to understand the security challenges that are common to different types of cloud computing services, to select and implement appropriate controls to ensure the security of cloud environments, and to identify, evaluate, and mitigate risks to your organization's cloud infrastructure. The course covers key topics like cloud computing concepts, cloud software assurance, data security strategies, cloud data storage architectures, cloud reference architecture, and application security. You will take an in-depth look at all six core domains of the CCSP Common Body of Knowledge (CBK): Domain 1 - Cloud security architecture design concepts and requirements Domain 2 - Cloud data security Domain 3 - Cloud platform/infrastructure security Domain 4 - Cloud application security Domain 5 - Cloud security operations Domain 6 - Legal risk and compliance The CCSP training will introduce you to best practices in cloud services associated with security controls. This CCSP course is self-paced, so you can study and practice on your own schedule. How Useful is ISC2 CCSP Certification? Obtaining your certification shows that you are a competent, knowledgeable cloud security specialist who has hands-on experience in the field. Just by having the certification, you will be qualified for a number of job opportunities and a better salary. Some of the common job titles for CCSP certified employees include: Security Administrator Security Manager Security Architect Cloud Security Engineer Security Consultant Systems Engineer Systems Architect Enterprise Architect This, of course, isn’t an exhaustive list. The above job titles could potentially represent many different roles within an organization. Becoming CCSP certified also means that you will likely be able to secure a higher salary than counterparts without certification. Exact salaries are hard to quote because the positions and organizations for CCSPs are so varied. What Do Cloud Security Professionals Do? A major part of being a CCSP is identifying critical information and executing the measures that reduce or eliminate the risk of exploitation for organizations. Knowledge of cloud architecture is needed to run and manage it. Some of the responsibilities of a CCSP may include: Building and implementing infrastructures for cloud environments Operating and overseeing infrastructures for cloud environments Managing physical infrastructures for cloud environments Building and operating logical infrastructures for cloud environments Ensuring compliance with regulation and controls Conducting risk assessments of physical and logical infrastructures Understanding how to acquire, collect and preserve digital evidence Managing communication with and identifying relevant parties Auditing and monitoring of tools, mechanisms, and facilities What is Involved in the ISC2 CCSP Certification Exam? The exam is a three-hour exam with 125 multiple-choice questions. You must earn at least 700 out of 1,000 points to pass successfully. The CCSP exam covers the six CCSP domains, which are as follows: Cloud concepts and design Cloud data security Cloud platform and infrastructure security Cloud application security Security architecture design operations and service orchestration Legal, Risk, and Compliance You also must have the following to qualify for certification: At least five years paid work experience in information technology Three of the five years must consist of work in information security, and one year in one or more of the six domains (above)

Syllabus Cloud Concepts, Architecture, and DesignIntroductionDomain 1: Cloud Concepts, Architecture, and DesignWhat is Cloud Computing and What are its Key Characteristics?What are the Different Roles in Cloud Computing?Cloud Security ConceptsWhat are the Cloud Service Models?Infrastructure as Service as a Service (IaaS)Infrastructure as Service as a Service (IaaS) RisksPlatform as a Service (PaaS)Platform as a Service (PaaS) RisksSoftware as a Service (SaaS)Software as a Service (SaaS) RisksVirtualization RisksCloud Deployment ModelsPublic Cloud DeploymentsPublic Cloud Deployments RisksVendor Lock-InVendor Lock-OutMulti-Tenant Environment RisksPrivate Cloud DeploymentsPrivate Cloud Deployments RisksCommunity Cloud DeploymentsCommunity Cloud Deployments RisksCloud Security ProcessSecurity Responsibility by Service ModelDefense in DepthCloud Security Frameworks and StandardsCost Benefit AnalysisDeveloping Business RequirementsBusiness Impact AnalysisDeveloping Security RequirementsDomain 1 SummaryCloud Data SecurityDomain 2: Cloud Data SecurityData ClassificationData RolesCloud Data LifecycleData DiscoveryCloud Data Security StrategyEncrypting DataEncryption TypesEncryption and Key ManagementFederal Information Processing Standard (FIPS PUB140-2)Hardening DevicesJurisdiction RequirementsProtecting Data in TransitData Storage ArchitectureData Retention PolicyData Destruction MethodsAuditingData Audit PolicyData PrivacyPrivacy SafeguardsData ObfuscationData MaskingTokenizationInformation Rights Management (IRM)Information Rights ImplementationInformation Rights ChallengesIntellectual Property (US)Data EgressDomain 2 SummaryCloud Platform and Infrastructure SecurityDomain 3: Cloud Platform and Infrastructure SecurityCloud Infrastructure ComponentsThe Management PlaneAdministering MiddlewareVirtualizationData AccessSecure NetworkingNetwork SecuritySystem Information and Event Management (SIEM)Cloud Provider Responsibility for Physical PlantPower RedundancyOther Redundancy and Safety ConsiderationsData Center TiersCloud Threats Part 1Cloud Threats Part 2Protecting Against Cloud Threats Part 1Protecting Against Cloud Threats Part 2Shared Responsibility for Cloud Platform OversightCloud-Based Business Continuity and Disaster RecoveryDisaster DeclarationDisaster Recovery CriteriaDisaster Recovery TestingDomain 3 SummaryCloud Application SecurityDomain 4: Cloud Application SecurityChallenges of Cloud Application DeploymentTraining and AwarenessCloud Software Development Lifecycle (SDLC)Secure Software Development Lifecycle (SSDL)Application Security Standards (ISO/IEC) 27034-1Identify and Access Management (IAM)Multi Factor Authentication (MFA)Single Sign-on and Federated Identity ManagementFederation StandardsApplication Programming Interfaces (APIs)API Approval and ManagementOpen-Source SoftwareSandboxingCloud Application Security Testing Concepts and MethodsOWASP Top 10 OverviewOWASP Top 10 Part 1: Code InjectionOWASP Top 10 Part 2: Broken AuthenticationOWASP Top 10 Part 3: Sensitive Data ExposureOWASP Top 10 Part 4: XML External Entities (XXE)OWASP Top 10 Part 5: Broken Access ControlOWASP Top 10 Part 6: Security MisconfigurationOWASP Top 10 Part 7: Cross-Site Scripting (XSS)OWASP Top 10 Part 8: Insecure DeserializationOWASP Top 10 Part 9: Using Components with Known VulnerabilitiesOWASP Top 10 Part 10: Insufficient Logging and MonitoringSTRIDEApplication Security Testing Approaches Part 1Application Security Testing Approaches Part 2Domain 4 SummaryCloud Security OperationsDomain 5: Cloud Security OperationsChange and Configuration ManagementChange ManagementSecurity Operations Center (SOC)Log Review ChallengesIncident ResponseTreacherous 12 OverviewTreacherous 12 Part 1: Data BreachTreacherous 12 Part 2: Insufficient Identity, Credential and Access ManagementTreacherous 12 Part 3: Insure APIsTreacherous 12 Part 4: System VulnerabilityTreacherous 12 Part 5: Account HijackingTreacherous 12 Part 6: Malicious InsiderTreacherous 12 Part 7: Advanced Persistent Threats (APTs)Treacherous 12 Part 8: Data LossTreacherous 12 Part 9: Insufficient Due Diligence Treacherous 12 Part 10: Abuse of Cloud ServicesTreacherous 12 Part 11: Denial of ServiceTreacherous 12 Part 12: Shared Technology VulnerabilityDomain 5 SummaryLegal, Risk, and ComplianceDomain 6: Legal, Risk and ComplianceLegal Risks of Cloud ComputingDue Diligence and Due CareLegal and Compliance TermsUS Laws and RegulationsSarbanes-Oxley (SOX)Gramm-Leach-Bliley act (GLBA)Health Information Portability and Accountability Act (HIPAA)Payment Card Industry (PCI)General Data Protection Regulation (GDPR)General Data Protection Regulation Privacy PrinciplesRisk ManagementRisk Management FrameworksVendor ManagementStatement on Standards for Attestation Engagements (SSAE-18)Domain 6 SummaryConclusion Read more

Tags

CCNA Certification

Quick Links

Browse by subject

Browse by provider

Browse by university

Browse by publisher

Browse by institution

Roadmaps

Posts