back

Certified Cloud Security Professional (UPDATED 2016)

CCSP22 H 39 M

The CCSP takes a deep dive into cloud infrastructure security. This course focuses on the security skills you need to pass the test and be successful in the workplace.

This course has a practice test
Episodes
Episodes
  • Architectural Concepts and Design Requirements
    • Overview
    • Cloud Computing Concepts
    • Describe Cloud Reference Architecture
    • Describe Cloud Reference Architecture Part 2
    • Cloud Security Concepts
    • Cloud Security Concepts Part 2
    • Secure Cloud Design Principles
  • Cloud Data Security
    • Cloud Data Security
    • Cloud Data Storage Architectures
    • Cloud Data Security Strategies
    • Cloud Data Security Strategies Part 2
    • Cloud Data Security Strategies Part 3
    • Cloud Data Discovery and Classification
    • Designing Appropriate Data Protection
    • Data Rights Mgmt Retention and Data Events
  • Cloud Platform and Infrastructure Security
    • Cloud Infrastructure Components
    • Cloud Infrastructure Risks
    • Design and Plan Security Controls
    • Design and Plan Security Controls Part 2
    • Disaster, Recovery, and Business Continuity
    • Disaster, Recovery and Business Continuity Part 2
  • Cloud Application Security
    • Cloud Application Security and the SDLC
    • Identity and Access Management Solutions
    • Cloud Software Assurance and Validation
    • Cloud Software Assurance and Validation Part 2
  • Operations
    • Implement and Build Physical Infrastructure
    • Running Physical Infrastructure
    • Managing Physical Infrastructure
    • Ensure Compliance
    • Ensure Compliance Part 2
    • Planning Data Center Design
    • Risk Assessment
    • Collection and Preservation of Digital Evidence
  • Legal and Compliance
    • Legal Requirements and Privacy
    • Legal Requirements and Privacy Part 2
    • Cloud Audit Processes
    • Cloud Audit Processes Part 2
    • Risk Management and Outsourcing

Overview

5 M

  • Episode Description
  • Transcript

In this episode, Daniel and Adam give a general overview on the CCSP exam and what to expect in this series. Covers topics such as architectural concepts and design elements, cloud data security, cloud platform and infrastructure security, cloud application security, operational aspects of the cloud--physically and logically, and legal and compliance concerns.

[MUSIC] In this segment, we're going to give you a brief overview of our upcoming series on the Certified Cloud Security Professional. Now, and joining me in the studio today to help us out with that is our good friend, Adam, who will be joining us in the series. Adam, can you give us a quick overview of what we should expect from our upcoming series. >> Absolutely. So the CCSP is going to be a credential that is going to be relevant to lots of people in the organization, or in a traditional standard enterprise organization today. But especially for people that wanna focus on the following domains and knowledge. Let's probably first talk about makes up the CCSP from a knowledge perspective. And then we'll talk for just a minute about the relevant experience that somebody may need. So we're gonna look at six domains, or six areas of knowledge over all. We're going to be talking about architectural concepts and design requirements. So what does it take to really understand how to build and architect the cloud both logically and physically? Cloud data security. How do we secure the data that's in the cloud? Cloud platform and infrastructure security. How do we secure the underlying infrastructure that makes the cloud possible? The hosts and the infrastructure that we're going to run the cloud through, the networks, the storage, all of that kind of stuff. Cloud applications security, how do we secure the application so the workloads that run on top of the host infrastructure? How do we deal with operational aspects of the Cloud, so what does it mean to physically and logically design the Cloud? How do we physically and logically implement cloud infrastructure, and how do we manage it from a security standpoint? And ultimately, of course, no complete conversation there at all around those five things unless we wrap all that with the idea of legal and compliance concerns. How do we operate effectively in different jurisdictional areas? How as CCSPs are we aware of the rules, in other words, we must align with from the GRC, a Governance Risk Compliance perspective, with regards to the Cloud? Now, Adam who is the intended audience for this specific series? >> So when we think, hello [LAUGH]. When we think about the intended audience for the cloud, we think about an IT professional first and foremost, as we often start out talking about. In this case, an IT professional that has some background, some experience, some exposure to cloud and cloud related activities. They may work for a CSP, a cloud service provider. They may work for an organization that wants to go into the cloud business on their own running on prem private cloud within the organization. IT in other words becomes the cloud provider to the business, but it's all done internally. We may work for an organization that is pondering a move to the cloud. Or we may be a consultant that is going to be asked to consult and work for various organizations that are going to be in the cloud at various stages of their development and their use of the cloud. In order to be successful, according to (ISC) squared, the CCSP candidate must have a minimum of five years of cumulative paid full time IT experience over all, which most people will be able to certainly provide and to offer evidence of these days. And of that five years, three years must be in information security overall, one year or one focal year overall, in other words one sixth of the, I'm sorry not one sixth, one fifth. Let me do the math correctly, one fifth of the overall amount of time we need should be in a cloud focused domain. So one of the of the six domains that i just mentioned to you, architecture, compliance, oversight in regards to cloud management, operationally, architecture, et cetera, have one year of provable experience in one of those domains. And then you're able to essentially qualify to sit for the exam. >> Awesome. Well, you talk about an exam, obviously there's a certification that goes along with this. Adam, can you tell us a little bit about that itself? >> So the certification itself, like many of the exams that (ISC) squared has in market, all of them these days, will be delivered computerized. So you'll be able to go out to a testing center and take that exam when you've studied for it and are ready. The exam will be timed. You'll have a certain amount of time. There will be a certain number of questions associated with the exam, a pretty standard format in that respect. Multiple choice exam format standardized today, so there may be test questions that will be scenario based. They may be questions that will be traditional multiple choice. There will be questions that may be mix and match, drag and drop. Pretty standard exam format that we're used to seeing in multiple vendor arenas today with regard to how they will offer testing. The one thing that's interesting here, is that (ISC) squared has partnered with the CSA, the Cloud Security Alliance, which is an international trade group that is formed from some of the big vendors in the cloud industry along with a lot of other players in the cloud industry, focused on information security. And they are going to be able to, because of this partnership, access the knowledge base the cloud security alliance has developed. We'll talk about this in upcoming episodes when you come in and start watching our material. But the interesting part here with regards to the exam is that the Cloud Security Alliance has their own certification on the market, the CCSK certificate. If you study for and achieve the CCSK Certificate from the CSA, that actually is able to act as the one year of experience in the cloud that (ISC) squared requires and you don't have to provide that one year of documented experience through your resume. You simply can show that you have that CCSK certification and then you're able to qualify for and sit for the exam. I can do that as well. >> Excellent information Adam. We thank you for explaining these things to us. And if it sounds like something that might be interesting or necessary for you, we look forward to seeing you in the upcoming episodes. [MUSIC]

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.