Module VI – Cloud Security

The Cloud Security course prepares participants to obtain the Certified Cloud Security
Professional (CCSP) certification. The course covers all six CCSP domains, and each
section corresponds directly to the CCSP Exam.

After this course, you will be able to:
● Explain cloud computing concepts.
● Understand security concepts relevant to cloud computing
● Design and implement cloud data storage architectures
● Design and apply data security technologies and strategies
● Analyze risks associated with cloud infrastructure and platforms
● Describe and apply the Secure Software Development Life Cycle (SDLC)
process.
● Understand privacy issues
● Understand audit process, methodologies, and required adaptations for a cloud
environment
● Understand implications of cloud to enterprise risk management

Course Outline

Domain 1 – Cloud Concepts, Architecture and Design

● Understand cloud computing concepts
● Describe cloud reference architecture
● Understand security concepts relevant to cloud computing
● Understand design principles of secure cloud computing
● Evaluate cloud service providers

Domain 2 – Cloud Data Security

● Describe cloud data concepts
● Design and implement cloud data storage architectures
● Design and apply data security technologies and strategies
● Implement data discovery
● Plan and implement data classification
● Design and implement Information Rights Management (IRM)
● Plan and implement data retention, deletion and archiving policies
● Design and implement auditability, traceability and accountability of data events

Domain 3 – Cloud Platform and Infrastructure Security

● Comprehend cloud infrastructure and platform components
● Design a secure data center
● Analyze risks associated with cloud infrastructure and platforms
● Plan and implementation of security controls

● Plan business continuity (BC) and disaster recovery (DR)

Domain 4 – Cloud Application Security

● Advocate training and awareness for application security
● Describe the Secure Software Development Life Cycle (SDLC) process
● Apply the Secure Software Development Life Cycle (SDLC)
● Apply cloud software assurance and validation
● Use verified secure software.
● Comprehend the specifics of cloud application architecture
● Design appropriate identity and access management (IAM) solutions

Domain 5 – Cloud Security Operations

● Build and implement physical and logical infrastructure for the cloud
environment
● Operate and maintain physical and logical infrastructure for cloud environment
● Implement operational controls and standards (e.g., Information Technology
Infrastructure Library (ITIL), International Organization for
Standardization/International Electrotechnical Commission (ISO/IEC) 20000-
1).
● Support digital forensics
● Manage communication with relevant parties
● Manage security operations

Domain 6 – Legal, Risk and Compliance
● Articulate legal requirements and unique risks within the cloud environment
● Understand privacy issues
● Understand the audit process, methodologies, and required adaptations for a
cloud environment.
● Understand implications of cloud to enterprise risk management
● Understand outsourcing and cloud contract design

https://www.isc2.org/Certifications/CCSP