CHAPTER 9: Domain 4: Cloud Application Security, Part 1
CHAPTER 10: Domain 4: Cloud Application Security, Part 2
CHAPTER 11: Domain 5: Cloud Security Operations, Part 1
CHAPTER 12: Domain 5: Cloud Security Operations, Part 2
CHAPTER 13: Domain 6: Legal, Risk, and Compliance, Part 1
CHAPTER 14: Domain 6: Legal, Risk and Compliance, Part 2
Part 3: The Part of Tens
Part 4: Appendixes
Domain 5: Cloud Security Operations, Part 1
Building and Implementing a
Operating
Maintaining
Introduction
As cloud computing has exploded over the last two decades, so has the need for security professionals who understand how the cloud works. Enter the Certified Cloud Security Professional (CCSP) certification. The CCSP was introduced in 2015 and has quickly become the de facto standard for cloud security certifications around the globe. Today, more than 10,000 security professionals have earned the coveted CCSP designation worldwide, and that number is quickly growing!
Cloud computing, as we know it, first became widely available circa 2006 when Amazon created the first enterprise cloud service offering, Amazon Web Services (AWS). Since then, Google, Microsoft, and a host of other companies have burst on the scene with their very own cloud services. Today, cloud computing is more mainstream than ever, with most research firms estimating the public cloud market to top $1 trillion worldwide by 2028. With most estimates putting cloud spend above 60 percent of all tech spend, the need for informed cloud professionals has never been greater.
While we continue to experience this massive cloud boom, cloud security has not so quietly become front-and-center for most organizations. Companies want to ensure that their most important business and customer data remain safe when moved to the cloud, and they need skilled and qualified practitioners to make that happen. That’s where you (and the CCSP) come in!
You may be familiar with the CCSP’s bigger sibling: the Certified Information Systems Security Professional (CISSP). The CISSP certification has been around since 1994 and has amassed quite a following in information security circles. (As of this writing, there are more than 160,000 CISSPs worldwide.) The CCSP serves the same purpose for one of the fastest growing information security subareas — cloud security. It’s all but inevitable that the CCSP will continue its ascent among the most essential industry certifications around the world.
About this Book
Information security is one of the broadest domains of Information Technology. Add to that the complexities of cloud computing, and it’s easy to see why many people are scared off by the field of cloud security. A true cloud security
» You have at least a high-level understanding of information security concepts and technologies. You should be familiar with things like access control and encryption, and you should understand the concepts of confidentiality, integrity, and availability. I expect that many readers have already achieved the prestigious CISSP certification. If you’re among this group, then you’re not only ready for this book, but you also satisfy all of the CCSP’s experience requirements (which I discuss in Chapter 1). If you don’t have sufficient information security knowledge or if you need to brush up on some basic security concepts, then you’re in luck — I’ve written Chapter 2 just for you!
» You have a minimum of one year paid work experience in one or more of the six domains of the CCSP CBK (that make up Chapters 3 through 14 of this book). This expectation is not just an assumption, but an explicit requirement of the CCSP exam. Certain educational and certification achievements (such as earning CSA’s CCSK) can be substituted for this experience requirement.
» You will use what you know and what you learn in this book for good, not evil. You’ll be a responsible security professional and abide by the (ISC)2 Code of Ethics (which is a requirement for CCSP certification).
Icons Used in This Book
This book is full of useful information, but every once in a while, something extra useful or important pops up and deserves some extra attention. Keep an eye out for the following icons throughout this book. Each has its own specific meaning, and identifies something you should take note of.
The Tip icon marks tips (duh!) and extra tidbits of information that can help you grasp some of the more challenging concepts in the text. When I use this icon, I’m trying to point out some extra information that can help you on your exam.
These icons may not help you remember your spouse’s birthday, but they’ll surely come in handy for the CCSP exam. I use the Remember icon to point out stuff that’s especially important to know for the exam. These are the things that might trip you up on the exam if you don’t commit them to your long-term memory. Consider these your CCSP lifesavers.
The Technical Stuff icon marks information of a highly technical nature that may not necessarily be needed for the CCSP exam, but gives you deeper insight, if you want it. If you’re a fan of tech jargon, then keep an eye out for this icon.
The Warning icon is the closest I can get to flashing red lights and sirens. I use this icon to tell you to watch out! It marks important information that may save you headaches — or missed points on the exam. Keep an eye out for Warning icons, as they point out those silly mistakes that are otherwise easy to avoid.
Beyond the Book
CCSP For Dummies comes with a few extra goodies to help you prepare for the CCSP exam. My hope is that the book gives you the foundation you need to pass the test, but these extra resources can help put you over the top.
In addition to the book you’re reading right now, you have access to some helpful Cheat Sheets that you can use to quickly reference things like common cloud security risks and the shared responsibility model. Keep these Cheat Sheets handy to reference whenever you may not have this book at your fingertips. To access your Cheat Sheets, head over to www.dummies.com and type CCSP For Dummies Cheat Sheet in the Search bar.
To help you assess your knowledge, you also have access to 100 flashcards and 200 online practice questions (two sets of 100 questions). You can use the flashcards to reinforce some key CCSP terms, topics, and concepts. I reference the relevant chapter that each flashcard comes from so that you can revisit specific subjects, if necessary. I’ve written the practice questions to mimic the multiple-choice style of questions you’ll see on the CCSP exam. Use these practice sets to verify your mastery of important topics, and identify topics or domains that you may need to brush up on.
To access your flashcards and online practice questions, simply follow these steps to register your book and activate your account:
1. Register your book or ebook at Dummies.com to get your PIN. Go to www.dummies.com/go/getaccess.
2. Select your product (in this case, it’s CCSP For Dummies) from the dropdown list on that page.
3. Follow the prompts to validate your product, and then check your email for a confirmation message that includes your PIN and instructions for logging in.
If you do not receive this email within two hours, please check your spam folder before contacting us through our Technical Support website at http://support. wiley.com or by phone at 877-762-2974.
Now you’re ready to go! You can come back to the practice material as often as you want — simply log on with the username and password you created during your initial login. No need to enter the access code a second time.
Your registration is good for one year from the day you activate your PIN.
Where to Go from Here
So, what’s next? While you can certainly read this book from cover to cover, you don’t have to! CCSP For Dummies is broken into several parts, each with chapters that stand on their own. If a particular topic interests you, visit Part 2 and explore any (or all) of the CCSP domains.
If you need a primer on information security, then you may want to head over to Chapter 2 before diving into the CCSP domains.
If you still have no idea where to go from here, you can’t go wrong with Chapter 1!
1 Starting Your CCSP Journey
IN THIS PART . . .
Meet (ISC)2 and the CCSP exam.
Learn or refresh your information security knowledge.
