What is Interesting in the CCSP certification?

Slides:

Advertisements

Similar presentations

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Advertisements

TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.

Security Controls – What Works

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

Developing a Records & Information Retention & Disposition Program:

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Stephen S. Yau CSE , Fall Security Strategies.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Effectively and Securely Using the Cloud Computing Paradigm.

Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.

Cloud Enabled Healthcare Presented by: Ron Parker and Stanley Ratajczak Emerging Technology Group Canada Health Infoway Inc. May 28, 2013Copyright © 2013.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

SEC835 Database and Web application security Information Security Architecture.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Information Systems Security Computer System Life Cycle Security.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.

SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Computer Science and Engineering 1 Cloud ComputingSecurity.

David N. Wozei Systems Administrator, IT Auditor.

InfoSecurity Conference 2011 The Challenges of Cloud Computing John R. Robles John R. Robles and Associates

IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper

IT Requirements Management Balancing Needs and Expectations.

Cloud Computing and the Public Sector Risks and Rewards John O’Connor, Partner - Head of Technology & Commercial Contracts.

1.Summary of Needs Analysis 2.Summary of Action Plan 3.Systems Analysis between Microsoft SharePoint® and OpenText Content Server 4.System Recommendation.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 (ISC) 2 Conference Oct, 2008 Presented by Shin, Soojung Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Cloud Computing Project By:Jessica, Fadiah, and Bill.

LEGAL ISSUES IN CLOUD COMPUTING

2 Information System Security Association ISSA Buffalo Niagara Introduction to CISSP Study Sessions.

© 2014 IBM Corporation Does your Cloud have a Silver Lining ? The adoption of Cloud in Grid Operations of Electric Distribution Utilities Kieran McLoughlin.

CLOUD-BASED VIDS A CIO’S PERSPECTIVE Stephen Alford, CIO WEP, Inc.

Chang, Wen-Hsi Division Director National Archives Administration, 2011/3/18/16:15-17: TELDAP International Conference.

Place image here INFORMATION MANAGEMENT Cloud Computing and Enterprise Information Management March 2010 Jim Cuff VP Strategy, Iron Mountain Digital.

Cloud Computing 3. TECHNOLOGY GUIDE 3: Cloud Computing 2 Copyright John Wiley & Sons Canada.

© 2016 Chapter 6 Data Management Health Information Management Technology: An Applied Approach.

Dr. Ir. Yeffry Handoko Putra

Chapter 6: Securing the Cloud

Understanding The Cloud

VIRTUALIZATION & CLOUD COMPUTING

ServiceNow Implementation Knowledge Management

Service Organization Control (SOC)

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Oracle University Training and Certification Solutions

Amazon AWS Solution Architect Associate Exam Dumps For Full Exam Info Visit This Link:

Download Latest CompTIA CAS-002 Exam Dumps PDF Questions - CAS-002 Best Study Material - Realexamdumps.com

Developing a Baseline On Cloud Security Jim Reavis, Executive Director

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

3 Cloud Computing.

Computer Science and Engineering

Certified Information Technology Professional (CITP) Credential

IT Management Services Infrastructure Services

Final exam question format

Final exam question format

Cloud Computing for Wireless Networks

Presentation transcript:

What is Interesting in the CCSP certification? Cloud as a Certificate What is Interesting in the CCSP certification?

INtroduction György Kollár Electrical Engineer, (Old School Informatics) Small Business Owner Technical Director since 1991 Early Adopter type Working in Security in the last 13 years CISSP (2005-), CCSP (2016-) Collecting old HP calculators

About the Cloud Everybody uses it It costs nothing Soneone takes care of everything It will always be there IT IS SAFE!

About CCSP Joint certification of (ISC)2 and CSA (Cloud Security Alliance) „A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration.” Successful candidates are competent in the following 6 domains

six domains of Common Body of Knowledge (CBK) Architectural Concepts and Design Requirements Cloud Data Security Cloud Platform and Infrastructure Security Cloud Application Security Operations Legal and Compliance

Experience Requirements Minimum of 5 years experience Or CISSP credential

Examination Length of exam 4 hours Number of questions 125 Question format Multiple choice Passing grade 700 out of 1000 points Exam availability English Testing center Pearson VUE Testing Center

Domain 1: Architectural Concepts and Design Requirements Cloud Computing Concepts Cloud Reference Architecture Security Concepts Relevant to Cloud Computing Design Principles of Secure Cloud Computing Trusted Cloud Services

meaning of cloud on-demand self-service, broad network access, resource pooling, rapid elasticity or expansion, measured service

"service models" Software, Platform, Infrastructure

"deployment models" Private, Public, Community, Hybrid

Domain 2: Cloud Data Security Cloud Data Lifecycle Cloud Data Storage Architectures Data Security Strategies Data Discovery and Classification Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII) Data Rights Management Data Retention, Deletion, and Archiving Policies Auditability, Traceability and Accountability of Data Events

Moving to the cloud CRM Project management Design documents Customer database Scheduler Financial data Project management Subcontractors Time management Calculations Design documents Schematics Mechanical drawings Software Network diagrams Bookkeeping Tax forms Invoices

Changes in the Cloud Where is my data? Where is my backup? How can I use my systems? How can I secure my systems? How can I delete my data?

Risks shifted and changed Assets Who owns the asset? Who is responsible for the asset? What asset?

"service models" Software, Platform, Infrastructure

Domain 3: Cloud Platform and Infrastructure Security Cloud Infrastructure Components Risks Associated to Cloud Infrastructure Design and Plan Security Controls Plan Disaster Recovery and Business Continuity Management

Layered Security Phisical Layer Cabling Services Power HVAC Emergency

Domain 4: Cloud Application Security Training and Awareness Cloud Software Assurance and Validation Use Verified Secure Software Software Development Life-Cycle (SDLC) Process Apply the Secure Software Development Life-Cycle the Specifics of Cloud Application Architecture Identity and Access Management

Domain 5: Operations Support the Planning Process for the Data Center Design Implement and Build/ Run / Manage Physical Infrastructure for Cloud Environment Build/ Run / Manage Logical Infrastructure for Cloud Environment Ensure Compliance with Regulations and Controls Conduct Risk Assesment to Logical and Physical Infrastructure Understand the Collection, Acquisition and Preservation of Digital Evidence Manage Communication with Relevant Parties

differences between classic and cloud environments Size matters Redundancy needs at least two of everything Cost matters If you can share resources you can share costs Location matters You want to reach it from anywhere, don’t you?

Domain 6: Legal and Compliance Legal Requirements and Unique Risks within the Cloud Environment Privacy Issues, Including Jurisdictional Variation Audit Process, Methodologies, and Required Adaptations for a Cloud Environment Implications of Cloud to Enterprise Risk Management Outsourcing and Cloud Contract Design Vendor Management

GDPR and other regulations Location Local Law Customer Country Law Etc.

Responsibilities You can outsoure everything but responsibility But… You can buy services Make contracts Share risks If you want something to be done put it into the contract

Costs and benefits Efficiency Reliability Security Vendor lock-in Service drift

Most overlooked things Backup (and restore!) Upgrades Patch management Vulnerability management Confidentiality Privacy

Cloud guide Security is not something for free It will not be included if you do not ask for it Checking everything is a must Read the small text as well Encryption is necessary Keep a clear way out

Conclusion Cloud is the next big thing This knowledge is on high demand There are lots of opportunities Cloud security is extremly inextricable (impossible to disentangle or separate.) References: www.isc2.org/ccsp-cbk-references

John Cleese on Stupidity

Questions Thank you!