Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is Interesting in the CCSP certification?

Published byNeil Benson Modified over 5 years ago

Similar presentations

Presentation on theme: "What is Interesting in the CCSP certification?"— Presentation transcript:

1 What is Interesting in the CCSP certification?
Cloud as a Certificate What is Interesting in the CCSP certification?

2 INtroduction György Kollár
Electrical Engineer, (Old School Informatics) Small Business Owner Technical Director since 1991 Early Adopter type Working in Security in the last 13 years CISSP (2005-), CCSP (2016-) Collecting old HP calculators

3 About the Cloud Everybody uses it It costs nothing
Soneone takes care of everything It will always be there IT IS SAFE!

4 About CCSP Joint certification of (ISC)2 and CSA (Cloud Security Alliance) „A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration.” Successful candidates are competent in the following 6 domains

5 six domains of Common Body of Knowledge (CBK)
Architectural Concepts and Design Requirements Cloud Data Security Cloud Platform and Infrastructure Security Cloud Application Security Operations Legal and Compliance

6 Experience Requirements
Minimum of 5 years experience Or CISSP credential

7 Examination Length of exam 4 hours Number of questions 125
Question format Multiple choice Passing grade 700 out of 1000 points Exam availability English Testing center Pearson VUE Testing Center

8

9 Domain 1: Architectural Concepts and Design Requirements
Cloud Computing Concepts Cloud Reference Architecture Security Concepts Relevant to Cloud Computing Design Principles of Secure Cloud Computing Trusted Cloud Services

10 meaning of cloud on-demand self-service, broad network access,
resource pooling, rapid elasticity or expansion, measured service

11 "service models" Software, Platform, Infrastructure

12 "deployment models" Private, Public, Community, Hybrid

13 Domain 2: Cloud Data Security
Cloud Data Lifecycle Cloud Data Storage Architectures Data Security Strategies Data Discovery and Classification Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII) Data Rights Management Data Retention, Deletion, and Archiving Policies Auditability, Traceability and Accountability of Data Events

14 Moving to the cloud CRM Project management Design documents
Customer database Scheduler Financial data Project management Subcontractors Time management Calculations Design documents Schematics Mechanical drawings Software Network diagrams Bookkeeping Tax forms Invoices

15 Changes in the Cloud Where is my data? Where is my backup?
How can I use my systems? How can I secure my systems? How can I delete my data?

16 Risks shifted and changed
Assets Who owns the asset? Who is responsible for the asset? What asset?

17 "service models" Software, Platform, Infrastructure

18 Domain 3: Cloud Platform and Infrastructure Security
Cloud Infrastructure Components Risks Associated to Cloud Infrastructure Design and Plan Security Controls Plan Disaster Recovery and Business Continuity Management

19 Layered Security Phisical Layer Cabling Services Power HVAC Emergency

20 Domain 4: Cloud Application Security
Training and Awareness Cloud Software Assurance and Validation Use Verified Secure Software Software Development Life-Cycle (SDLC) Process Apply the Secure Software Development Life-Cycle the Specifics of Cloud Application Architecture Identity and Access Management

21 Domain 5: Operations Support the Planning Process for the Data Center Design Implement and Build/ Run / Manage Physical Infrastructure for Cloud Environment Build/ Run / Manage Logical Infrastructure for Cloud Environment Ensure Compliance with Regulations and Controls Conduct Risk Assesment to Logical and Physical Infrastructure Understand the Collection, Acquisition and Preservation of Digital Evidence Manage Communication with Relevant Parties

22 differences between classic and cloud environments
Size matters Redundancy needs at least two of everything Cost matters If you can share resources you can share costs Location matters You want to reach it from anywhere, don’t you?

23 Domain 6: Legal and Compliance
Legal Requirements and Unique Risks within the Cloud Environment Privacy Issues, Including Jurisdictional Variation Audit Process, Methodologies, and Required Adaptations for a Cloud Environment Implications of Cloud to Enterprise Risk Management Outsourcing and Cloud Contract Design Vendor Management

24 GDPR and other regulations
Location Local Law Customer Country Law Etc.

25 Responsibilities You can outsoure everything but responsibility But…
You can buy services Make contracts Share risks If you want something to be done put it into the contract

26 Costs and benefits Efficiency Reliability Security Vendor lock-in
Service drift

27 Most overlooked things
Backup (and restore!) Upgrades Patch management Vulnerability management Confidentiality Privacy

28 Cloud guide Security is not something for free
It will not be included if you do not ask for it Checking everything is a must Read the small text as well Encryption is necessary Keep a clear way out

29 Conclusion Cloud is the next big thing
This knowledge is on high demand There are lots of opportunities Cloud security is extremly inextricable (impossible to disentangle or separate.) References:

30 John Cleese on Stupidity

31 Questions Thank you!

Download ppt "What is Interesting in the CCSP certification?"

Similar presentations

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.

TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.

Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.
Security Controls – What Works

Security Controls – What Works
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Effectively and Securely Using the Cloud Computing Paradigm.

Effectively and Securely Using the Cloud Computing Paradigm.
Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.

Clouds on IT horizon Faculty of Maritime Studies University of Rijeka Sanja Mohorovičić INFuture 2009, Zagreb, 5 November 2009.
Cloud Enabled Healthcare Presented by: Ron Parker and Stanley Ratajczak Emerging Technology Group Canada Health Infoway Inc. May 28, 2013Copyright © 2013.

Cloud Enabled Healthcare Presented by: Ron Parker and Stanley Ratajczak Emerging Technology Group Canada Health Infoway Inc. May 28, 2013Copyright © 2013.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google