CCSP Domain 2: Cloud Data Security

Introduction

The Certified Cloud Security Professional certification, or CCSP, is a certification hosted by the joint effort of (ISC)2 and the Cloud Security Alliance (CSA). This exciting credential is designed for cloud-based information security professionals and ensures that the certification holder has acquired the requisite skills, knowledge and abilities in cloud implementation, security design, controls, operations and compliance with applicable regulations.

The CCSP certification exam comprises six domains: Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Operations, Cloud Application Security and Legal and Compliance. This article will detail the Cloud Data Security domain of the CCSP exam and what candidates preparing for the CCSP certification can expect on the exam.

The Cloud Data Security domain of CCSP currently accounts for 20% of the material covered by the CCSP certification exam.

Below you will find an exploration of the different subsections of this domain and what information you can expect to be covered on the CCSP certification exam.

2.1 Understand Cloud Data Lifecycle (CSA Guidance)

The first subsection of Domain 2 of the CCSP certification exam is all about understanding the cloud data life cycle as introduced in the Securosis Blog and later assimilated into the CSA guidance. What this accomplishes is it enables the organization to map all the different phases of the cloud data life cycle as against required controls for each phase of the life cycle.

It is important to note that the data life cycle serves as a framework to map use cases, with regard to data access and assisting in the development of relevant controls for each state of the life cycle. It is also important to note that the life cycle referenced is intended to serve as a standardized approach to data life cycle and security.

Phases

The (Read more...)