CCSP Domain 4: Cloud Application Security

Introduction

The Certified Cloud Security Professional certification, or CCSP, is a certification hosted by the joint effort of (ISC)2 and the Cloud Security Alliance (CSA). This exciting credential is designed for cloud-based information security professionals and ensures that the certification holder has acquired the requisite skills, knowledge and abilities in cloud implementation, security design, controls, operations and compliance with applicable regulations.

The CCSP certification exam comprises six domains: Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Operations, Cloud Application Security and Legal and Compliance. This article will detail the Cloud Application Security domain of the CCSP exam and what candidates preparing for the CCSP certification can expect on the exam.

The Cloud Application Security domain of CCSP currently accounts for 15% of the material covered by the CCSP certification exam.

Below you will find an exploration of the different subsections of this domain and what information you can expect to be covered on the CCSP certification exam.

4.1 Recognize the Need for Training and Awareness in Application Security

When new development techniques are introduced, training is often required. Cloud computing is no exception to this rule.

Cloud Development Basics

Cloud Application Components

Cloud applications are composed of the following components:

  • Data
  • Functions
  • Processes

Determining Data Sensitivity and Performance

Cloud based applications should be assessed to determine their sensitivity and importance. This is how “cloud-friendliness” is determined. Six key questions are asked in these situations. based on impact:

  • What if the data becomes widely-distributed and widely public?
  • What if a cloud service provider’s employee accessed the application?
  • What if an outsider manipulated a process or function?
  • What if a function or process failed to provide expected results?
  • What if data was changed unexpectedly?
  • What if the application becomes unavailable for some time?

API Formats

(Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/G6Trjzcih1Y/