Scribd Logo
Upload

Welcome to Scribd!

  • FINAL - CCSP Domain Chapter Mapping

    Uploaded by

    kalibearsec
    53 views7 pages
    This document maps the domains and objectives covered by the CCSP exam to chapters and modules in a study guide. It outlines 5 domains: 1) cloud concepts, architecture and design; 2) cloud data security; 3) cloud platform and infrastructure security; 4) cloud application security; and 5) security operations. Each domain contains objectives that are mapped to specific chapters and modules to indicate where they are covered in the study material.

    Original Description:

    Original Title

    FINAL_CCSP Domain Chapter Mapping (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document maps the domains and objectives covered by the CCSP exam to chapters and modules in a study guide. It outlines 5 domains: 1) cloud concepts, architecture and design; 2) cloud data security; 3) cloud platform and infrastructure security; 4) cloud application security; and 5) security operations. Each domain contains objectives that are mapped to specific chapters and modules to indicate where they are covered in the study material.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    53 views7 pages

    FINAL - CCSP Domain Chapter Mapping

    Uploaded by

    kalibearsec
    This document maps the domains and objectives covered by the CCSP exam to chapters and modules in a study guide. It outlines 5 domains: 1) cloud concepts, architecture and design; 2) cloud data security; 3) cloud platform and infrastructure security; 4) cloud application security; and 5) security operations. Each domain contains objectives that are mapped to specific chapters and modules to indicate where they are covered in the study material.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 7

    CCSP Domain Chapter Mapping

    Domain and Objectives Covered in


    Domain 1: Cloud Concepts, Architecture and Design
    1.1 Understand cloud computing concepts Chapter 1 Module 1
    1.1.1 Cloud computing definitions Chapter 1 Module 1
    1.1.2 Cloud computing roles and responsibilities Chapter 1 Modules 1 & 2
    1.1.3 Key cloud computing characteristics Chapter 1 Module 1
    1.1.4 Building block technologies Chapter 1 Module 1
    1.2 Describe cloud reference architecture Chapter 1 Module 2
    1.2.1 Cloud computing activities Chapter 1 Module 2
    1.2.2 Cloud service capabilities Chapter 1 Module 2
    1.2.3 Cloud service categories Chapter 1 Module 2
    1.2.4 Cloud deployment models Chapter 1 Module 2
    1.2.5 Cloud shared considerations Chapter 1 Module 2
    1.2.6 Impact of related technologies Chapter 1 Module 2
    1.3 Understand security concepts relevant to cloud computing Chapter 1 Module 3,
    Chapter 3 Module 8
    1.3.1 Cryptography and key management Chapter 3 Module 2
    1.3.2 Identity and access control Chapter 3 Module 8
    1.3.3 Data and media sanitization Chapter 3 Module 7
    1.3.4 Network security Chapter 3 Module 8
    1.3.5 Virtualization security Chapter 3 Module 8,
    Chapter 4 Module 1
    1.3.6 Common threats Chapter 1 Module 3
    1.3.7 Security hygiene Chapter 1 Module 3
    1.4 Understand design Principles of Secure Cloud Computing Chapter 1 Module 4
    1.4.1 Cloud secure life cycle Chapter 3 Module 1
    1.4.2 Business continuity (BC) and disaster recovery plan (DR) Chapter 4 Module 7
    1.4.3 Business impact analysis (BIA) Chapter 1 Module 2
    1.4.4 Functional security requirements Chapter 4 Module 2
    1.4.5 Security considerations and responsibilities for different Chapter 1 Module 4
    cloud categories
    1.4.6 Cloud design patterns Chapter 1 Module 4,
    Chapter 6 Module 1
    1.4.7 DevOps security Chapter 5 Module 2
    1.5 Evaluate cloud service providers Chapter 1 Module 5,
    Chapter 2 Module 4
    1.5.1 Verification against criteria Chapter 1 Module 3,
    Chapter 3 Module 4
    1.5.2 System/subsystem product certifications Chapter 1 Module 5,
    Chapter 2 Module 5,
    Chapter 3 Module 2
    Domain 2: Cloud Data Security
    2.1 Describe cloud data concepts Chapter 3 Module 1
    2.1.1 Cloud data life cycle phases Chapter 3 Module 1
    2.1.2 Data dispersion Chapter 3 Module 1
    2.1.3 Data flows Chapter 3 Module 1
    2.2 Design and implement cloud data storage architectures Chapter 3 Module 4
    2.2.1 Storage types Chapter 3 Module 4
    2.2.2 Threats to storage types Chapter 3 Module 4
    2.3 Design and apply data security technologies and strategies Chapter 3 Module 6
    2.3.1 Encryption and key management Chapter 3 Module 2
    2.3.2 Hashing Chapter 3 Module 2
    2.3.3 Data obfuscation Chapter 3 Module 6
    2.3.4 Tokenization Chapter 3 Module 6
    2.3.5 Data loss prevention Chapter 3 Module 6
    2.3.6 Keys, secrets and certificates management Chapter 3 Module 2
    2.4 Implement data discovery Chapter 3 Module 3
    2.4.1 Structured data Chapter 3 Module 3
    2.4.2 Unstructured data Chapter 3 Module 3
    2.4.3 Semi-structured data Chapter 3 Module 3
    2.4.4 Data location Chapter 3 Module 1
    2.5 Plan and implement data classification Chapter 3 Module 3
    2.5.1 Data classification policies Chapter 3 Module 3
    2.5.2 Data mapping Chapter 3 Module 3
    2.5.3 Data labeling Chapter 3 Module 3
    2.6 Design and implement information rights management Chapter 3 Module 5
    (IRM)
    2.6.1 Objectives Chapter 3 Module 5
    2.6.2 Appropriate tools Chapter 3 Module 2
    2.7 Plan and implement data retention, deletion and archiving Chapter 3 Module 7
    policies
    2.7.1 Data retention policies Chapter 3 Module 7
    2.7.2 Data deletion procedures and mechanisms Chapter 3 Module 7
    2.7.3 Data archiving procedures and mechanisms Chapter 3 Module 7
    2.7.4 Legal hold Chapter 2 Module 2
    2.8 Design and implement auditability, traceability and Chapter 6 Module 5
    accountability of data
    2.8.1 Definition of event sources and requirement of event Chapter 6 Module 5
    attributes
    2.8.2 Logging, storage and analysis of data events Chapter 6 Module 5
    2.8.3 Chain of custody and non-repudiation Chapter 2 Module 2
    Domain 3: Cloud Platform and Infrastructure Security
    3.1 Comprehend Cloud infrastructure and platform Chapter 4 Module 1
    components
    3.1.1 Physical environment Chapter 4 Module 2
    3.1.2 Network and communications Chapter 4 Module 1
    3.1.3 Compute Chapter 4 Module 1
    3.1.4 Virtualization Chapter 4 Module 1
    3.1.5 Storage Chapter 4 Module 1
    3.1.6 Management plane Chapter 4 Module 1
    3.2 Design a secure data center Chapter 4 Module 2
    3.2.1 Logical design Chapter 4 Module 2
    3.2.2 Physical design Chapter 4 Module 2
    3.2.3 Environmental design Chapter 4 Module 2
    3.2.4 Design resilience Chapter 4 Module 2
    3.3 Analyze risks associated with cloud infrastructure and Chapter 4 Module 3
    platforms
    3.3.1 Risk assessment Chapter 4 Module 3
    3.3.2 Cloud vulnerabilities, threats and attacks Chapter 4 Module 3
    3.3.3 Risk mitigation strategies Chapter 4 Module 3
    3.4 Plan and implementation of security controls Chapter 4 Module 4
    3.4.1 Physical and environmental protection Chapter 4 Modules 2 & 4
    3.4.2 System, storage and communication protection Chapter 4 Module 4
    3.4.3 Identification, authentication and authorization in cloud Chapter 4 Module 4
    environments
    3.4.4 Audit mechanisms Chapter 4 Module 4
    3.5 Business continuity (BC) and disaster recovery (DR) Chapter 4 Module 7
    3.5.1 Business continuity (BC) / disaster recovery strategy (DR) Chapter 4 Module 7
    3.5.2 Business requirements Chapter 4 Module 7
    3.5.3 Creation, implementation and testing of plan Chapter 4 Module 7
    Domain 4: Cloud Application Security
    4.1 Advocate training and awareness for application security Chapter 5 Module 1
    4.1.1 Cloud development basics Chapter 5 Module 1
    4.1.2 Common pitfalls Chapter 5 Module 1
    4.1.3 Common cloud vulnerabilities Chapter 5 Module 1
    4.2 Describe the secure software development life cycle (SDLC) Chapter 5 Module 2
    process
    4.2.1 Business requirements Chapter 5 Module 2
    4.2.2 Phases and methodologies Chapter 5 Module 2
    4.3 Apply the Secure Software Development Life Cycle (SDLC) Chapter 5 Module 3
    4.3.1 Cloud-specific risks Chapter 5 Module 1
    4.3.2 Threat modeling Chapter 5 Module 3
    4.3.3 Avoid common vulnerabilities during development Chapter 5 Module 3
    4.3.4 Secure coding Chapter 5 Module 3
    4.3.5 Software configuration management and versioning Chapter 5 Module 3
    4.4 Apply cloud software assurance and validation Chapter 5 Module 4
    4.4.1 Functional and non-functional testing Chapter 5 Module 4
    4.4.2 Security testing methodologies Chapter 5 Module 4
    4.4.3 Quality assurance (QA) Chapter 5 Module 4
    4.4.4 Abuse case testing Chapter 5 Module 4
    4.5 Use verified secure software Chapter 5 Module 5
    4.5.1 Securing application programming interfaces (API) Chapter 5 Module 5
    4.5.2 Supply chain management Chapter 2 Module 6,
    Chapter 5 Module 5
    4.5.3 Third-party software management Chapter 5 Module 5
    4.5.4 Validated open-source software Chapter 5 Module 5
    4.6 Comprehend the specifics of cloud application architecture Chapter 5 Module 6
    4.6.1 Supplemental security components Chapter 5 Module 5
    4.6.2 Cryptography Chapter 3 Module 2
    4.6.3 Sandboxing Chapter 5 Module 6
    4.6.4 Application virtualization and orchestration Chapter 5 Module 6
    4.7 Design appropriate Identity and access management (IAM) Chapter 4 Module 6
    solutions
    4.7.1 Federated identity Chapter 4 Module 6
    4.7.2 Identity providers (IdP) Chapter 4 Module 6
    4.7.3 Single sign-on (SSO) Chapter 4 Module 6
    4.7.4 Multi-factor authentication (MFA) Chapter 4 Module 6
    4.7.5 Cloud access security broker (CASB) Chapter 4 Module 6
    4.7.6 Secrets management Chapter 4 Module 6
    Domain 5: Cloud Security Operations
    5.1 Build and implement physical and logical infrastructure for Chapter 4 Module 5
    cloud environment
    5.1.1 Hardware-specific security configuration requirements Chapter 3 Module 2,
    Chapter 4 Module 5
    5.1.2 Installation and configuration of management plane tools Chapter 4 Module 5
    5.1.3 Virtual hardware specific security configuration Chapter 4 Modules 1 & 5
    requirements
    5.1.4 Installation of guest operating system (OS) virtualization Chapter 4 Module 5
    toolsets
    5.2 Operate and maintain physical and logical infrastructure for Chapter 6 Module 1
    cloud environment
    5.2.1 Access controls for local and remote access Chapter 6 Module 1
    5.2.2 Secure network configuration Chapter 6 Module 1
    5.2.3 Network security controls Chapter 4 Module 5,
    Chapter 6 Module 1
    5.2.4 Operating system (OS) hardening through the application Chapter 6 Module 1
    of baselines, monitoring and remediation
    5.2.5 Patch management Chapter 6 Module 2
    5.2.6 Infrastructure as Code (IaC) strategy Chapter 4 Module 5
    5.2.7 Availability of clustered hosts Chapter 6 Module 1

    5.2.8 Availability of guest operating system (OS) Chapter 6 Module 1

    5.2.9 Performance and capacity monitoring Chapter 6 Module 1

    5.2.10 Hardware monitoring Chapter 6 Module 1

    5.2.11 Configuration of host and guest operating system (OS) Chapter 6 Module 1
    backup and restore functions
    5.2.12 Management plane Chapter 1 Module 1,
    Chapter 4 Modules 1&5
    5.3 Implement operational controls and standards Chapter 6 Module 2
    5.3.1 Change management Chapter 6 Module 2
    5.3.2 Continuity management Chapter 6 Module 2
    5.3.3 Information security management Chapter 6 Module 2
    5.3.4 Continual service improvement management Chapter 6 Module 2
    5.3.5 Incident management Chapter 6 Module 2
    5.3.6 Problem management Chapter 6 Module 2
    5.3.7 Release management Chapter 6 Module 2
    5.3.8 Deployment management Chapter 6 Module 2
    5.3.9 Configuration management Chapter 6 Module 2
    5.3.10 Service level management Chapter 6 Module 2
    5.3.11 Availability management Chapter 6 Module 2
    5.3.12 Capacity management Chapter 6 Module 2
    5.4 Support digital forensics Chapter 2 Module 2,
    Chapter 6 Module 3
    5.4.1 Forensic data collection methodologies Chapter 2 Module 2
    5.4.2 Evidence management Chapter 2 Module 2,
    Chapter 6, Module 3
    5.4.3 Collect, acquire and preserve digital evidence Chapter 2 Module 2,
    Chapter 6, Module 3
    5.5 Manage communication with relevant parties Chapter 2 Module 2,
    Chapter 6 Module 4
    5.5.1 Vendors Chapter 6 Module 4
    5.5.2 Customers Chapter 6 Module 4
    5.5.3 Partners Chapter 6 Module 4
    5.5.4 Regulators Chapter 6 Module 4
    5.5.5 Other stakeholders Chapter 6 Module 4
    5.6 Manage security operations Chapter 6 Module 6
    5.6.1 Security operations center (SOC) Chapter 6 Module 6
    5.6.2 Intelligent monitoring of security controls Chapter 4 Module 5,
    Chapter 6 Module 1,
    Chapter 6 Module 6
    5.6.3 Log capture and analysis Chapter 6 Module 6
    5.6.4 Incident management Chapter 6 Module 2
    5.6.5 Vulnerability assessments Chapter 5 Module 4
    Domain 6: Legal, Risk and Compliance
    6.1 Legal requirements and unique risks in cloud environment Chapter 2 Module 1
    6.1.1 Conflicting international legislation Chapter 2 Module 1
    6.1.2 Evaluation of legal risks specific to cloud computing Chapter 2 Module 1
    6.1.3 Legal framework and guidelines Chapter 2 Module 1
    6.1.4 E-discovery Chapter 2 Module 2
    6.1.5 Forensics requirements Chapter 2 Module 2
    6.2 Understand privacy issues Chapter 2 Module 3
    6.2.1 Difference between contractual and regulated private data Chapter 2 Module 3
    6.2.2 Country-specific legislation related to private data Chapter 2 Module 3
    6.2.3 Jurisdictional differences in data privacy Chapter 2 Module 3
    6.2.4 Standard privacy requirement Chapter 2 Module 3
    6.2.5 Privacy impact assessments (PIA) Chapter 2 Module 3
    6.3 Understand audit process, methodologies, and required Chapter 2 Modules 3 & 4
    adaptations for a cloud environment
    6.3.1 Internal and external audit controls Chapter 2 Module 4
    6.3.2 Impact of audit requirements Chapter 2 Module 4
    6.3.3 Identify assurance challenges of virtualization and cloud Chapter 6 Module 2
    6.3.4 Types of audit reports Chapter 2 Module 4
    6.3.5 Restrictions of audit scope statements Chapter 2 Module 4
    6.3.6 Gap analysis Chapter 2 Module 4
    6.3.7 Audit planning Chapter 2 Module 4
    6.3.8 Internal information security management system Chapter 2 Module 4
    6.3.9 Internal information security controls system Chapter 2 Module 4
    6.3.10 Policies Chapter 2 Module 4
    6.3.11 Identification and involvement of relevant stakeholders Chapter 2 Module 4
    6.3.12 Specialized compliance requirements for highly regulated Chapter 2 Modules 3 & 4
    industries
    6.3.13 Impact of distributed information technology (IT) model Chapter 2 Modules 3 & 4
    6.4 Implications of cloud to enterprise risk management Chapter 2 Module 5
    6.4.1 Assess provider’s risk management program Chapter 2 Module 5
    6.4.2 Difference between Data owner/controller vs. data Chapter 2 Module 5
    custodian/processor
    6.4.3 Regulatory transparency requirements Chapter 2 Module 5
    6.4.4 Risk treatment Chapter 2 Module 5
    6.4.5 Different risk frameworks Chapter 2 Module 5
    6.4.6 Metrics for risk management Chapter 2 Module 5
    6.4.7 Assessment of risk environment Chapter 2 Module 5
    6.5 Understand outsourcing and cloud contract design Chapter 2 Module 6
    6.5.1 Business requirements Chapter 1 Module 5,
    Chapter 2 Module 6
    6.5.2 Vendor management Chapter 2 Module 6
    6.5.3 Contract management Chapter 2 Module 6
    6.5.4 Supply-chain management Chapter 2 Module 6

    You might also like