(ISC)² CCSP

CCSP Domain #1: Cloud Concepts, Architecture, and Design [updated 2021]

December 6, 2021 by Mosimilolu Odusanya

The following topics are included in the CCSP cloud concepts, architecture and design domain, as per the “Official (ISC)2 Guide to the CCSP CBK.” This domain represents 17% of the CCSP certification exam. Earning the CCSP means the candidate has the right knowledge and skills to build and design a cloud environment.

Domain 1: Cloud concepts, architecture and design

Understanding cloud computing concepts

Candidates will need to understand cloud computing fundamentals and cloud terminologies. NIST defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model comprises five essential characteristics, three service models and four deployment models.”

Cloud service models

Candidates will need to understand the differences between the various cloud service models and their 

  • Software as a Service (SaaS): the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage and applications. The cloud customer is responsible for only their data to the application managed by the cloud provider.
  • Platform as a Service (PaaS): the cloud provider manages the virtual machines and networking resources, and the cloud customer is responsible for deploying their applications into the cloud environment.
  • Infrastructure as a Service (IaaS): the cloud provider is responsible for the underlying infrastructure in the cloud environment. The operating system selection and configuration, patching and software tools and applications are under the control of the cloud customer. 
  • Deployment models

Candidates will need to understand the four deployment models: public, private, community and hybrid model. Plus, how cloud services are hosted, who controls and operates them and what customers have access to. 

Cloud computing roles

Candidates will need to understand the roles in cloud computing environment and how the various roles work together to keep cloud data secure:

  • Cloud service customer
  • Cloud service provider
  • Cloud service partner
  • Cloud service broker

Key cloud computing characteristics

Candidates will need to understand the six key cloud computing characteristics which describe certain characteristics that must be present for a service or offering is to be considered cloud:

  • On-demand self-service 
  • Broad network access
  • Rapid elasticity and scalability
  • Resource pooling
  • Measured service
  • Multitenancy

Building block technologies

Candidates will need to understand the five building block technologies that make cloud possible. A combination of all these technologies allows better resource utilization and improves the cost structure of technology. Depending on the type of cloud service model, the customer may have more or fewer responsibilities over these technologies:

  • Virtualization
  • Storage
  • Networking
  • Databases
  • Orchestration

Describe cloud reference architecture

Candidates will need to understand the various components (i.e., building blocks) required to develop and manage a cloud environment and how services are delivered, configured and managed. 

Cloud computing activities

Candidates will need to understand the number of activities (and roles) to be performed by several parties to build, secure and manage a cloud environment:

  • Cloud consumer
  • Cloud provider
  • Cloud auditor
  • Cloud broker
  • Cloud carrier

Cloud service capabilities

Candidates will need to understand the three cloud service models which provide different capabilities. 

  • Application capability types
  • Platform capability types
  • Infrastructure capability types

Cloud shared considerations

Candidates will need to understand the various factors that customers have to consider before starting their journey to the cloud. 

  • Interoperability
  • Portability and reversibility
  • Availability
  • Security and privacy
  • Resiliency
  • Performance
  • Governance
  • Maintenance and versioning
  • Service levels (agreements)
  • Auditability
  • Regulatory compliance

Impact of related technologies

Candidates will need to understand some of the critical and emerging technologies representing the fastest-growing applications of cloud computing.

  • Machine learning
  • Artificial intelligence
  • Blockchain
  • Internet of things
  • Containers
  • Quantum computing

Understand security concepts relevant to cloud computing

Candidates will need to understand various security concepts relevant to cloud computing:

  • Cryptography and key management
  • Access control
  • Data and media sanitization (e.g., overwriting, cryptographic erase)
  • Network security (e.g., network security groups)
  • Virtualization security (e.g., hypervisor security and container security)

Common threats

Candidates will need to understand various threats organizations face and risks inherent in utilizing cloud computing environments, such as data breaches, misconfiguration, inadequate change control and more. 

Understand design principles of secure cloud computing

Candidates will need to understand various factors considered when performing the cost-benefit analysis to move to the cloud. 

  • Cloud secure data lifecycle 

Candidates need to understand the six phases in the secure cloud data lifecycle: create, store, use, share, archive and destroy.

  • Cloud-based disaster recovery and business continuity planning

Candidates will need to understand the difference between disaster recovery (DR) and business continuity planning (BCP) in a cloud environment. 

  • Cost-benefit analysis

Candidates will need to understand when, why and how cost-benefit analysis is carried out to determine whether the features offered by the cloud provider justify the costs associated with the cloud environment. 

Functional security requirements

Candidates will need to understand the various security concerns (e.g., portability, interoperability, vendor lock-in) that must be evaluated, some of which are unique to the cloud service model and the shared responsibility model. 

Evaluate cloud service providers

Candidates will need to understand some of the factors used in evaluating cloud service providers, their service offerings, and their systems’ security. 

  • Verification against criteria

Candidates will need to understand what role “certification against criteria” plays in identifying trusted cloud services such as ISO/IEC 27017, payment card industry data security standard (PCI DSS) etc. 

  • System/subsystem product verifications

Candidates will need to understand some of the certifications, frameworks, standards used/gained by cloud service providers, such as common criteria (CC), federal information processing standard (FIPS) 140-2. 

How to prepare for the CCSP exam

Studying the right material is very he official books and material recommended by the (ISC)2 to take the CCSP exam, include:

  • Official (ISC)² CCSP CBK Reference, Third Edition
  • Official (ISC)² CCSP Study Guide
  • Official (ISC)² CCSP practice tests
  • Official CCSP study and practice tests apps
  • Official (ISC)² CCSP flashcards 

 

Sources

  • The Official (ISC)2 CCSP CBK Reference, (ISC)2 
  • (ISC)2 Approved CCSP for Dummies, Wiley
  • CCSP Certification Exam Outline, (ISC)2
Posted: December 6, 2021
Author
Mosimilolu Odusanya
View Profile

Mosimilolu (or 'Simi') works as a full-time cybersecurity consultant, specializing in privacy and infrastructure security. Outside of work, her passions includes watching anime and TV shows and travelling.

Leave a Reply

Your email address will not be published.