CCSP Domain #5: Cloud Security Operations [updated 2022]
Successful candidates must understand the types of activities, risks, appropriate security controls and storage architectures required to ensure data security in a cloud environment. The following topics are included in this domain, as per the “Official (ISC)2 Guide to the CCSP CBK.” This domain represents 17% of the CCSP certification exam. Earning the CCSP means the candidate has the right knowledge and skills to secure a cloud environment.
Domain 5 — Cloud Security Operations
5.1 Implement and Build Physical and Logical Infrastructure for Cloud Environment
Candidates will need to understand the factors and requirements to be put in place when implementing and building a physical and logical infrastructure with security in mind. It is also important to under the cloud service provider (CSP) and cloud consumer roles.
5.1.1 Hardware-Specific Security Configuration Requirements
Candidates will need to understand the various hardware components (and corresponding configuration requirements and settings) in a cloud data center infrastructure such as Basic Input Output Systems (BIOS), Virtualization and Trusted Platform Module (TPM) etc.
5.1.2 Installation and Configuration of Virtualization Management Tools
Candidates must understand the various virtualization management tools installation and hardening instructions required to oversee and secure the virtualized environment.
5.1.3 Virtual Hardware-Specific Security Configuration Requirements
Candidates will need to understand the various configuration settings and requirements to maintain virtual hardware security. Understanding the cloud consumer’s responsibilities in cloud offerings such as Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) is also important.
5.1.4 Installation of Guest Operating System Virtualization Toolsets
Candidates will need to understand the virtualization toolsets that enable installing any operating system in the virtualization environment.
5.2 Operate Physical and Logical Infrastructure for Cloud Environment
Candidates will need to understand access control mechanisms, physical and virtual network configurations, OS hardening baselines and ensure the availability of physical and virtual hosts and resources in a cloud environment.
5.2.1 Configure Access Control for Local and Remote Access
Candidates will need to understand protocols for supporting remote administration such as Secure Shell (SSH), Remote Desktop Protocol (RDP), Virtual Network Computing (VPC) etc.
5.2.2 Secure Network Configuration
Candidates will need to understand protocols, technologies, services and concepts for securing networks and the data transmitted, such as Virtual Local Area Network (VLAN), transport layer security (TLS), dynamic host configuration protocol (DHCP) etc.
5.2.3 Operating System Hardening through the Application of Baselines
Candidates will need to understand baselines in hardening the operating systems. The baseline and corresponding documentation may be achieved via customer-defined VM image, NIST checklists, CIS Benchmarks etc.
5.2.4 Availability of Stand-Alone and Clustered Hosts
Candidates will need to understand the differences between stand-alone and clustered hosts and when to use each.
5.3 Manage Physical and Logical Infrastructure for Cloud Environment
Candidates will need to understand critical areas of managing a physical and logical infrastructure for a cloud environment.
5.3.1 Access Controls for Remote Access
Candidates will need to understand tools required for remote administration and controls which can be put in place to reduce the risks associated with remote access, such as session encryption, strong authentication, use of identity and access management tools etc.
5.3.2 Operating System Baseline Compliance Monitoring and Remediation
Candidates will need to understand how to monitor and manage operating system configuration against baselines. These can be achieved via the following: configuration management database (CMDB), vulnerability scanning etc.
5.3.3 Patch Management
Candidates will need to understand the patch management process for finding, testing and applying patches to a cloud environment.
5.3.4 Performance and Capacity Monitoring
Candidates will need to understand the tools and infrastructure elements (e.g., network, compute, storage etc.) that can be monitored.
5.3.5 Hardware Monitoring
Candidates will need to understand the tools and hardware elements (e.g., compute hardware and supporting infrastructure, environmental etc.) that can be monitored.
5.3.6 Configuration of Host and Guest Operating System Backup and Restore Functions
Candidates will need to understand the three (3) main types of backup technologies (i.e., snapshots, agent-based and agentless).
5.3.7 Network Security Controls
Candidates will need to understand network security controls and technologies such as firewalls, intrusion detection/prevent systems (IDS/IPS), honeypots etc.
5.3.8 Management Plane
Candidates will need to understand the uses of a management plan in a cloud environment by the CSP.
5.4. Implement Operational Controls and Standards
Candidates will need to understand processes to be managed in cloud security operations and the frameworks (ISO 20000-1 and ITIL) used in governing IT operations and processes. Such processes include:
- Change management
- Continuity management
- Information security management
- Continual service improvement management
- Incident management
- Problem management
- Release management
- Deployment management
- Configuration management
- Service level management
- Availability management
- Capacity management
5.5 Support Digital Forensics
Candidates will need to understand how to conduct digital forensics in a cloud environment.
5.5.1 Forensics Data Collection Methodologies
Candidates will need to understand two (2) standards (i.e., ISO 27050 and Cloud Security Alliance (CS) Security Guidance Domain 3 Legal Issues: Contracts and Electronic Discovery) related to e-discovery.
5.5.2 Evidence Management
Candidates will need to understand how to manage the chain of custody from evidence collection to trial during any digital forensics investigation.
5.5.3 Collect, Acquire and Preserve Digital Evidence
Candidates will need to understand the phases of digital evidence handling and the challenges associated with evidence collection in a cloud environment.
5.6 Manage Communication with Relevant Parties
Candidates will need to understand how to communicate accurately, concisely, and timely to vendors, customers (including the cloud shared responsibility model), partners, regulators and other stakeholders.
5.7 Manage Security Operations
Candidates will need to understand how to manage and monitor the security controls deployed to manage a cloud environment’s physical and logical components.
5.7.1 Security Operations Center (SOC)
Candidates will need to understand how a SOC works in a cloud environment and its responsibilities, such as threat prevention and detection, incident management, etc.
5.7.2 Log Capture and Analysis
Candidates will need to understand the tools and processes required for log capture and analysis, such as the System Information and Event Management (SIEM) tool, log management tool etc.
5.7.3 Incident Management
Candidates will need to understand the incident management and response procedures in a cloud environment and the three (3) key elements: incident response plan, incident response team and root cause analysis.
How to prepare for the CCSP Exam
Studying the right material is very important. The official books and material recommended by the (ISC)2 to take the CCSP exam include:
- Official (ISC)² CCSP CBK Reference, Third Edition
- Official (ISC)² CCSP Study Guide
- Official (ISC)² CCSP practice tests
- Official CCSP study and practice tests apps
- Official (ISC)² CCSP flashcards
We've encountered a new and totally unexpected error.
Get instant boot camp pricing
A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.