Leslie Fife - The Official (ISC)2 CCSP CBK Reference

Raven Sims, CISSP, CCSP, SSCP, is a space systems senior principal cyber architect in the Strategic Deterrent division of a notable defense contractor. In this role, Sims has responsibility for the division's cyber architecture within the weapon system command-and-control business portfolio, including full-spectrum cyber, cloud computing, as well as mission-enabling cyber solutions supporting domestic and international customers. Most recently, Sims was a cyber architect of the Department of Justice (DoJ) Cybersecurity Services (CSS) team in providing cloud security guidance to all 14+ DoJ components. She was responsible for designing, deploying, and maintaining enterprise-class security, network, and systems management applications within an Amazon Web Services (AWS) and Azure environment. Within this role, she led incident response guidance for the DoJ as it pertained to securing the cloud and how to proactively respond to events within their cloud infrastructure. Sims has held business development, functional, and program positions of increasing responsibility in multiple sectors of the company. Her program experience includes government and international partnerships. Sims earned a bachelor's degree in computer science from Old Dominion University in Norfolk, Virginia, and a master's degree in technology management from Georgetown University in Washington, D.C. She is now pursuing a doctoral degree from Dakota State University in cyber operations. She serves on the board of directors of FeedTheStreetsRVA (FTSRVA); is a member of Society of Women Engineers (SWE) and Zeta Phi Beta Sorority, Inc.; and is the owner of Sims Designs. Sims is nationally recognized for her advancements in cyber and mission solutions as an awardee of the 2019 Black Engineer of the Year (BEYA): Modern Day Technology Award, and UK Cybercenturion awards.

EARNING THE GLOBALLY RECOGNIZED CCSP ®cloud security certification is a proven way to build your career and better secure critical assets in the cloud. Whether you are picking up this book to supplement your preparation to sit for the exam or you are an existing CCSP using this as a desk reference, you'll find the Official (ISC) 2 Guide to the CCSP CBK to be the perfect primer on the cloud security topics covered in the CCSP CBK.

Cloud computing security is one of the most in-demand skillsets in IT today. The designation of CCSP instantly communicates to everyone within our industry that you have the advanced technical skills and knowledge to design, manage, and secure data, applications, and infrastructure in the cloud using best practices, policies, and procedures established by the cybersecurity experts at (ISC) 2.

The recognized leader in the field of information security education and certification, (ISC) 2promotes the development of information security professionals throughout the world. As a CCSP with all the benefits of (ISC) 2membership, you are part of a global network of more than 157,000 certified professionals who are working to inspire a safe and secure cyber world.

Drawing from a comprehensive, up-to-date global body of knowledge, the CCSP CBK provides you with valuable insights on how to implement cloud security across different digital platforms that your organization may be using.

If you are an experienced CCSP, you will find this edition of the CCSP CBK to be an indispensable reference on best practices. If you are still gaining the experience and knowledge you need to join the ranks of CCSPs, the CCSP CBK is a deep dive that can be used to supplement your studies.

As the largest nonprofit membership body of certified information security professionals worldwide, (ISC) 2recognizes the need to identify and validate not only information security competency, but also the ability to connect knowledge of several cloud security domains when managing or migrating data to and from the cloud. The CCSP represents advanced knowledge and competency in cloud security architecture, design, operations, and service orchestration.

The opportunity has never been greater for dedicated professionals to carve out a meaningful career and make a difference in their organizations. The CCSP CBK will be your constant companion in protecting and securing the critical data assets of your organization that will serve you for years to come.

Sincerely,

Clar Rosso

CEO, (ISC) 2

THE CERTIFIED CLOUD SECURITY Professional (CCSP) denotes a professional with demonstrated ability across important aspects of architecture, data security, and risk management in cloud computing. The exam covers knowledge and skills across six domains of practice related to cloud security, codified in the (ISC) 2CCSP Common Body of Knowledge (CBK):

Domain 1: Cloud Concepts, Architecture, and Design

Domain 2: Cloud Data Security

Domain 3: Cloud Platform and Infrastructure Security

Domain 4: Cloud Application Security

Domain 5: Cloud Security Operations

Domain 6: Legal, Risk, and Compliance

Passing the exam is one condition of certification, and to qualify for the certification, a professional must have five years of experience in information technology, of which three years must be in a security-specific capacity and at least one year dedicated to one or more of the six CCSP domains.

Professionals take many paths into information security, and there are variations in acceptable practices across different industries and regions. The CCSP CBK represents a baseline standard of security knowledge relevant to cloud security and management, though the rapid pace of change in cloud computing means a professional must continuously maintain their knowledge to stay current. As you read this guide, consider not only the scenarios or circumstances presented to highlight the CBK topics, but also connect it to common practices and norms in your organization, region, and culture. Once you achieve CCSP certification, you will be asked to maintain your knowledge with continuing education, so keep topics of interest in mind for further study once you have passed the exam.

Understanding cloud computing begins with the building blocks of cloud services, and the Cloud Concepts, Architecture, and Design domain introduces these foundational concepts. This includes two vital participants: cloud service providers and cloud consumers, as well as reference architectures used to deliver cloud services like infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). These relatively new methods of accessing IT resources offer interesting business benefits like shifting spending from capital expenditure (CapEx) to operating expenditure (OpEx). This changes the way organizations budget and pay for the IT resources needed to run their business, so it is not uncommon to see financial leaders driving adoption of cloud services. New IT service models bring with them new forms of information security risks, however, which must be assessed and weighed so the organization achieves an optimal balance of cost (in the form of risk) with benefits (in the form of reduced IT spending). This will drive decisions on which cloud deployment model to adopt, like public or private cloud, as well as key internal governance initiatives when migrating to and managing cloud computing.