Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying CCSP (ISC)2 Certified Cloud Security Professional Exam Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

By : Omar A. Turner, Navya Lakshmana
4.9 (22)
close
close
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

4.9 (22)
By: Omar A. Turner, Navya Lakshmana

Overview of this book

Preparing for the Certified Cloud Security Professional (CCSP) exam can be challenging, as it covers a wide array of topics essential for advancing a cybersecurity professional’s career by validating their technical skills. To prepare for the CCSP exam, you need a resource that not only covers all the exam objectives but also helps you prepare for the format and structure of the exam. Written by two seasoned cybersecurity professionals with a collective experience of hundreds of hours training CCSP bootcamps, this CCSP study guide reflects the journey you’d undertake in such training sessions. The chapters are packed with up-to-date information necessary to pass the (ISC)2 CCSP exam. Additionally, to boost your confidence, the book provides self-assessment questions, exam tips, and mock exams with detailed answer explanations. You’ll be able to deepen your understanding using illustrative explanations that briefly review key points. As you progress, you’ll delve into advanced technical aspects of cloud domain security, such as application security, design, managing and securing data, and infrastructure in the cloud using best practices and legal policies and procedures. By the end of this guide, you’ll be ready to breeze through the exam and tackle real-world cloud security challenges with ease.
Table of Contents (27 chapters)
close
close

Cloud Stakeholders

The International Information Systems Security Certification Consortium (ISC2) CCSP Common Body of Knowledge (CBK) identifies multiple cloud computing stakeholders with specific responsibilities, based primarily on the following International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) standards and NIST special publications:

  • ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)
  • NIST SP 500-292 CCRA

Note

You can read more about the ISO/IEC 17789 CCRA here - https://www.iso.org/standard/60545.html, and the NIST SP 500-292 CCRA here - https://www.nist.gov/publications/nist-cloud-computing-reference-architecture.

The key differences you need to be aware of concerning the identification of these cloud stakeholders are as follows:

  • The ISO/IEC 17789 CCRA defines three main roles with multiple sub-roles in each main role
  • The NIST CCRA defines five key actors

Note

It is important to focus on the cloud service models and cloud delivery models in this chapter. You will learn about the shared responsibility model, the three service models, and the six common deployment models (as mentioned in the NIST definition) in Chapter 2, Cloud Reference Architecture.

You will now go through each role and actor of ISO/IEC 17789 CCRA and NIST CCRA respectively.

ISO/IEC 17789 CCRA Roles and Sub-Roles

ISO/IEC 17789 is a standard developed by the ISO and the IEC, providing an extensive framework for CCRA. The purpose of this standard is to establish a common language, concepts, and structure to create, deliver, and manage cloud services across various domains.

ISO/IEC 17789 defines a CCRA that includes numerous roles and sub-roles, representing the major actors within the cloud computing ecosystem. You will learn about the duties and interactions between entities within this environment for effective operation and efficiency.

Cloud Service Customer

A Cloud Service Customer (CSC) is an entity that purchases cloud services from a CSP for itself or its users. CSCs can include organizations, departments within organizations, and individuals.

Sub-Roles of the CSC

A Cloud Service User (CSU) is an individual or application that utilizes cloud services provided by the CSP on behalf of the CSC.

CSP

A CSP is the entity responsible for supplying, running, and supporting cloud services. CSPs offer various cloud solutions such as SaaS, PaaS, and IaaS that CSCs can access.

Sub-Functions of a CSP

There are three sub-functions of a CSP:

  • Cloud Service Development: The Cloud Service Development (CSD) sub-role is responsible for designing, creating, and deploying cloud services that meet the demands of CSCs.
  • Cloud Service Operation: The Cloud Service Operation (CSO) sub-role is responsible for managing, monitoring, and operating cloud services provided by the CSP. This involves ensuring those services’ availability, performance, and security.
  • Cloud Service Support: The Cloud Service Support (CSS) sub-role is responsible for offering technical assistance, troubleshooting, and resolving issues related to cloud services for CSCs.

Cloud Service Partner

A Cloud Service Partner (CSN) is an entity that collaborates with the CSP to provide value-added services or support to CSCs. CSNs can be suppliers, resellers, or other organizations working closely with the CSP to improve cloud services as a whole.

Sub-Functions of a CSN

There are two sub-functions of a CSN as listed below:

  • Cloud Broker: The Cloud Broker (CB) serves as an intermediary between the CSC and various CSPs.
  • Cloud Carrier: The Cloud Carrier (CC) facilitates network connectivity between a CSP and the CSCs to guarantee secure, dependable communication.

Cloud Auditor

The Cloud Auditor (CA) is an independent body that reviews and validates a CSP and its services’ adherence to applicable standards, laws, and best practices.

You will now learn about the key actors as per the NIST CCRA.

NIST Cloud Computing Key Actors

NIST Cloud Computing Reference Architecture (NIST SP 500-292), is a document published by the NIST, with the aim of offering an in-depth framework to comprehend, design, and implement cloud computing services and solutions. This reference architecture is intended to produce a uniform, technology-neutral framework that allows communication, cooperation, and the creation of cloud computing standards among diverse stakeholders, such as CSPs, users, and regulators.

The NIST CCRA is composed of five essential components, often termed as actors. These components describe the fundamental functions and duties inside a cloud computing system, therefore clarifying their interrelationships. The five major elements of the NIST CCRA are as follows.

Cloud Consumer

The cloud consumer is a person, group, or business that utilizes cloud services offered by the cloud provider. The cloud consumer obtains and administers cloud services in accordance with its needs and can access these services through a variety of interfaces and devices.

Cloud Provider

The cloud provider is the entity tasked with making cloud services accessible to the cloud customer. This covers the design, management, and maintenance of the cloud infrastructure, platforms, and applications necessary to offer the services. Cloud providers can provide a variety of service models, including IaaS, PaaS, and SaaS.

Cloud Broker

The cloud broker is an agent that helps cloud customers choose, manage, and integrate cloud services from numerous cloud providers. Cloud brokers can provide value-added services, such as collecting and integrating various offers, negotiating contracts, and maintaining Service-Level Agreements (SLAs) to guarantee that the demands of cloud consumers are satisfied.

Cloud Auditor (CA)

The CA is an independent, responsible body that assesses and evaluates the cloud services offered by the cloud provider. This involves confirming the cloud services’ performance, security, and compliance with industry standards, legislation, and best practices. CAs contribute to the confidence and trust of cloud consumers by verifying that cloud providers achieve the necessary service levels and customer expectations.

Cloud Carrier (CC)

The CC is responsible for delivering the connectivity and transport services required for cloud consumer access to a cloud provider’s cloud services. CCs provide the delivery of data and communication between cloud consumers and cloud providers, guaranteeing safe and dependable access to cloud services.

In addition to these core aspects, the NIST CCRA highlights many cross-functional characteristics that are essential to the installation and operation of cloud computing services. They include security, privacy, and compliance, which are vital for ensuring data protection and adherence to applicable laws and regulations.

By providing a structured and thorough reference architecture, NIST SP 500-292 fosters a shared understanding of cloud computing ideas and terminology, enabling stakeholders to make informed decisions and ease the development of interoperable cloud computing solutions. This reference design is a great resource for enterprises intending to adopt cloud computing or to enhance their current cloud-based services.

You will now understand the definitions and specifics of cloud stakeholders as seen from the perspective of two organizations. The ISO/IEC 17789 CCRA, with its focus on the CSC, the sub-role of the CSU, the CSP (with its associated sub-roles), the CSN, and the CA, offers a comprehensive view of the dynamics of each of the aforementioned roles, while the NIST reference architecture looks at the five primary actors of consumer, provider, broker, CA, and CC. Both are equally important, and it is essential to understand the differences between the two for the CCSP exam.

In the next section, you will dive into the key core technologies that allow cloud computing to exist and be used at scale for those requiring the use of the cloud.

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY