Earning the CCSP credential means you have the knowledge and skills to secure a cloud environment. Successful candidates must understand the activities, risks and storage architectures required to ensure data security in the cloud.
The CCSP is comprised of six domains. This article explores the information you need to know and understand for the Domain 2 portion of the test, which contains eight subsections representing 20% of the exam. It assesses your level of mastery of the most critical aspects of cloud data security, as outlined in the CCSP Certification Exam Outline (effective date: August 1, 2022).
Earn your CCSP, guaranteed!
Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!
Candidates need to understand the following:
Candidates need to understand the storage types and options and the threats and countermeasures applicable to the various cloud service models.
Candidates need to understand threats to cloud storage and appropriate countermeasures, such as unauthorized access, regulatory noncompliance, jurisdictional issues, malware and ransomware.
Candidates need to understand various security technologies and strategies that consumers can use to protect data stored in a cloud environment.
Candidates need to know how to find data in the cloud environment before it can be classified and protected. Having data distributed at more locations increases the attack surface area.
Earn your CCSP, guaranteed!
Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!
Candidates need to understand how to map, label and classify data to indicate the value or sensitivity of the content. This process helps determine appropriate policies and controls to ensure compliance and determine encryption needs, approved use of data, authorized access and proper retention and disposal.
Candidates need to understand how IRM works, its importance and its pitfalls in cloud environments, especially involving the security and privacy of an organization’s sensitive data. The two categories of IRM are consumer-grade IRM, also known as digital rights management (DRM), and enterprise-grade IRM.
Candidates need to understand the various attributes of an IRM system, such as persistence, dynamic policy control, expiration and continuous audit trail.
Candidates need to understand the critical capabilities of IRM tools and solutions and features to look out for when incorporating IRM into a cloud security architecture.
Candidates need to understand data protection strategies (retention, deletion and archiving) and compliance obligations (i.e., legal, regulatory and contractual).
Candidates need to understand data retention policies and features required to ensure the cloud consumers meet internal and compliance requirements (e.g., storage costs and access requirements, specified legal and regulatory retention periods and data retention practices).
Candidates need to understand the data deletion procedures required to securely remove data from information systems when they are no longer required. There are three categories of deletion actions for various media types to achieve defensible destruction — clear, purge and destroy.
Candidates must understand the data archiving procedures required to meet an organization’s retention requirements and optimize storage resources in a live production cloud environment.
Candidates need to understand legal holds, electronic discovery and their importance during a legal investigation, along with legal hold roles and responsibilities when negotiating cloud contracts and SLAs.
Candidates must understand the various stages of data moving in cloud environments and the critical methods used to protect data throughout the entire lifecycle. In addition, you should know how to identify, track and analyze data events to ensure security in the cloud environment.
Candidates must understand the various key event sources, event data and event attributes available for the cloud service models — IaaS, PaaS and SaaS.
Candidates need to understand how to collect, verify, store and analyze data collected in a cloud environment.
Candidates need to understand the process of maintaining the chain of custody to ensure data integrity while conducting forensic analysis and incident response.
Earn your CCSP, guaranteed!
Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!
The CCSP includes six domains . Studying suitable material is essential for passing the CCSP exam. The official preparation material includes:
Need training? Design an individual CCSP learning path that fits your needs and requirements to prepare for the CCSP certification . Start validating your cloud security knowledge by reviewing all the key elements in the second domain of the CCSP common body of knowledge (CBK) — C loud Data Security .
For more on the CCSP certification, check out our CCSP certification hub.
