CCSP Domain 2 Cloud Data Security

234 views
Embed
Email
From
Username or Email (please add comma after each username or email)
Name	Email
Back
Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.
Infosectrain

Uploaded on Oct 14, 2021
Category Education
The CCSP is a globally recognized certification that represents the pinnacle of cloud security knowledge. It was co-created by (ISC)2 and the Cloud Security Alliance (CSA), two of the most respected information security and cloud computing security organizations.
Category Education
Comments

                     CCSP Domain 2 Cloud Data Security
                     CCSP Domain 2: Cloud Data Security
www.infosectrain.com | [email protected]
CCSP
The CCSP is a globally recognized certification that 
represents the pinnacle of cloud security knowledge. It 
was co-created by (ISC)2 and the Cloud Security Alliance 
(CSA), two of the most respected information security and 
cloud computing security organizations. This certification 
meets the increasing demand for trained and certified 
Cloud Security Professionals. A CCSP demonstrates 
competence in Cloud Security architecture, design, 
operations, and service orchestration by applying 
information security expertise to a Cloud computing 
environment. This professional competence is assessed 
against a body of knowledge that is globally recognized.
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Domains of CCSP
www.infosectrain.com | [email protected]
CCSP comprises a total of six domains:
•Domain 1: Cloud Concepts, Architecture and Design (17%)
•Domain 2: Cloud Data Security (19%)
•Domain 3: Cloud Platform & Infrastructure Security (17%)
•Domain 4: Cloud Application Security (17%)
•Domain 5: Cloud Security Operations (17%)
•Domain 6: Legal, Risk, and Compliance (13%)
In this blog, we will cover the second domain: 
Cloud Data Security.
https://youtu.be/6Y1n6kI1MHM
www.infosectrain.com | [email protected]
Cloud Data Security
The second domain of CCSP, Cloud Data Security, is the 
most crucial domain as it covers the central part of the 
CCSP exam. It holds a weightage of 19%. It mainly 
focuses on:
•Describing Cloud Data Concepts
•Designing and Implementing Cloud Data Storage 
Architecture
•Designing and Applying Data Security Technologies and 
Strategies
•Implementing Data Discovery
•Implementing Data Classification
•Designing and Implementing Information Rights 
Management (IRM)
www.infosectrain.com | [email protected]
Understanding the Cloud Data Lifecycle
In this, we understand the different phases of data during its lifecycle. 
They are mainly referred to as CSUSAD, which stands for Create, 
Store, Use, Share, Archive, and Destroy. Data can be found in three 
states:
•Data in Transit (DIT)
•Data in Use (DIU)
•Data at Rest (DAR)
In order to ensure security in these phases, we must be aware of the 
organization mapping of the different stages of a Data Life Cycle. The 
Cloud Security Alliance (CSA) is one of the two developers of the CCSP 
that offers guidance regarding the Cloud Data Lifecycle. The 
candidates who want to pursue CCSP certification must be familiar 
with the Cloud Data Lifecycle phases and the data protection tools 
used to execute them. Along with Data Lifecycle, Data Dispersion also 
falls under this category, which is used for redundancy and 
robustness.
www.infosectrain.com | [email protected]
Designing and Implementing Cloud Data Storage 
Architectures
In this section, we learn about the different types of Cloud Storage 
Services available that vary across the service model. This portion of 
the CCSP is devoted to all facets of cloud storage. To be prepared, 
you must understand the various types of storage (long-term, 
ephemeral, and raw-disk), and the kinds of storage we use in SaaS, 
PaaS, and IaaS, respectively. We learn about the advantages and 
drawbacks of these storage services. Also, we understand the 
possible threats to each type of storage (unauthorized access, 
unauthorized usage, liability due to regulatory non-compliance, etc.) 
and how to address and mitigate these threats using encryption and 
other technologies.
www.infosectrain.com | [email protected]
Designing and Applying Data Security Strategies
This is the most crucial part from the exam point of view. In 
this section, we understand the various data-protection 
resources available and how to use them. We learn about:
•Encryption and Key management: Symmetric and Asymmetric 
Encryption, ECC, RSA, AES
•Hashing
•Masking: Static and Dynamic Masking
•Tokenization
•Data Loss Prevention (DLP)
•Data Obfuscation
•Data De-identification and modern and evolving cryptography-
related technologies.
https://www.infosectrain.com/courses/ccsp-certification-
training/
www.infosectrain.com | [email protected]
Understanding and Implementing Data 
Classification Techniques
In this section, we understand the different methods to 
find data within a cloud environment and how to classify 
data properly. It is about analyzing the data value based 
on the criticality and sensitivity of data. We learn about:
•Mapping: It involves mapping the sensitive data and the 
security controls deployed to guard.
•Labeling: It provides visibility to the data.
•Sensitive Data: It includes PHI, PII, Card Holder data, 
etc.
www.infosectrain.com | [email protected]
Understanding and Implementing Data Discovery
This section opens up a landscape of the possibility of enterprise 
collaborations that is enabled by sharing data and analytics. In 
this section, we understand the different types of data discovery 
approaches. We learn about:
•Structured Data
•Unstructured Data
Designing and Implementing Relevant 
Jurisdictional Data Protections for Personally 
Identifiable Information (PII)
Personal Identifiable Information (PII) is a category of data that is 
commonly-regulated. In this section, we understand the major 
data privacy laws, conduct data discovery, identify the data 
discovered, and chart, define, and apply security controls to 
protected data.
www.infosectrain.com | [email protected]
Designing and Implementing Information 
Rights Management (IRM)
In this section, we understand the technology for 
managing user access to various data. This includes 
being familiar with the controlling of data movement in 
the Cloud. You need to understand the difference 
between Enterprise DRM and Consumer DRM. We learn 
about:
•Objectives: Data Rights, Provisioning, Access Models, 
etc.
•Appropriate Tools: Issuing and Revocation of 
Certificates
www.infosectrain.com | [email protected]
Designing and Implementing Data Retention, 
Deletion, and Archiving Policies
Data is moved to long-term storage after completion of its 
lifecycle. Data preservation, deletion, and archiving policies are 
stringent in most corporate and legally protected data. Due to the 
lack of physical control over the hardware where the data is stored, 
cloud environments can make these policies more difficult to 
implement. In this section, we understand data retention, deletion, 
and archiving practices, processes, and mechanisms. We learn 
about:
•Data Retention Policies
•Data Deletion Procedures and Mechanisms
•Data Archiving Procedures and Mechanisms
•Legal Hold
www.infosectrain.com | [email protected]
Designing and Implementing Auditability, 
Traceability, and Accountability of Data 
Events
In this section, we cover all aspects of event 
management, including identifying event sources, 
recording events, storing events, and constantly 
improving the process. The section also concerns chain of 
custody and ensuring that collected data is non-
repudiable. We learn about:
•Definition of Event Sources and Requirement of Identity 
Attribution
•Logging, Storage, and Analysis of Data Events
•Chain of Custody and Non-repudiation
www.infosectrain.com | [email protected]
CCSP with InfosecTrain
You can opt for the 
Certified Cloud Security Professional (CCSP) for 
professional knowledge and an in-depth 
understanding of Cloud security. We are one of the 
leading training providers with our well-read and 
experienced trainers. The courses will help you 
understand the basic concepts and provide a 
sound knowledge of the subject. This certification 
will indeed merit each penny and minute you will 
invest.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com