The Second Domain Of CCSP Cloud Data Security

The Second Domain of CCSP Cloud Data Security

180 views
Embed
Email
From
Username or Email (please add comma after each username or email)
Name	Email
Back
Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.
Infosectrain

Uploaded on Aug 27, 2021
Category Education
The CCSP is a globally recognized certification that represents the pinnacle of cloud security knowledge. It was co-created by (ISC)2 and the Cloud Security Alliance (CSA), two of the most respected information security and cloud computing security organizations.
Category Education
Comments

                     The Second Domain of CCSP Cloud Data Security
                     The Second Domain of CCSP: 
Cloud Data Security
www.infosectrain.com | [email protected]
CCSP
The CCSP is a globally recognized certification that represents 
the pinnacle of cloud security knowledge. It was co-created by 
(ISC)2 and the Cloud Security Alliance (CSA), two of the most 
respected information security and cloud computing security 
organizations. This certification meets the increasing demand 
for trained and certified Cloud Security Professionals. A CCSP 
demonstrates competence in Cloud Security architecture, 
design, operations, and service orchestration by applying 
information security expertise to a Cloud computing 
environment. This professional competence is assessed against 
a body of knowledge that is globally recognized.
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Domains of CCSP 
CCSP comprises a total of six domains:
•Domain 1: Cloud Concepts, Architecture and Design (17%)
•Domain 2: Cloud Data Security (19%)
•Domain 3: Cloud Platform & Infrastructure Security (17%)
•Domain 4: Cloud Application Security (17%)
•Domain 5: Cloud Security Operations (17%)
•Domain 6: Legal, Risk, and Compliance (13%)
In this blog, we will cover the second domain: Cloud Data 
Security.
https://www.youtube.com/watch?v=6Y1n6kI1MHM
www.infosectrain.com | [email protected]
Cloud Data Security
The second domain of CCSP, Cloud Data Security, is the most 
crucial domain as it covers the central part of the CCSP exam. It 
holds a weightage of 19%. It mainly focuses on:
•Describing Cloud Data Concepts
•Designing and Implementing Cloud Data Storage Architecture
•Designing and Applying Data Security Technologies and 
Strategies
•Implementing Data Discovery
•Implementing Data Classification
•Designing and Implementing Information Rights Management 
(IRM)
www.infosectrain.com | [email protected]
Understanding the Cloud Data Lifecycle
In this, we understand the different phases of data during its lifecycle. They 
are mainly referred to as CSUSAD, which stands for Create, Store, Use, 
Share, Archive, and Destroy. Data can be found in three states:
•Data in Transit (DIT)
•Data in Use (DIU)
•Data at Rest (DAR)
In order to ensure security in these phases, we must be aware of the 
organization mapping of the different stages of a Data Life Cycle. The Cloud 
Security Alliance (CSA) is one of the two developers of the CCSP that offers 
guidance regarding the Cloud Data Lifecycle. The candidates who want to 
pursue CCSP certification must be familiar with the Cloud Data Lifecycle 
phases and the data protection tools used to execute them. Along with Data 
Lifecycle, Data Dispersion also falls under this category, which is used for 
redundancy and robustness.
www.infosectrain.com | [email protected]
Designing and Implementing Cloud Data Storage Architectures
In this section, we learn about the different types of Cloud 
Storage Services available that vary across the service model. 
This portion of the CCSP is devoted to all facets of cloud 
storage. To be prepared, you must understand the various types 
of storage (long-term, ephemeral, and raw-disk), and the kinds 
of storage we use in SaaS, PaaS, and IaaS, respectively. We learn 
about the advantages and drawbacks of these storage services. 
Also, we understand the possible threats to each type of 
storage (unauthorized access, unauthorized usage, liability due 
to regulatory non-compliance, etc.) and how to address and 
mitigate these threats using encryption and other technologies.
www.infosectrain.com | [email protected]
Designing and Applying Data Security Strategies
This is the most crucial part from the exam point of view. In this 
section, we understand the various data-protection resources 
available and how to use them. We learn about:
Encryption and Key management: Symmetric and Asymmetric 
Encryption, ECC, RSA, AES
Hashing
Masking: Static and Dynamic Masking
Tokenization
Data Loss Prevention (DLP)
Data Obfuscation
Data De-identification and modern and evolving cryptography-
related technologies.
www.infosectrain.com | [email protected]
Understanding and Implementing Data Classification Techniques
In this section, we understand the different methods to find data within a 
cloud environment and how to classify data properly. It is about analyzing 
the data value based on the criticality and sensitivity of data. We learn 
about:
Mapping: It involves mapping the sensitive data and the security controls 
deployed to guard.
Labeling: It provides visibility to the data.
Sensitive Data: It includes PHI, PII, Card Holder data, etc.
Understanding and Implementing Data Discovery
This section opens up a landscape of the possibility of enterprise 
collaborations that is enabled by sharing data and analytics. In this section, 
we understand the different types of data discovery approaches. We learn 
about:
Structured Data
Unstructured Data
www.infosectrain.com | [email protected]
Designing and Implementing Relevant Jurisdictional Data Protections 
for Personally Identifiable Information (PII)
Personal Identifiable Information (PII) is a category of data that is 
commonly-regulated. In this section, we understand the major data 
privacy laws, conduct data discovery, identify the data discovered, and 
chart, define, and apply security controls to protected data.
Designing and Implementing Information Rights Management (IRM)
In this section, we understand the technology for managing user access 
to various data. This includes being familiar with the controlling of data 
movement in the Cloud. You need to understand the difference 
between Enterprise DRM and Consumer DRM. We learn about:
Objectives: Data Rights, Provisioning, Access Models, etc.
Appropriate Tools: Issuing and Revocation of Certificates
www.infosectrain.com | [email protected]
Designing and Implementing Data Retention, Deletion, and 
Archiving Policies
Data is moved to long-term storage after completion of its 
lifecycle. Data preservation, deletion, and archiving policies are 
stringent in most corporate and legally protected data. Due to 
the lack of physical control over the hardware where the data is 
stored, cloud environments can make these policies more 
difficult to implement. In this section, we understand data 
retention, deletion, and archiving practices, processes, and 
mechanisms. We learn about:
Data Retention Policies
Data Deletion Procedures and Mechanisms
Data Archiving Procedures and Mechanisms
Legal Hold
www.infosectrain.com | [email protected]
Designing and Implementing Auditability, Traceability, 
and Accountability of Data Events
In this section, we cover all aspects of event 
management, including identifying event sources, 
recording events, storing events, and constantly 
improving the process. The section also concerns chain 
of custody and ensuring that collected data is non-
repudiable. We learn about:
Definition of Event Sources and Requirement of Identity 
Attribution
Logging, Storage, and Analysis of Data Events
Chain of Custody and Non-repudiation
www.infosectrain.com | [email protected]
CCSP with InfosecTrain
You can opt for the 
Certified Cloud Security Professional (CCSP) for 
professional knowledge and an in-depth 
understanding of Cloud security. We are one of the 
leading training providers with our well-read and 
experienced trainers. The courses will help you 
understand the basic concepts and provide a sound 
knowledge of the subject. This certification will 
indeed merit each penny and minute you will invest.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com