CCSP & "Cloudy with a chance of Raining in the Matrix"
I was diligently reading and preparing for upcoming CCSP exam. After a while, I started to browse on youtube for cloud computing related lectures and come-up with this video:
https://www.youtube.com/watch?v=ApQlMm39xr0
[FONT=arial, sans-serif]In the video, an Indian leader was explaining the concept of cloud computing and it's various issues. He pointed out that:
[/FONT]
[FONT=arial, sans-serif] I searched for the answer and even checked official CCSP ISC2 manual but to no avail. [/FONT]
[FONT=arial, sans-serif]I then reassured myself that I am living in a desert city where it hardly rains so at least this area is secured then I went to sleep due to CCSP exam tomorrow.[/FONT]
[FONT=arial, sans-serif]I used exam outline references and looked into various ISO standards and publications such as 17788, 17789, 27017, 27018 etc.
I also utilized CCSK related cloud knowledge Bok. In addition to that I looked into convergence infrastructure and their security
along with virtualization in all three layers (compute, storage, network).
[/FONT]
On exam morning I took heavy breakfast with latte and went to exam center. After going through formality and SOP, they finally seated me to a computer station. In my imagination, I thought there will be an old un-humorous guy just like in the Matrix Scene. I am sure all of you have watched famous Matrix Movie and I would like you to recall one particular scene of Matrix Movie (Neo faces off with Matrix Architect).
Cloud Architect: I have been waiting for you Neo!
Neo!: Who are you?
Cloud Architect: I am the cloud security architect, I have created Cloud Control Matrix CCM and several other certification programs.
Neo!: So you are that guy who we should be thankful to.
Cloud Architect: Precisely, you are quicker then the others.
Noe: Where there others before me?
Cloud Architect: Before you, 50 individuals already certified in CCSP.
Neo: Problem is the choice.
Cloud Architect: Of course neo, it's all about choice, whether to select A or B or C or D sometime you will eager to select A & B but matrix will not allow you to do that.
Neo: Why I am here?
Cloud Architect: You here because you want to test yourself in the rough sea of ocean. Momentarily, you will see one question "Do you want to continue and start the test" and you will be given two choice "No" or "Yes". Yes to start No to go back. Easy and simple. Now I am going in the clouds and will come back after four hours.
Neo: See ya at the finish line.
continued......
https://www.youtube.com/watch?v=ApQlMm39xr0
[FONT=arial, sans-serif]In the video, an Indian leader was explaining the concept of cloud computing and it's various issues. He pointed out that:
[/FONT]
- [FONT=arial, sans-serif]Ever wonder why there is no CD released by Google for any of it's software?[/FONT]
- [FONT=arial, sans-serif]Do you know everything is now stored in cloud (pointing towards sky)[/FONT]
- [FONT=arial, sans-serif]What will happen to all cloud data if it rains?[/FONT]
[FONT=arial, sans-serif] I searched for the answer and even checked official CCSP ISC2 manual but to no avail. [/FONT]
[FONT=arial, sans-serif]I then reassured myself that I am living in a desert city where it hardly rains so at least this area is secured then I went to sleep due to CCSP exam tomorrow.[/FONT]
[FONT=arial, sans-serif]I used exam outline references and looked into various ISO standards and publications such as 17788, 17789, 27017, 27018 etc.
I also utilized CCSK related cloud knowledge Bok. In addition to that I looked into convergence infrastructure and their security
along with virtualization in all three layers (compute, storage, network).
[/FONT]
On exam morning I took heavy breakfast with latte and went to exam center. After going through formality and SOP, they finally seated me to a computer station. In my imagination, I thought there will be an old un-humorous guy just like in the Matrix Scene. I am sure all of you have watched famous Matrix Movie and I would like you to recall one particular scene of Matrix Movie (Neo faces off with Matrix Architect).
Cloud Architect: I have been waiting for you Neo!
Neo!: Who are you?
Cloud Architect: I am the cloud security architect, I have created Cloud Control Matrix CCM and several other certification programs.
Neo!: So you are that guy who we should be thankful to.
Cloud Architect: Precisely, you are quicker then the others.
Noe: Where there others before me?
Cloud Architect: Before you, 50 individuals already certified in CCSP.
Neo: Problem is the choice.
Cloud Architect: Of course neo, it's all about choice, whether to select A or B or C or D sometime you will eager to select A & B but matrix will not allow you to do that.
Neo: Why I am here?
Cloud Architect: You here because you want to test yourself in the rough sea of ocean. Momentarily, you will see one question "Do you want to continue and start the test" and you will be given two choice "No" or "Yes". Yes to start No to go back. Easy and simple. Now I am going in the clouds and will come back after four hours.
Neo: See ya at the finish line.
continued......
Comments
-
riyan Member Posts: 161 ■■■□□□□□□□Part2.....continue......
I started to stare at the screen and selected "Yes" to start the exam. I was pretty confident that I passed CISSP and CCSP would be a walk in the park. So Q#1-5 was pretty easy I exactly remember them and i can safely reveal it was about choosing which XaaS model (out of standard Big three) was utilized and delivered to the client. Seeing Question5, I thought it would be a an easy road and just I have to be on the road i.e. I must not wander off and lose concentration.
ere is a big but.......it was not like that... from question6 to onwards i.e. 125 I flagged 30% questions for review...TO give you some taste of question, it was with huge scenario saying like that" A big organization like to outsource it's operation to the cloud...blah blah..members of the board have several concerns......concern like privacy, vendor lock-in blah blah blah... Question.....How can you address privacy concerns?.... which is followed by four obscurest of all choices that you can imagine......
But luckily due to CISSP exam experience, you need an info sec manager approach..... and ...that's mean to take care of issues in SLA, contracts etc. and do not suggest technical controls.......I hope you can get what I meant by this....My fellow CISSPian can better comprehend this......
I also remember to see very specific questions on Data Protection law so you would be better to have knowledge on ISO standards for cloud security including ISMS and other international laws regarding data privacy....
On the technical side, you must have pretty good idea about converged infrastructure, security in SAN, security in virtualization and network etc.....These will cover your infrastructure side.....At the application layer you must have pretty good idea bout OWSP threats and accompanying controls....
I looked into official ISC2 CCSP book but the material is repeated too much ......however it has good section on laws governing cloud, data security ....But do not expect to get test items on them word-by-word on the contrary reasonably expect scenario based question...
Yes I would say having CISSP would be a good advantage ...a huge plus in comparison to having just technical cert like vCloud from vmware.....you may struggle a lot through-out the exam because in past you had too much focused on technical issues, getting VM up and running, clustering, provisioning LUNs, backup .......No will not see a single questions about these.......
I finished going through entire questions in 3 hours and rest of them I utilized to review only flagged questions.........
Then finally....I have to hit the button and submit exam responses and collect my result from admin desk. I did that and proceeded to admin desk to read the letter. I asked admin while it's was printing pass or fail she kept quiet and did not answer me b/c she did not know what the letter meant. I was hoping against hope that let it not be the"Pscyho-analysis" thingy.
The letter goes like this "We provisionally congrats you on your provisionally passed exam result.....Based upon psychoanalysis and forensic test (may be they will finger print the station and match it with their database) may be you passed the exam or may be not..who knows.......isc2 reserve the right and you should expect to hear from them.....bye Neo"
I carefully folded the paper, put it back inside the envelop and walked away from test center....when I come out it was raining cats & dogs........I used all my driving skills (learned from forza while driving in difficult terrain & weather) and managed to safely reach office....
Credits and Resources....
For CISSP passer
* A Pragmatic Approach to Security Architecture in the Cloud-IT Governance Publishing
* Cloud Computing by Thomas Earl ( can not remember full name but Earl has several publication of soa and cloud)
* CSA Guide to Cloud Computing
* ISC2 provided glossary term per domain (it's a flash card available free on their website)
* Official ISC2 CCSP Guide -
Mike7 Member Posts: 1,112 ■■■■□□□□□□Congrats! Endorsement should be easy since you have CISSP.
BTW, is cloud computing affected by weather? -
riyan Member Posts: 161 ■■■□□□□□□□Congrats! Endorsement should be easy since you have CISSP.
BTW, is cloud computing affected by weather?
@mike7, I am still searching for the answer.......What will happen to Cloud CD (reference to youtube video) and Cloud Data if it rains?
Endorsement was pretty quick and I am now provisionally CCSP certified (as long as playing by ISC2 rules & regulation) & I can provisionally use the logo (terms & condition applied).
No need for endorser etc. Just fill it and send to isc2.... -
Mike7 Member Posts: 1,112 ■■■■□□□□□□Depends on which group you are in 51% Of People Think Stormy Weather Affects 'Cloud Computing' - Business Insider
I assume the CCSP official guide is this. Is the content good? -
riyan Member Posts: 161 ■■■□□□□□□□That's right. This guide will help and content is good but it's repetitive & missing some key content.
Is this guide sufficient? No. It missed some of things from CSA like Cloud Reference Architecture (CSA Cloud Security Alliance Reference Models)
https://[FONT=arial, sans-serif]cloudsecurityalliance.org/.../TCI-[/FONT][FONT=arial, sans-serif]Reference-[/FONT][FONT=arial, sans-serif]Architecture-v1.1.pdf and accompanying white paper.
Some other few things are missing, if you are backing to read this guide only cover-to-cover and hoping to pass, then it may work but too risky.
Try these questions
[/FONT]1. For what kind of cloud service model consumer will assume most of security responsibilities in comparison with cloud service provider?A PaaS
B IaaS
C SaaS
D DBaaS
2. When using a Software as a Service (SaaS) solution, who is responsible for application security?
A. The cloud consumer and the enterprise
B. The enterprise only
C. The cloud provider only
D. The cloud provider and the enterprise
2. An organization wishes to move IT systems/applications to cloud by subscribing to a public PaaS(Platform As A Service) provider. With this adoption of cloud computing model, Cloud Security Architect will probably expect to see the increase in:
a. Business Revenue
b. Return on Investment
c. Opex
d. Capex
Q3: General intent of business continuity planning (BCP) from an information security standpoint is:
a. Confidentiality
b. Availability
c. Integrity
d. Authenticity
-
riyan Member Posts: 161 ■■■□□□□□□□TCI Reference Architecture Link:
https://cloudsecurityalliance.org/wp-content/uploads/2011/10/TCI-Reference-Architecture-v1.1.pdf -
Mike7 Member Posts: 1,112 ■■■■□□□□□□@Riyan, thanks for the info.
My answers are
1. B IaaS : consumer assumes most security responsibilities
2. D Cloud Provider and Enterprise : both
2. C. Opex : pay as you use
3. B Availability
Will go for CCSP next year once some things are settled. Finger-crossed. -
LollyBaggins Member Posts: 14 ■■■□□□□□□□Thanks-- any study tips? Also which cloud book from Thomas Earl are you referring to?
https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=Cloud+Computing+thomas+erl&rh=i%3Aaps%2Ck%3ACloud+Computing+thomas+erl
Cheers! -
riyan Member Posts: 161 ■■■□□□□□□□@Riyan, thanks for the info.
My answers are
1. B IaaS : consumer assumes most security responsibilities
2. D Cloud Provider and Enterprise : both
2. C. Opex : pay as you use
3. B Availability
Will go for CCSP next year once some things are settled. Finger-crossed.
@Mike that's correct... best wishes for your next cert exam... -
riyan Member Posts: 161 ■■■□□□□□□□LollyBaggins wrote: »Thanks-- any study tips? Also which cloud book from Thomas Earl are you referring to?
https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=Cloud+Computing+thomas+erl&rh=i%3Aaps%2Ck%3ACloud+Computing+thomas+erl
Cheers!
I was referring to this book:Cloud Computing: Concepts, Technology & Architecture (Prentice Hall Service Technology Series from Thomas Erl) 1st Edition. This is Introductory level book and you are required to delve deep into it with supplementary materials. -
hermit84 Member Posts: 19 ■□□□□□□□□□"We provisionally congrats you on your provisionally passed exam result.....Based upon psychoanalysis "
Same for my case, wait for the result for 3 weeks and endorsed within one day -
LollyBaggins Member Posts: 14 ■■■□□□□□□□I was referring to this book:Cloud Computing: Concepts, Technology & Architecture (Prentice Hall Service Technology Series from Thomas Erl) 1st Edition. This is Introductory level book and you are required to delve deep into it with supplementary materials.
Thanks, just got all the same studying material as you. Crunch time!