CCSP overload, can someone help me limit my scope?

mrbritesidezmrbritesidez Posts: 9Member ■□□□□□□□□□

I have been reading quite a bit of CCSP material. I bought the first edition before the second came out. I read it all, took notes and made note cards. I watched the IT Pro TV CCSP training and the Cybrary Training. I went through the CCSP outline and also read the SecaaS 1 to 10 documents. I have gone back and also re-read the CSA CCSK guidance on cloud controls and got the CCSK. I than found the notecards from ISC2 on quizlet and memorized that to. Despite all this preparation I don't feel quite comfortable and I have the test on Wednesday. I think that I may be over preparing in some areas and under preparing on others. So for those that have taken the test, I would like to ask, could someone help me limit my studying by letting me know whether I should look deeper into the following or not at all?

Need to know SANS security Control?
Do I need to know anything about Puppet or Chef in particular?
Do I need to memorize tech roadmaps?
Do I need to know the 27001 components?
Need to memorize the level of nines? (uptime)
Need to know all 10 GAAP principles?
What the difference between DRS and CRS?
DO I need to know about Basel, clever safe, Lun Credit Card Test or HP Digital Safe? (all found in the notes sections)

Now for the section that is truly giving me heart burn : Domain 6icon_rolleyes.gif
I feel that law and compliance are going to be very important. But it's very hard to know which ones to focus on and the level. Any suggestions? How did you guys go about studying them?

Which NIST things to remember?
  • NIST 800-30 : Risk Management for Tech Systems
  • NIST 800-37: Risk Management for Federal Information Systems
  • NIST 800-39 : Manageming Information Risk "Risk Management" processes
  • NIST 800-40: Patch Management
  • NIST 800-53: Risk Management Framework
  • NIST 800-61: Security Incident Handling Guide
  • NIST 800-92 : Log Management
  • NIST 800-122: Guideline for Protecting PII
  • NIST 800-125: Virtualization technologies
  • NIST 800-144: Guidelines on security and privacy in the public cloud
  • NIST 800-145: Essential Cloud Characteristics (Broad network access, elasticity, ....)
  • NIST 800-160: System Security Engineering
  • NIST 800-161 Supply Chain Management
  • NIST 500-292: Cloud computing REference Architecture
  • NIST 500-293: Us government cloud computing technology road map
  • NIST 500-299: NISt Cloud Computing security Reference architecture
Which ISO things to remember?
  • ISO 15408 - Common Criteria
  • ISO 17778 - Cloud Computing Overview and Vocabulary
  • ISO 17779 - Cloud Computing Reference Architecture
  • ISO 22301 - Business Continuity managemen systems
  • ISO 24762 - Guidelines for Disaster
  • ISO 25999 - British Standard for Business Continuity Management (BCM)
  • ISO 27001 - ISMS
  • ISO 27002 - Implementation of ISMS
  • ISO 27013 - Integrated implementation ISMS
  • ISO 27014 - Governance of IT Security
  • ISO 27016 - ORganizational economics
  • ISO 27017 - ISMS for the Cloud
  • ISO 27018 - Code of practice for PII
  • ISO 27031 - Guidelines for Business Continuity readiness
  • ISO 27034 - Application Security
  • ISO 27035 - Prepare , Identify, Assess, Respond, Learn
  • ISO 27036 - Security for the Supplier relationship
  • ISO 27037 - IR : Identification, collect, acquisition and preservation of evidence
  • ISO 27040 - Storage Security
  • ISO 27041 - Suitability and adequacy of investigative methods
  • ISO 27042 - Guidelines for analysis & interpretation of digital evidence
  • ISO 27043 - Incident investigation prnciples & processes
  • ISO 27050 - ediscovery in cloud (Cloud Forensics)
  • ISO 28000 - Security Management System (SMS) for supply chain
  • ISO 31000 - Risk Management
Sign In or Register to comment.