I took and passed the CCSP exam this morning. This is my second (ISC)2 exam after CISSP and CSSLP.
My main study guide is the
CCSP All-In-One with the
CCSP CBK as supplementary reading, with a brief read-up on CSA Guide v3.
The AIO was published in Nov 2016; I bought the eBook from Google Play Store in Jan and started studying in Feb. I had experience with AWS, web programming with REST/SOAP and SAML, and had interfaced with customers while working in a PaaS vendor environment. Which means that I only have to focus more on about 3/4 out of the 6 CCSP domains, i.e. architectural concepts, data security and legal/compliance.
Comments? The CCSP exam is "most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services." (taken from ISC2
CCSP site). In short, what are the
new security considerations when moving out to the cloud or using cloud services? What are the new risks from cloud computing? These security considerations can be technical, policy compliance and even jurisdiction. Cloud computing has advantages. At the same time, organisations lose some control when moving to cloud. What control do they lose? What are the options available to address these new cloud-related risks? Who is responsible for what aspects of security? Cloud provider or cloud customer? How does an organisation ensure their data in the cloud is secure? The location of cloud provider DC is important from a legal, privacy and compliance perspective. How does one ensure compliance with different laws?
Hope this helps those interested in the exam.
