Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
CCSP Official Review Notes - 2019 version by Ben.pptx
1. CCSP Review Notes - Topics
• IAM phases
• REST vs. SOAP
• Vendor lock-in; what causes it, how to avoid
• Cryptographic erasure
• Virtualization
– Type I and II hypervisors
• OWASP Top 10
• Cloud Security Alliance
– CSTAR
– CCM
• Bit splitting
• Data Dispersion
2. CCSP Review Notes - Topics
• SLAs
• SPOFs
• Uptime Institute’s Tier levels for data centers
• PCI
• SOC I, II (Types 1 and 2), and III
• Common Criteria
• FIPS 140-2 Security Levels
• DLP
• Homomorphic encryption
• HIPAA
• ONF/ANF
3. CCSP Review Notes - Topics Mentioned
by Former Students
• SAML
• Federated identity
4. From My Exam Experience
• GDPR geographical location operation(inside and Outside)
• Supervisory authorities like Data custodian, Data Processor etc…
• Privacy Shield – how it operates
• Cluster Storage – Tightly and Loosely coupled, performance
• Object File Risks
• SIEM – methods and operation and where we can place
• SDLC – full process and their individual phase operations
• Audit – Design and Process
• What to put into Contract for particular Industry, Regulations, PCI, HIPPA
to help both provider and customer
• BC/DR,RTO and RPO full process
• Sandboxing – where we can use and purpose
• Vendor Lock in
• SAST and DAST – full process and how it will use in the cloud like code
review etc..
• FIPS-140 – Protection phases
• 2factor authentication methods
5. To be strong and Need depth
Knowledge and Practice
• GDPR notifications
• Data Protection officers
• Supervisory authentication
• Privacy Shield
• Cluster storage
• Object file Risks
• SIEM
• SDLC
6. To be strong and Need depth
Knowledge and Practice
• Audit Design and Process
• What to put into contracts for particular Industry,
regulations, PCI Dss, HIPAA
• BC/DR
• RPO
• RTO
• RSL
• Recoverability
• Sandboxing
• Vendor lock in
• SLA vs Contract differences and who made that what
7. To be strong and Need depth
Knowledge and Practice
• SAST individual phases of operation
• DAST individual phases of operation
• FIPS Module level protections
• Cloud Provider roles – operation manager,
Service manager etc…
• CASB
• KVM operation and Risks
• Incident management
• Forensic data collection and risks in cloud
8. To be strong and Need depth
Knowledge and Practice
• IPS
• IDS
• HIDS
• NIDS
• DLP and phases like DIU, DIT, Data in Motion
• Tokenization
• Masking
• Anonimyzation
• DNSSEC
• VPN
• TLS
• IPsec
9. To be strong and Need depth
Knowledge and Practice
• CIA Tried – how it works and where we apply all
three
• SDN network – Northbound and South bound
communication, Logical segmentation
• Bastion network
• Audit, Auditability
• Laws and Regulation, Governance
• STRIDE – what is it in each level
• Dos and DDoS – scenarios
• Interoperability
• Portability
10. To be strong and Need depth
Knowledge and Practice
• XML – full details like operation, who uses,
where used
• SOC(SASE 18) – all 3 type of reports and
function and where we can use that
• Limits
• Shares
• Reservation
• Training phases and where are all we can use
• Optimization Resources
11. To be strong and Need depth
Knowledge and Practice
• Cost Benefit Analysis
• Storage type – Volume, Object, Structure and
Unstructured
• Gap Analysis
• Data Owner, Data Subject, Data Processor, Data
Custodian
• Multitendency and risks – in all aspects like
deployment model, service model, Audit,
Goverance, Data storage, Security etc…
• Key Cloud Characteristics
• Orchestration or Automation
• CSP categories – Service and Deployment models
12. To be strong and Need depth
Knowledge and Practice
• Cloud Risk and Analysis method/phases
• Privacy
• Secure APIs
• API – communication, Protocol, Encryption
types
• Hypervisor Security
• Guest Escape
• Data & Media Sanitization
• CDN networks
13. To be strong and Need depth
Knowledge and Practice
• Hashing – know more about where and how it
will be using
• Containers
• Supplier risk – How provider manages the
supplier like Staragic, Operational etc…
• CSA CCM – Domains and mappings and Why it
uses
• OWASP – Occurring types, how to prevention
15. CCSP Review Notes - Sources
• Preparation Guide for ISC2 Certified Cloud Security Professional
(CCSP) Certification:
https://stanislas.io/2018/07/12/preparation-guide-for-isc2-
certified-cloud-security-professional-ccsp-certification/
16. Earn CPEs
Free webcasts
- Hosted by ISC2
- Via groups on LinkedIn
Write exam questions:
https://www.isc2.org/Member-Resources/Exam-Development
Magazine Questions: Information Security
Professional Magazine, every other month
Free podcasts
- “Down the Security Rabbithole”
- “The Sensuous Of INFOSEC”
Listservs
- ACM TechNews
- SANS NewsBytes
- Bruce Schneier’s Crypto-Gram
- https://www.schneier.com/crypto-gram/