Cloud computing has seen an increase in risks and threats. This has led to a greater demand for professionals who can secure cloud environments. In 2015, the (ISC.2) and Cloud Security Alliance (CSA. created the Certified Cloud Security Professional certification.
The CCSP credential was created to ensure that professionals have the knowledge and skills required to create, implement, control, manage, and enforce secure cloud environments across a variety of industries.
The CCSP CBK covers a wide range of topics related to cloud security. This certification certifies your skills and knowledge in six domains. They are:
Domain 1: Cloud Concepts, Architecture and Design (17%)
Domain 2: Cloud Data Security (19%)
Domain 3: Cloud Platform Security and Infrastructure Security (17%)
Domain 4: Cloud Application Security (17%)
Domain 5: Cloud Security Operations (17%)
Domain 6: Legal, Compliance, and Risk (13%)
This article will cover the sixth domain of CCSP certification as well as what a candidate can expect during the exam.
Compliance, Legal, Risk and Risk
Domain 6 is concerned about the legal and regulatory requirements of IT systems as well as how these apply to cloud computing and its many dimensions. It is covered by the following topics and holds 13% weightage in the CCSP certification exam:
Cloud Environment: Unique Risks and Specific Legal Requirements
Understanding Privacy Issues
Understanding the Audit Process, Methodologies and Required Adaptations in a Cloud Environment
Understanding the Implications of Cloud to Enterprise Risk Management
Understanding Outsourcing and Cloud Contract Design
To learn more about the CCSP Domain 6 exam outline, you can also watch the video below.
Here is a summary of the six domains of the CCSP sixth domain and what candidates can expect from the exam.
Cloud Environment: Unique Risks and Specific Legal Requirements
Cloud computing often crosses national and geographic borders, which presents new risks and concerns. It is therefore subject to a variety requirements, some of them contradicting one another.
This domain discusses the legal controls required by many countries and the legal risks associated with cloud computing. This domain discusses the differences between regulated and contractual personal data safeguards, as well as the exact definitions and legal requirements for privacy and personal information as they relate to jurisdictional restrictions.
Understanding Privacy Issues
Two of the most common legal consequences for any IT system or application are eDiscovery orders or the requirement to furnish data or documents in response to a formal court request or order. This topic focuses on eDiscovery and digital forensics in particular as they relate to cloud computing and the unique issues it presents. Many of the tools and processes people know for these areas will not be possible in a cloud environment because the customer will not have access to the data required to collect it. These requests should be addressed via contracts and other formal processes.
Understanding the Audit Process, Methodologies and Required Adaptations in a Cloud Environment
Auditing is a critical component of IT security and compliance. Domain 6 examines the various types of audits, their goals, legal obligations, and their implications for cloud computing. One of the most difficult aspects of cloud computing is the ability to gain visibility and access the underlying infrastructure for the customer.
Another example is how cloud providers use audits to ensure confidence in security programs that are shared with multiple customers.