The third CCSP domain, ‘Cloud Platform and Infrastructure Security’ carries 19%weightage in the certification exam. This CCSP domain broadly explains cloud infrastructure components, risks associated with cloud infrastructure, diverse techniques to mitigate risks with extensive security controls and business continuity, and disaster recovery plans to safeguard the cloud data and information.
This domain serves four major sub-objectives:
This first sub-objective expects the certification seeker to understand the infrastructure components of the cloud including the physical environment, network communication, computational resources, virtualization, storage and management plans.
The physical environment consists of data centers that capture and store the customers’ and organizational data. These data centers mandatorily need to be fail proof that can be achieved to a certain extent by having multiple back up and power units.Virtualization enables customers to access their data stored in the cloud without any additional hardware while improving the efficiency.The CCSP examination taker is expected to know all such concepts of cloud infrastructure and components.
Employing adequate security controls is an efficient way to mitigate risks.. This can be achieved by ensuring that all physical assets are located securely. All entry and exit points must be monitored and employees must be provided badges after performing various background checks.
While auditing is done in different business environments, cloud auditing is necessary but is not easy to conduct as the data might be stored on different locations in the cloud and cloud providers might be unwilling to share the information.
In this regard, the CCSP exam validates the candidate’s know-how about cloud audit goals and different types of audit reports(SOC1, SOC2, SOC3).
After employing adequate security controls, disaster recovery and business continuity in the cloud needs to be attained. These topics form the core objective of any information security discussion and program.
The candidate must have exquisite understanding of the BC and DR in the cloud environment and must acquire comprehensive knowledge about how to re-draw it. The BIA or ‘Business impact analysis’ might have to be overseen once the customers’data is moved to the cloud.
The certification seekers must acquire in-depth understanding of the cloud environment, business requirements, and security risks in the cloud. In accordance with this, candidates must attain the ability to understand the DR and BC strategies,plan and implement the same.
To learn more about CCSP Domains and gain practical know-how from certified security experts, visit InfoSec Train’s website, https://www.infosectrain.com/.
CCSP class schedules are available at https://www.infosectrain.com/courses/ccsp/.