upto 50% Off Upgrade your Skills with our Special Offers! JOIN NOW X

Domain 3: Cloud Platform and Infrastructure Security

The third CCSP domain, ‘Cloud Platform and Infrastructure Security’ carries 19%weightage in the certification exam. This CCSP domain broadly explains cloud infrastructure components, risks associated with cloud infrastructure, diverse techniques to mitigate risks with extensive security controls and business continuity, and disaster recovery plans to safeguard the cloud data and information.
This domain serves four major sub-objectives:

  1. Comprehending cloud infrastructure components
  2. Analysis of risks associated with cloud infrastructure
  3. Designing and planning efficient security controls
  4. Planning for effective disaster recovery and business continuity management

 

  1. Comprehending cloud infrastructure components

This first sub-objective expects the certification seeker to understand the infrastructure components of the cloud including the physical environment, network communication, computational resources, virtualization, storage and management plans.

The physical environment consists of data centers that capture and store the customers’ and organizational data. These data centers  mandatorily need to be fail proof that can be achieved to a certain extent by having multiple back up and power units.Virtualization enables customers to access their data stored in the cloud without any additional hardware while improving the  efficiency.The CCSP examination taker is expected to know all such concepts of cloud infrastructure and components.

  1. Analysis of risks associated with cloud infrastructure
    After having understood the cloud infrastructure components, the candidate needs to know how to analyze risks associated with the cloud infrastructure security.This sub-objective revolves around the risk assessment and analysis, cloud attack vectors, virtualization risks and countermeasure strategies like access controls.The candidate is expected to understand the risk assessment processes such as framing, assessing, monitoring and responding to the risks. In addition, the candidate needs to be familiar with the concepts of qualitative and quantitative risk assessment.
  1. Designing and planning efficient security controls
    Once the risks are assessed, appropriate security controls need to implement, following which the under-mentioned fundamentals are expected to be known:
  • Physical and Environmental Protection (e.g. on-premise)
  • System and Communication Protection
  • Virtualization Systems Protection
  • Management of Identification, Authentication and Authorization in Cloud Infrastructure
  • Audit Mechanisms

Employing adequate security controls is an efficient way to mitigate risks.. This  can be achieved by ensuring that all physical assets are located securely. All entry and exit points must be monitored and employees must be provided badges after performing various background checks.

While auditing is done in different business environments, cloud auditing is necessary but is not easy to conduct as the data might be stored on different locations in the cloud and cloud providers might be unwilling to share the information.

In this regard, the CCSP exam validates the candidate’s know-how about cloud audit goals and different types of audit reports(SOC1, SOC2, SOC3).

  1. Planning for effective disaster recovery and business continuity management

After employing adequate security controls, disaster recovery and business continuity in the cloud needs to be attained. These topics form the core objective of any information security discussion and program.

The candidate must have exquisite understanding of the BC and DR in the cloud environment and must acquire comprehensive knowledge about how to re-draw it. The BIA or ‘Business impact analysis’ might have to be overseen once the customers’data is moved to the cloud.

The certification seekers must acquire in-depth understanding of the cloud environment, business requirements, and security risks in the cloud. In accordance with this, candidates must attain the ability to understand the DR and BC strategies,plan and implement the same.

To learn more about CCSP Domains and gain practical know-how from certified security experts, visit InfoSec Train’s website, https://www.infosectrain.com/.

CCSP class schedules are available at https://www.infosectrain.com/courses/ccsp/.

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.
TOP