ISC2 CCSP

CCSP Domain 5: Cloud security operations [updated 2022]

Mosimilolu Odusanya
September 5, 2022 by
Mosimilolu Odusanya

This section covers the requirements for developing, planning, implementing, running and managing the physical and logical cloud infrastructure, as per the “Official ISC2 Guide to the CCSP CBK.” The CCSP covers six domains, and  Domain 5 represents 16% of the CCSP certification exam. 

Mastering this domain means you have the knowledge and skills to conduct and manage security operations in the cloud, collect digital evidence after an incident and communicate with partners.

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

 

Domain 5 — Cloud security operations

 

Each of the six subdomains covers a specific aspect of managing security operations in a cloud environment with proper controls and standards.

 

5.1 Build and implement physical and logical infrastructure for the cloud environment

 

Candidates must understand the requirements for implementing and building a physical and logical infrastructure with security in mind.

 

Hardware-specific security configuration requirements

 

Candidates need to know the various hardware components (and corresponding configuration requirements and settings) needed in a cloud data center infrastructure, such as basic input-output systems (BIOS), virtualization, hardware security module (HSM) and trusted platform module (TPM).

 

Installation and configuration of management tools

 

Candidates must know how to install and configure management tools required to secure a virtual and cloud-based installation.

 

Virtual hardware-specific security configuration requirements

 

Candidates need to understand the various configuration settings and requirements for maintaining virtual hardware security (e.g., network, storage, memory, central processing unit (CPU) and Hypervisor types 1 2).

 

Installation of guest operating system virtualization toolsets

 

Candidates need to understand the toolsets that enable installing operating systems in the virtualization environment.

 

5.2 Operate and maintain physical and logical infrastructure for cloud environment

 

Candidates need to understand access control mechanisms, physical and virtual network configurations and OS hardening baselines and how to ensure the availability of physical and virtual hosts and resources in a cloud environment.

 

Access control for local and remote access

 

Candidates need to understand protocols for supporting remote administration, such as secure shell (SSH), remote desktop protocol (RDP), virtual network computing (VPC), console-based access mechanisms, jump boxes, etc.

 

Secure network configuration

 

Candidates need to understand protocols, technologies, services and concepts for securing networks and the data transmitted, such as virtual local area network (VLAN), transport layer security (TLS), dynamic host configuration protocol (DHCP), domain name system security extensions (DNSSEC), a virtual private network (VPN), and so forth.

 

Network security controls

 

Candidates need to understand network security controls and technologies, such as firewalls, intrusion detection/prevent systems (IDS/IPS), honeypots, etc.

 

Operating system hardening through the application of baselines

 

Candidates need to understand baselines in hardening operating systems (e.g., Windows, Linux, VMware). The baseline and corresponding documentation may be achieved via customer-defined VM images, NIST checklists, CIS benchmarks, etc.

 

Patch management

 

Candidates need to understand the patch management process for finding, testing and applying patches to a cloud environment.

 

Availability of clustered hosts

 

Candidates need to understand clustered hosts (e.g., distributed resource scheduling, dynamic optimization, storage clusters, maintenance mode, high availability) and their use.  

 

Performance and capacity monitoring

 

Candidates must understand the tools and infrastructure elements (e.g., network, compute, response time, storage) that can be monitored.

 

Hardware monitoring

 

Candidates need to understand the tools and hardware elements (e.g., CPU temperature and fan speed) that require monitoring because they can fluctuate.

 

Configuration of host and guest operating system backup and restore functions

 

Candidates need to understand the three main types of backup technologies (i.e., snapshots, agent-based and agentless).

 

Management plane

 

Candidates need to understand the uses of a management plane in a cloud environment by the CSP. This includes knowing the activities related to scheduling and orchestration, as well as managing and maintaining the control plane.

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

 

5.3 Implement operational controls and standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)

 

Candidates need to understand the regulations and controls used to govern IT operations and processes in cloud environments. Such processes include:

  • Change management
  • Continuity management
  • Information security management
  • Continual service improvement management
  • Incident management
  • Problem management
  • Release management
  • Deployment management
  • Configuration management
  • Service level management
  • Availability management
  • Capacity management

 

5.4 Support digital forensics

 

Candidates need to understand how to conduct digital forensics in a cloud environment.

 

Forensics data collection methodologies

 

Candidates need to understand two standards (i.e., ISO 27050 and Cloud Security Alliance (CS) Security Guidance Domain 3 Legal Issues: Contracts and Electronic Discovery) related to e-discovery.

 

Evidence management

 

Candidates need to understand how to manage the chain of custody from evidence collection to trial during any digital forensics investigation.

 

Collect, acquire and preserve digital evidence

 

Candidates need to understand the phases of digital evidence handling and the challenges associated with evidence collection in a cloud environment.

 

5.5 Manage communication with relevant parties

 

Candidates need to understand how to communicate accurately, concisely and timely with vendors, customers (including the cloud shared responsibility model), partners, regulators and other stakeholders.

 

5.6 Manage security operations

 

Candidates need to understand how to manage security operations and provide continuous security support in a cloud environment.

 

Security operations center (SOC)

 

Candidates need to understand how a SOC works in a cloud environment and its responsibilities, such as threat prevention and detection, incident management, etc.

 

Intelligent monitoring of security controls

 

Candidates need to understand how to manage and monitor the security controls [e.g., firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), honeypots, network security groups, artificial intelligence (AI), etc.)] deployed to manage a cloud environment’s physical and logical components.

 

Log capture and analysis

 

Candidates need to understand the tools and processes required for log capture and analysis, such as the system information and event management (SIEM) tool and log management.

 

Incident management

 

Candidates need to understand the incident management and response procedures in a cloud environment and the three key elements: incident response plan, incident response team and root cause analysis.

 

Vulnerability assessments

 

Candidates need to understand the importance of cloud vulnerability assessments of the network and IT infrastructure to give visibility into the environment’s attack surface.

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

 

How to prepare for the CCSP exam

 

Studying suitable material is recommended by ISC2 before taking the CCSP exam. The official preparation material includes:

  • Official ISC2 CCSP Study Guide, 2nd Edition
  • Official ISC2 CCSP CBK Reference, 3rd Edition
  • Official ISC2 CCSP Practice Tests, 2nd Edition
  • Official ISC2 CCSP Flash Cards 
  • Official ISC2 CCSP Study App

Need training? Design a learning path that best fits your needs and requirements to prepare for the CCSP certification. Start validating your cloud security knowledge by reviewing all the essential elements found in the fifth domain of the CCSP common body of knowledge (CBK) — Cloud Security Operations.

For more on the CCSP certification, check out our CCSP certification hub.

 

Sources:

 

Mosimilolu Odusanya
Mosimilolu Odusanya

Mosimilolu (or 'Simi') works as a full-time cybersecurity consultant, specializing in privacy and infrastructure security. Outside of work, her passions includes watching anime and TV shows and travelling.