Certified Cloud Security Professional (CCSP)

Name: Certified Cloud Security Professional (CCSP)
Rating: 4.4 (1378 reviews)

Securing the Cloud: A Gamified Certification Odyssey; Unravel the Future, One Scenario at a Time

Created byCloud Brewery

Last updated 3/2025

English

What you'll learn

You will learn what it takes to become a Cloud Security Professional and the material required to pass the CCSP certification

Course content

7 sections • 148 lectures • 17h 47m total length

Section Introduction2:39
Cloud Computing Characteristics9:16
Cloud Computing Migration8:41
Cloud Computing Service Models11:21
Tenancy Models in Cloud Computing3:51
5 Deployment Models8:15
Cloud Computing Roles and Responsibilities4:48
Virtualisation and Cloud Computing9:07
Cloud Shared Considerations0:52
Vendor Lock-in0:56
Interoperability7:39
Portability1:42
Reversibility1:15
Service Levels, SLAs, and Availability1:57
Security and the Shared Responsibility Model8:44
Privacy1:48
Resiliency, Resiliency Patterns, and Performance7:30
Cloud Governance9:43
Maintenance and Versioning1:41
Auditability1:56
Regulatory Requirements2:41
Outsourcing2:20
Emerging Tech - Data Science, AI, and ML3:25
Emerging Tech - Blockchain18:48
Emerging Tech - Internet of Things (IoT)1:29
Emerging Tech - Containers10:18
Emerging Tech - Quantum Computing2:21
Edge, Fog, and Confidential Computing3:47

What deployment model should Matthew recommend?1:45
Deep-dive into Matthew's choice for cloud deployment models9:06
Determine the cloud deployment model
Scenario: What data sanitisation method should Zeke use for SSDs?10:28
What data sanitisation method should Zeke use for SSDs?
Help Angela choose the right emerging technology7:39
Help Angela choose the right emerging technology
What are the 3 roles, 15 subroles and activities as described in the ISO 17789?6:46
What are the 4 CSC subroles and activities as stated in ISO 17789?2:59
What are the 8 CSP subroles and activities as stated in ISO 17789?4:11
What are the 3 CSN subroles and activities as stated in ISO 17789?1:49
Which activity isn't part of the responsibilities of a customer?
Explain the difference characteristics of cloud computing to Hudson7:37
Explain the different characteristics of cloud computing to Hudson
Describe several cybersecurity paradigms5:34
Understand and describe the differences between the various security approaches or strategies
Differences between ZTA and perimeter-based security models3:14
Describe the attributes of Zero-Trust Architecture (ZTA)
What makes a hyperversor type more resistant to attacks6:52
What makes a hyperversor type more resistant to attacks?
Identify the different communications and infrastructure security controls1:19
What are network security groups?5:48
What is traffic inspection?8:40
What is geofencing?10:41
Differentiate between IDS and IPS4:35
What are the differences between honeypots and honeynets?4:03
Define the need for vulnerability assessments6:19
How to use a bastion server to secure access to internal and private resources7:01
Identify the right security control
What are the threats to each storage type?0:56
Storage abstraction with IaaS6:41
Storage abstraction with PaaS8:21
Storage abstraction with SaaS0:43
Threats common to long-term storage1:49
Identify the three categories of data encryption algorithms2:28
Implementing the principle of least privilege in your cloud environment9:45
Data integrity and validation4:39
Creating backups and other longterm storage threat countermeasures11:20
Object storage and its security issues6:02
Assess the likelihood of object storage threats
Comparing CIS Controls and CSA Enterprise Architecture Reference Guide3:52
The CSA Egregious 111:39
Security Issue: Data Breaches1:09
Security Issue : Misconfiguration and Inadequate Change Control0:50
Security Issue: Lack of cloud security architecture and strategy1:32
Security issue: Insufficient identity, credential, access and key management4:58
Security issue: Account hijacking1:16
Security issue: Insider Threat2:42
Security issue: Insecure interfaces and APIs1:10
Security issue: Metastructure and applistructure failures2:57
Security issue: Limited cloud visibility3:20
Security issue: Abuse and nefarious use of cloud services1:29
Cloud security design patterns
Define the concept of secure data lifecycle3:40
The create phase4:59
The store phase3:48
The use phase5:47
The share phase14:44
The archive and destroy phases2:50
Determine the cloud secure data lifecycle phase
Explain the need for Identity and Access Management3:24
What is Identity and Access Management?3:22
3 levels of IAM access rights5:17
Determine the type of access assigned to Ben
Security principles
The CIA triad0:53
Confidentiality3:06
Integrity2:14
Availability2:15
Other security concepts3:52
Security principles
What is enterprise risk management (ERM)?1:23
Threats, vulnerabilities, and risks0:46
Calculating risk1:09
Quantitative risk assessment6:39
Qualitative risk assessment3:00
Risk assessment
What comprises IT security evaluation?4:34
Common Criteria (CC)9:03
Define evaluation assurance levels according to Common Criteria (CC)
Differentiate between 4 Security Control Frameworks5:47
Differentiate between 4 Security Control Frameworks
What is cloud governance?13:18
Centralising control of cloud resources
Differentiate between symmetric and asymmetric cryptography8:24
Differentiate between symmetric and asymmetric cryptosystems
Differentiate between different types of data analytics4:38
Differentiate between different types of data analytics
4 Disaster Recovery Metrics6:28
Differentiate disaster recovery metrics
What is PKI?3:43
How to request a certificate from a CA3:48
How browsers validate certificates4:08
Describe the certificate verification process used on the PKI

Data Discovery in Structured, Unstructured, and Semi-Structured Data5:21
Data discovery approaches in different data types
Data Loss Prevention (DLP)8:06
Explain how DLP systems work
Data Retention, Legal Hold and eDiscovery7:35
Describe Legal Hold
Data Security Technologies and Strategies7:50
Describe the different obfuscation techniques
Design, Implement Auditability, Traceability, and Accountability of Data Events8:08
Design, implement auditability, traceability, and accountability of data events

Introduction2:59
Best Practices for Developing Software for the Cloud5:49
Cloud Application Architecture10:08
Cloud-Secure Software Development Lifecycle (SDLC)6:48
Optional: Hands-on Demo - Securing AWS Secrets Using GitHub Environments9:52
Threat Modelling in Application Security10:01
Quality Assurance and Testing Techniques6:53
Identity and Access Management (IAM)5:58
Cloud Identity and Access Control2:15
SSO, IDPs vs Federation, MFA, Zero Trust4:43

CISSP Review: Business Impact Analysis (BIA)9:27
Design Requirements12:33
Design Requirements
Q&A Deep-Dive #18:55
Security in the Cloud36:34
In this lecture, we will discuss
the various rights and responsibilities involved in cloud computing
how those rights and responsibilities are apportioned between the cloud provider and the cloud customer
specific risks associated to each cloud platform and service, and
business continuity and disaster recovery strategies for use in the cloud.
Security in the Cloud
CISSP Review: Data Classification3:34
Data Classification32:57
Data Classification
Cloud Data Security29:35
This lecture addresses the data lifecycle within the cloud environment, as well as specific challenges in each phase.

We look at different data storage architectures that might be implemented in the cloud, and which service model might be best suited for each.

We discuss cryptography, including the importance and difficulty with key management, and the possibility of using homomorphic encryption in the future.

There are several use cases describing why we might want to obscure raw data and only display selected portions during operations.

We address Security Information and Event Management and DLP solutions in the cloud.
Cloud Data Security
Responsibilities in the Cloud28:50
Responsibilities in the Cloud
Training, Awareness, and the Software Development Lifecycle (SDLC)10:42
ISO/IEC 27034-1/ Standards for Secure Application Development6:19
Identity and Access Management (IAM)13:03
Cloud Application Architecture11:02
Cloud Application Assurance and Validation15:55
Three Approaches to Decomposing Application Threats5:23
[New - April 2021] : Application Security Testing - Tools and Best Practices7:17
Cloud Application Security
Operations Elements33:59
In this lecture, we will discuss
the use of redundancy in the design of cloud data centers
We will become aware of the Uptime Institute’s four tiers for describing and certifying the quality of data centers
We will discuss the concepts of training and awareness, and how training is related to due diligence efforts, and suggestions for properly utilising training to reduce the risk within your organisation, and finally,
we will describe basic application security methods, including threat modelling and software testing.
Operations Elements
Monitoring, Capacity, and Maintenance15:32
Change and Configuration Management (CM)10:11
Business Continuity and Disaster Recovery17:33
Operations Management
Legal Concepts15:31
US & International Laws6:51
EU Data Protection Directive and the GDPR19:49
Other Laws and PCI DSS7:16
eDiscovery, Evidence, Forensics, and Audit Reporting20:06
Security Policy14:02
Risk Management Overview12:26
Countermeasure Selection and Implementation6:44
Risk Management Framework11:52
Identifying Appropriate Supply Chain & Vendor Management Processes27:26

Requirements

CISSP will be highly advantageous. The CCSP is highly assumptive of the fact that you have extensive knowledge of cybersecurity.

Description

"**Unlock Your CCSP Success: A Scenario-Focused Approach**

Dive into a revolutionary CCSP certification journey that goes beyond the ordinary. While other courses guide you through detailed content, we bring you a dynamic supplementary guide designed to elevate your understanding and fortify your knowledge.

Rather than just rehashing scripts, we've adopted an innovative approach. Our course revolves around scenario-focused quizzes, each unveiling critical concepts. We then craft in-depth tutorials around these scenarios, connecting the dots and illustrating the intricate relationships between different domains.

Say goodbye to a predictable domain-by-domain structure. In our quest to mirror the unpredictable nature of the exam, we've embraced randomness in our scenarios. Just like the real test, you won't know which domain your next question hails from.

But we don't stop there. Our course takes you beyond theoretical knowledge. By showcasing the practical application of security concepts using AWS services, we ensure you're not just prepared for the exam but primed to excel in real-world scenarios.

You may observe the presence of older content in our offerings. We are actively engaged in augmenting our repository with over 600 new scenarios, and over time, we will phase out the older content.

Thank you for embarking on this transformative journey with us. Your success is not just our goal; it's the destination.

Who this course is for:

Enterprise Architects
Security Administrators
Systems Engineers
Security Architect
Security Consultant
Security Engineers
Security Managers
Systems Architect

Certified Cloud Security Professional (CCSP)

What you'll learn

Explore related topics

Course content

Lecture 1 - Architecture Concepts28 lectures • 2hr 29min

Domain 1 Scenarios: Cloud Concepts, Architecture, and Design71 lectures • 5hr 33min

Domain 2 Scenarios: Architecture and Design5 lectures • 37min

Domain 3 Scenarios: Cloud Platform and Infrastructure Security5 lectures • 32min

Lecture 4 - Cloud Application Security10 lectures • 1hr 5min

Old content starts here - Pre-202229 lectures • 7hr 31min

Practice Questions0

Requirements

Description

Who this course is for: