Learn Ezy

11 Introduction CCSP

12 Cloud Concepts, Architecture and Design CCSP

13 What is Cloud Computing- CCSP

14 Roles in Cloud Computing CCSP

15 Cloud Security Concepts CCSP

16 Cloud Service Models CCSP

17 Infrastructure as a Service (IaaS) CCSP

18 IaaS Specific Risks CCSP

110 PaaS Risks CCSP

111 Software as a Service (SaaS) CCSP

112 SaaS Risks CCSP

113 Virtualization Risks CCSP

114 Cloud Deployment Models CCSP

115 Public Cloud Deployment CCSP

116 Public Cloud Deployment Risks CCSP

117 Vendor Lock-In CCSP

118 Vendor Lock-Out CCSP

119 Multitenant Environment Risks CCSP

120 Private Cloud Deployments CCSP

121 Private Cloud Deployment Risks CCSP

122 Community Cloud Deployments CCSP

123 Community Cloud Deployment Risks CCSP

124 Cloud Security Process CCSP

125 Security Responsibility by Service Model CCSP

126 Defense In Depth CCSP

127 Cloud Security Frameworks and Standards CCSP

128 Cost Benefit Analysis CCSP

129 Developing Business Requirements CCSP

130 Business impact Analysis CCSP

131 Developing Security Requirements CCSP

132 Domain 1 Summary CCSP

21 Cloud Data Security and Data Classification CCSP

22 Data Classification CCSP

23 Data Roles CCSP

24 Cloud Data Lifecycle CCSP

25 Data Discovery CCSP

26 Cloud Data Security Strategies CCSP

27 Encrypting Data CCSP

28 Encryption Types CCSP

29 Encryption and Key Management CCSP

210 Federal Information Processing Standard CCSP

211 Hardening Devices CCSP

212 Jurisdiction Requirements CCSP

213 Protecting Data in Transit CCSP

214 Data Storage Architecture CCSP

215 Data Retention Policy CCSP

216 Data Destruction Methods CCSP

217 Auditability, Traceability and Accountability CCSP

218 Data Audit Policy CCSP

219 Data Privacy CCSP

220 Privacy Safeguards CCSP

221 Data Obfuscation CCSP

222 Data Masking CCSP

223 Tokenization CCSP

224 Information Rights Management (IRM) CCSP

225 Information Rights Implementation CCSP

226 Information Rights Challenges CCSP

227 Intellectual Property (US) CCSP

228 Data Egress CCSP

229 Domain 2 Summary CCSP

31 Cloud Platform and Infrastructure Security CCSP

32 Cloud Infrastructure Components CCSP

33 The Management Plane CCSP

34 Administering Middleware CCSP

35 Virtualization CCSP

36 Data Access CCSP

37 Secure Networking CCSP

38 Network Security CCSP

39 System information and Event Management (SIEM) CCSP

310 Cloud Provider Responsibility for Physical Plant CCSP

311 Power Redundancy CCSP

312 Other Redundancy and Safety Considerations CCSP

313 Data Center Tiers CCSP

314 Cloud Threats Part 1 CCSP

315 Cloud Threats Part 2 CCSP

316 Protecting Against Cloud Threats Part 1 CCSP

317 Protecting Against Cloud Threats Part 2 CCSP

318 Shared Responsibility for Cloud Platform Oversight CCSP

319 Cloud-Based Business Continuity and Disaster Recovery CCSP

320 Disaster Declaration CCSP

321 Disaster Recovery Criteria CCSP

322 Disaster Recovery Testing CCSP

323 Domain 3 Summary CCSP

41 Cloud Application Security CCSP

42 Challenges of Cloud Application Deployment CCSP

43 Training and Awareness CCSP

44 Cloud Software Development Lifecycle (SDLC) CCSP

45 Secure Software Development Lifecycle (SSDL) CCSP

46 Application Security Standards CCSP

47 Identity and Access Management (IAM) CCSP

48 Multifactor Authentication (MFA) CCSP

49 Single Sign-On and Federated Identity Management CCSP

410 Federation Standards CCSP

411 Application Programming Interfaces (APIs) CCSP

412 API Approval and Management CCSP

413 Open-Source Software CCSP

414 Sandboxing CCSP

415 Cloud Application Security Testing Concepts and Methods CCSP

416 OWASP Top 10 CCSP

417 OWASP Top 10 Part 1 - Code Injection CCSP

418 OWASP Top Ten Part 2 - Broken Authentication CCSP

419 OWASP Top 10 Part 3- Sensitive Data Exposure CCSP

420 OWASP Top 10 Part 4- XML External Entities (XXE) CCSP

421 OWASP Top 10 Part 5- Broken Access Control CCSP

422 OWASP Top 10 Part 6- Security Misconfiguration CCSP

423 OWASP Top 10 Part 7- Cross-Site Scripting (XSS) CCSP

424 OWASP Top 10 Part 8- Insecure Deserialization CCSP

425 OWASP Top 10 Part 9- Using Components with Known Vulnerabilities CCSP

426 OWASP Top 10 Part 10- Insufficient Logging and Monitoring CCSP

427 STRIDE CCSP

428 Application Security Testing Approaches Part 1 CCSP

429 Application Security Testing Approaches Part 2 CCSP

430 Domain 4 Summary CCSP

51 Cloud Security Operations CCSP

52 Change and Configuration Management CCSP

53 Change Management CCSP

54 Security Operations Center (SOC) CCSP

55 Log Review Challenges CCSP

56 Incident Response CCSP

57 Treacherous 12 Part 1 CCSP

58 Treacherous 12 Part 2- Data Breach CCSP

59 Treacherous 12 Part 3- Insufficient Identity, Credential, and Access Management CCSP

510 Treacherous 12 Part 4- Insure APIs CCSP

511 Treacherous 12 Part 5- System Vulnerability CCSP

512 Treacherous 12 Part 6- Account Hijacking CCSP

513 Treacherous 12 Part 7- Malicious Insider CCSP

514 Treacherous 12 Part 8- Advanced Persistent Threats (APTs) CCSP

515 Treacherous 12 Part 9- Data Loss CCSP

516 Treacherous 12 Part 10- Insufficient Due Diligence CCSP

517 Treacherous 12 Part 11- Abuse of Cloud Services CCSP

518 Treacherous 12 Part 12- Denial of Service CCSP

519 Treacherous 12 Part 13- Shared Technology Vulnerability CCSP

520 Domain 5 Summary CCSP

61 Legal, Risk and Compliance CCSP

62 Legal Risks of Cloud Computing CCSP

63 Due Diligence and Due Care CCSP

64 Legal and Compliance Terms CCSP

65 US Laws and Regulations CCSP

66 Sarbanes-Oxley (SOX) CCSP

67 Graham-Leach-Bliley Act (GLBA) CCSP

68 Health Information Portability and Accountability Act (HIPAA) CCSP

69 Payment Industry Card (PCI) CCSP

610 General Data Protection Regulation (GDPR) CCSP

611 GDPR Privacy Principles CCSP

612 Risk Management CCSP

613 Risk Management Frameworks CCSP

614 Vendor Management CCSP

615 Statement on Standards for Attestation Engagements (SSAE-18) CCSP

616 Domain 6 Summary CCSP

617 Conclusion CCSP