Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Certified Cloud Security Professional (CCSP)

via Cybrary


The CCSP certification allows you to showcase your cloud computing knowledge and improve your organization’s security posture. It can also help you obtain an increase in compensation and create better positioning for new job opportunities.

Prerequisites for this ISC2 CCSP Training

While there are no prerequisites for this course, you should have basic knowledge of information security and cloud computing concepts.

CCSP Course Goals

By the end of this CCSP course, students should be able to:

  • Know what the CCSP exam is about
  • Understand all six CCSP domains
  • Be prepared for the CCSP exam

In our CCSP training course, you will obtain a complete understanding of security risks and mitigation strategies associated with data security in the cloud and become prepared to pass the CCSP exam.

What is a Certified Cloud Security Professional?

The Certified Cloud Security Professional (CCSP) is a fairly new certification, introduced in 2015 by the ISC2 and the Cloud Security Alliance (CSA), that was created due to the increased popularity of cloud computing and the security risks that came along with it.

The CCSP certification signifies that individuals who have earned it not only have a thorough understanding of security associated with the cloud platform and infrastructure, but also with software, information, and other cyber environments.

What Does this Online CCSP Training Entail?

Our online Certified Cloud Security Professional course will provide you with the knowledge and skills to protect your organization’s cloud environment. With more and more companies moving information to the cloud, it has become crucial to have experts in cloud computing. This course will allow you to become one of those experts.

CCSP training prepares you to successfully pass the CCSP exam to become a certified professional. Upon completion, you will have comprehensive knowledge to understand the security challenges that are common to different types of cloud computing services, to select and implement appropriate controls to ensure the security of cloud environments, and to identify, evaluate, and mitigate risks to your organization's cloud infrastructure. The course covers key topics like cloud computing concepts, cloud software assurance, data security strategies, cloud data storage architectures, cloud reference architecture, and application security.

You will take an in-depth look at all six core domains of the CCSP Common Body of Knowledge (CBK):

  • Domain 1 - Cloud security architecture design concepts and requirements
  • Domain 2 - Cloud data security
  • Domain 3 - Cloud platform/infrastructure security
  • Domain 4 - Cloud application security
  • Domain 5 - Cloud security operations
  • Domain 6 - Legal risk and compliance

The CCSP training will introduce you to best practices in cloud services associated with security controls. This CCSP course is self-paced, so you can study and practice on your own schedule.

How Useful is ISC2 CCSP Certification?

Obtaining your certification shows that you are a competent, knowledgeable cloud security specialist who has hands-on experience in the field. Just by having the certification, you will be qualified for a number of job opportunities and a better salary.

Some of the common job titles for CCSP certified employees include:

  • Security Administrator
  • Security Manager
  • Security Architect
  • Cloud Security Engineer
  • Security Consultant
  • Systems Engineer
  • Systems Architect
  • Enterprise Architect

This, of course, isn’t an exhaustive list. The above job titles could potentially represent many different roles within an organization.

Becoming CCSP certified also means that you will likely be able to secure a higher salary than counterparts without certification. Exact salaries are hard to quote because the positions and organizations for CCSPs are so varied.

What Do Cloud Security Professionals Do?

A major part of being a CCSP is identifying critical information and executing the measures that reduce or eliminate the risk of exploitation for organizations. Knowledge of cloud architecture is needed to run and manage it. Some of the responsibilities of a CCSP may include:

  • Building and implementing infrastructures for cloud environments
  • Operating and overseeing infrastructures for cloud environments
  • Managing physical infrastructures for cloud environments
  • Building and operating logical infrastructures for cloud environments
  • Ensuring compliance with regulation and controls
  • Conducting risk assessments of physical and logical infrastructures
  • Understanding how to acquire, collect and preserve digital evidence
  • Managing communication with and identifying relevant parties
  • Auditing and monitoring of tools, mechanisms, and facilities

What is Involved in the ISC2 CCSP Certification Exam?

The exam is a three-hour exam with 125 multiple-choice questions. You must earn at least 700 out of 1,000 points to pass successfully.

The CCSP exam covers the six CCSP domains, which are as follows:

  • Cloud concepts and design
  • Cloud data security
  • Cloud platform and infrastructure security
  • Cloud application security
  • Security architecture design operations and service orchestration
  • Legal, Risk, and Compliance

You also must have the following to qualify for certification:

  • At least five years paid work experience in information technology
  • Three of the five years must consist of work in information security, and one year in one or more of the six domains (above)


  • Cloud Concepts, Architecture, and Design
    • Introduction
    • Domain 1: Cloud Concepts, Architecture, and Design
    • What is Cloud Computing and What are its Key Characteristics?
    • What are the Different Roles in Cloud Computing?
    • Cloud Security Concepts
    • What are the Cloud Service Models?
    • Infrastructure as Service as a Service (IaaS)
    • Infrastructure as Service as a Service (IaaS) Risks
    • Platform as a Service (PaaS)
    • Platform as a Service (PaaS) Risks
    • Software as a Service (SaaS)
    • Software as a Service (SaaS) Risks
    • Virtualization Risks
    • Cloud Deployment Models
    • Public Cloud Deployments
    • Public Cloud Deployments Risks
    • Vendor Lock-In
    • Vendor Lock-Out
    • Multi-Tenant Environment Risks
    • Private Cloud Deployments
    • Private Cloud Deployments Risks
    • Community Cloud Deployments
    • Community Cloud Deployments Risks
    • Cloud Security Process
    • Security Responsibility by Service Model
    • Defense in Depth
    • Cloud Security Frameworks and Standards
    • Cost Benefit Analysis
    • Developing Business Requirements
    • Business Impact Analysis
    • Developing Security Requirements
    • Domain 1 Summary
  • Cloud Data Security
    • Domain 2: Cloud Data Security
    • Data Classification
    • Data Roles
    • Cloud Data Lifecycle
    • Data Discovery
    • Cloud Data Security Strategy
    • Encrypting Data
    • Encryption Types
    • Encryption and Key Management
    • Federal Information Processing Standard (FIPS PUB140-2)
    • Hardening Devices
    • Jurisdiction Requirements
    • Protecting Data in Transit
    • Data Storage Architecture
    • Data Retention Policy
    • Data Destruction Methods
    • Auditing
    • Data Audit Policy
    • Data Privacy
    • Privacy Safeguards
    • Data Obfuscation
    • Data Masking
    • Tokenization
    • Information Rights Management (IRM)
    • Information Rights Implementation
    • Information Rights Challenges
    • Intellectual Property (US)
    • Data Egress
    • Domain 2 Summary
  • Cloud Platform and Infrastructure Security
    • Domain 3: Cloud Platform and Infrastructure Security
    • Cloud Infrastructure Components
    • The Management Plane
    • Administering Middleware
    • Virtualization
    • Data Access
    • Secure Networking
    • Network Security
    • System Information and Event Management (SIEM)
    • Cloud Provider Responsibility for Physical Plant
    • Power Redundancy
    • Other Redundancy and Safety Considerations
    • Data Center Tiers
    • Cloud Threats Part 1
    • Cloud Threats Part 2
    • Protecting Against Cloud Threats Part 1
    • Protecting Against Cloud Threats Part 2
    • Shared Responsibility for Cloud Platform Oversight
    • Cloud-Based Business Continuity and Disaster Recovery
    • Disaster Declaration
    • Disaster Recovery Criteria
    • Disaster Recovery Testing
    • Domain 3 Summary
  • Cloud Application Security
    • Domain 4: Cloud Application Security
    • Challenges of Cloud Application Deployment
    • Training and Awareness
    • Cloud Software Development Lifecycle (SDLC)
    • Secure Software Development Lifecycle (SSDL)
    • Application Security Standards (ISO/IEC) 27034-1
    • Identify and Access Management (IAM)
    • Multi Factor Authentication (MFA)
    • Single Sign-on and Federated Identity Management
    • Federation Standards
    • Application Programming Interfaces (APIs)
    • API Approval and Management
    • Open-Source Software
    • Sandboxing
    • Cloud Application Security Testing Concepts and Methods
    • OWASP Top 10 Overview
    • OWASP Top 10 Part 1: Code Injection
    • OWASP Top 10 Part 2: Broken Authentication
    • OWASP Top 10 Part 3: Sensitive Data Exposure
    • OWASP Top 10 Part 4: XML External Entities (XXE)
    • OWASP Top 10 Part 5: Broken Access Control
    • OWASP Top 10 Part 6: Security Misconfiguration
    • OWASP Top 10 Part 7: Cross-Site Scripting (XSS)
    • OWASP Top 10 Part 8: Insecure Deserialization
    • OWASP Top 10 Part 9: Using Components with Known Vulnerabilities
    • OWASP Top 10 Part 10: Insufficient Logging and Monitoring
    • STRIDE
    • Application Security Testing Approaches Part 1
    • Application Security Testing Approaches Part 2
    • Domain 4 Summary
  • Cloud Security Operations
    • Domain 5: Cloud Security Operations
    • Change and Configuration Management
    • Change Management
    • Security Operations Center (SOC)
    • Log Review Challenges
    • Incident Response
    • Treacherous 12 Overview
    • Treacherous 12 Part 1: Data Breach
    • Treacherous 12 Part 2: Insufficient Identity, Credential and Access Management
    • Treacherous 12 Part 3: Insure APIs
    • Treacherous 12 Part 4: System Vulnerability
    • Treacherous 12 Part 5: Account Hijacking
    • Treacherous 12 Part 6: Malicious Insider
    • Treacherous 12 Part 7: Advanced Persistent Threats (APTs)
    • Treacherous 12 Part 8: Data Loss
    • Treacherous 12 Part 9: Insufficient Due Diligence
    • Treacherous 12 Part 10: Abuse of Cloud Services
    • Treacherous 12 Part 11: Denial of Service
    • Treacherous 12 Part 12: Shared Technology Vulnerability
    • Domain 5 Summary
  • Legal, Risk, and Compliance
    • Domain 6: Legal, Risk and Compliance
    • Legal Risks of Cloud Computing
    • Due Diligence and Due Care
    • Legal and Compliance Terms
    • US Laws and Regulations
    • Sarbanes-Oxley (SOX)
    • Gramm-Leach-Bliley act (GLBA)
    • Health Information Portability and Accountability Act (HIPAA)
    • Payment Card Industry (PCI)
    • General Data Protection Regulation (GDPR)
    • General Data Protection Regulation Privacy Principles
    • Risk Management
    • Risk Management Frameworks
    • Vendor Management
    • Statement on Standards for Attestation Engagements (SSAE-18)
    • Domain 6 Summary
    • Conclusion

Taught by

Graham Wicas


Start your review of Certified Cloud Security Professional (CCSP)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.