The Certified Cloud Security Professional (CCSP) credential is based upon a Common Body of Knowledge (CBK) jointly developed by the International Information Systems Security Certification Consortium (ISC)2 and the Cloud Security Alliance (CSA).

The CBK (and the associated exam) includes six domains that cover separate, but interrelated, areas: Cloud Concepts, Architecture and Design; Cloud Data Security; Cloud Platform & Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk and Compliance. A ton of information is in these domains, and you can use this Cheat Sheet to remember some of the most important parts.

Helpful tips to prepare for the CCSP exam

Taking any standardized test can be a bit scary — and the CCSP is a definitely no joke! Not to worry, though. With proper preparation (like reading CCSP For Dummies with Online Practice) and following these key tips, you’ll be well on your way to acing the exam!

  • Brush up on the prerequisites. Passing the CCSP exam requires that you know a lot about information security and a lot about cloud computing. To make studying for the CCSP a little less underwhelming, make sure that you already have a strong grasp of general IT topics, like networking and databases. Having Information Security experience is also a great idea, but CCSP For Dummies includes a chapter dedicated to Information Security fundamentals, if you need a primer or refresher.
  • Register for exam . . . like now! It’s so easy to say, “I’ll register when I’m ready for the exam,” but setting a test date and sticking to it is a great way to stay motivated by working toward a specific goal. Worst case scenario: You can always reschedule your exam.
  • Identify your learning style. Some people learn best by reading several books cover to cover, and others like a combination of reading, classroom learning, and study groups. Set yourself up for success by identifying what works best for you and making that happen.
  • Make your study plan. Create an aggressive, yet realistic, study plan that you’ll stick to. Sixty to 90 days (in addition to your lifetime of experiences) is a good target for most people. Stay away from longer than 120-day study plans — longer periods tend to lead to shorter attention spans.
  • Practice, practice, practice. Do plenty practice questions after you read CCSP For Dummies and throughout your studies. Start with the practice questions that come with the book and then scour the interwebs for as many other practice sets as you can find — just make sure they’re legitimate sources!

The Shared Responsibility Model

Talk about cloud computing, and the Shared Responsibility Model almost always creeps into the conversation — seriously! The Shared Responsibility is a critical concept that underlies how the cloud and cloud data is secured. When you’re studying for the CCSP, you should really understand this topic like the back of your hand.

The cloud Shared Responsibility Model identifies the separate, but connected, responsibilities held by the cloud provider and the cloud customer.

In general, the cloud provider is responsible for security of the cloud, while the cloud customer is responsible for “security in the cloud.” See the following figure.

diagram showing the Shared Responsibility Model overview
Shared Responsibility Model overview.

In general, the cloud provider is responsible for security of the cloud, while the cloud customer is responsible for “security in the cloud.” See the following figure.

The responsibilities will be broken up differently based on the cloud service model that you’re using — IaaS, PaaS, or SaaS. See the following figure. 

diagram showing the responsibilities by service model
Responsibilities by service model.

About This Article

This article is from the book:

About the book author:

Arthur J. Deane is a security and compliance executive at Google. He is a technical professional with 13+ years experience in information security, cloud security, IT risk management, and systems engineering.

This article can be found in the category: