topic Re: Passed CCSP- My Suggestions and experience in CCSP Study Group

Passed CCSP- My Suggestions and experience

iluom — Wed, 15 Feb 2023 21:36:01 GMT

Hello CCSP enthusiasts,

I've passed CCSP in my second attempt. Here are some tips that I followed:

1. Don't think like a technologist while answering the questions, solve the problem from a broader perspective and your thought process for any scenarios should be from the eyes of leadership and management roles.

2. Answer should be more generic rather specific, when all options seem correct.

3. This test is not facts based, no need to remember figures and acronyms.

4. Crystal clear understanding of each concept mentioned in the CCSP Exam Outline, I mean what it is for, how it works, how can we use it, how does it help to secure a particular scenario, usually in cloud domain, pros and cons of it

5. Most Challenging areas in Cloud service solutions from the perspective of all 6 domains, for instance Support of digital forensics from Domain 5

6. No specific guide, pick a book based on topic for preparation from the list given @ https://www.isc2.org/Certifications/References

Good to read:

NIST SP 800-146- Recommendations for cloud
NIST SP 800-145-Definition of Cloud Computing
NIST SP 800-144- Security of Public Cloud
NIST SP 500-299 -Security Ref Architecture
NIST SP 500-292 -Cloud Ref Architecture
NIST SP 500-291R2 Cloud Computing Standards Roadmap
ISO-17788- Cloud computing -Overview and vocabulary
ISO-17789- Cloud Computing Reference Architecture

NIST-SP800-125-Virualization

ENISA Security aspects of virtualization
CSA Best Practices for Mitigating Risks in Virtualized Environments

CSA's Areas of Focus in Cloud Computing v4.0

CSA's- Egregious-11

Happy learning, wish you good luck. Cheers

Mouli

Re: Passed CCSP- My Suggestions and experience

ChrisR — Thu, 16 Feb 2023 15:24:35 GMT

I passed the CCSP exam last August and I agree with these recommendations. Particularly 1 & 4

Re: Passed CCSP- My Suggestions and experience

ahamgupthosmi — Fri, 24 Feb 2023 18:51:46 GMT

Thanks for the valuable information for beginners like me

Re: Passed CCSP- My Suggestions and experience

NeduJen1 — Sat, 04 Mar 2023 01:42:57 GMT

Hi Mouli,

Thank you for sharing your insight. Very resourceful, especially with the NIST frameworks.

Thank you

Re: Passed CCSP- My Suggestions and experience

awais1116 — Thu, 20 Apr 2023 13:19:29 GMT

Thanks for the tips.

Do we need to memorise the ISO standards or Laws like what ISO27008 related to or GLBA related to xyz ?

@iluom

Re: Passed CCSP- My Suggestions and experience

iluom — Fri, 21 Apr 2023 17:15:49 GMT

@awais1116 , Yes, you need to be aware of them, I think we should know few ISO standards numbers which are relevant to the domain we are working and few are necessary for any InfoSec professional, for instance ISO 27001 &2 for ISMS.

But, if the question is what should be memorized for CCSP exam... it's simple...look at the exam outline given by ISC2 for CCSP, you can see some ISO standards specified explicitly...those should be on top of your mind because they are useful for a CCSP professional to refer during job task execution.

Yes, same thing applies to legal and regulatory obligations. To address unique Risks within the Cloud Environment, we need to know some basic Acts and regulation, you don't need to be legal expert(legal team can help in this regard)

For example, CLOUD Act requires U.S. -based companies to respond to legal requests for data regardless of where the data is physically located. As a CCSP, it’s important that we understand how to approach these challenges.

You should have a baseline understanding of relevant security and privacy laws and regulations, ISO standards, NIST Publications, it's a basic requirement.

Hope this answers your query

Thanks

Re: Passed CCSP- My Suggestions and experience

francisbandi — Mon, 24 Apr 2023 21:01:08 GMT

Congratulation Chandra

Do you advice me to take 1st CISSP? I failed my CCSP, and now I am thinking to go for other certs

Re: Passed CCSP- My Suggestions and experience

iluom — Tue, 25 Apr 2023 14:37:27 GMT

Hi @francisbandi

CCSP is for Cloud Security, CISSP is for Leadership and Operations, there is nothing like any sequential order...it all depends on your career interest and skill requirement. CISSP knowledge definitely helps to understand things faster & better but lacking CISSP will not stop you to take CCSP, but CCSP is specific to cloud security which leverages basic InfoSec concepts and extends to Cloud. If you are in software development CSSLP is best fit.

ultimately everything boils down to RISK and MITIGATION, if you already have InfoSec fundamentals strong proceed with CCSP which is a different context for risk and mitigation

Thanks

Re: Passed CCSP- My Suggestions and experience

safe_secs — Thu, 27 Apr 2023 13:50:13 GMT

Congrats, Mouli! This is some great advice.

Re: Passed CCSP- My Suggestions and experience

awais1116 — Fri, 09 Jun 2023 15:57:37 GMT

Thanks

Re: Passed CCSP- My Suggestions and experience

technitin — Sun, 11 Jun 2023 09:55:11 GMT

Thanks for sharing detailed information

Re: Passed CCSP- My Suggestions and experience

abhattac5 — Sat, 01 Jul 2023 07:19:11 GMT

For sure - knowing at least the basics for which ISO and NIST standards was key to at least a few of the questions. I think it's unfortunate to just memorize numbers of standards, but it's fair game all the same.

Thanks, and congratulations!