cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iluom
Contributor II

Passed CCSP- My Suggestions and experience

Hello CCSP enthusiasts,

 

I've passed CCSP in my second attempt. Here are some tips that I followed:

 

1. Don't think like a technologist while answering the questions, solve the problem from a broader perspective and your thought process for any scenarios should be from the eyes of  leadership and management roles.

 

2. Answer should be more generic rather specific, when all options seem correct.

 

3. This test is not facts based, no need to remember figures and acronyms.

 

4. Crystal clear understanding of each concept mentioned in the CCSP Exam Outline, I mean what it is for, how it works, how can we use it, how does it help to secure a particular scenario, usually in cloud domain, pros and cons of it

 

5. Most Challenging areas in Cloud service solutions from the perspective of all 6 domains, for instance Support of digital forensics from Domain 5

 

6. No specific guide, pick a book based on topic for preparation from the list given @ https://www.isc2.org/Certifications/References

 

Good to read:

NIST SP 800-146- Recommendations for cloud
NIST SP 800-145-Definition of Cloud Computing
NIST SP 800-144- Security of Public Cloud
NIST SP 500-299 -Security Ref Architecture
NIST SP 500-292 -Cloud Ref Architecture
NIST SP 500-291R2 Cloud Computing Standards Roadmap
ISO-17788- Cloud computing -Overview and vocabulary
ISO-17789- Cloud Computing Reference Architecture

NIST-SP800-125-Virualization

ENISA Security aspects of virtualization
CSA Best Practices for Mitigating Risks in Virtualized Environments

CSA's Areas of Focus in Cloud Computing v4.0

CSA's- Egregious-11

 

 

Happy learning, wish you good luck. Cheers

 

Mouli

 

 

Chandra Mouli, CISSP, CCSP, CSSLP
11 Replies
ChrisR
Viewer

I passed the CCSP exam last August and I agree with these recommendations. Particularly 1 & 4
ahamgupthosmi
Viewer

Thanks for the valuable information for beginners like me
NeduJen1
Reader I

Hi Mouli,

 

Thank you for sharing your insight. Very resourceful, especially with the NIST frameworks.

Thank you

awais1116
Newcomer I

Thanks for the tips.

 

Do we need to memorise the ISO standards or Laws like what ISO27008 related to or GLBA related to xyz ?

 

@iluom 

iluom
Contributor II

@awais1116 , Yes, you need to be aware of them, I think we should know few ISO standards numbers which are relevant to the domain we are working and few are necessary for any InfoSec professional, for instance ISO 27001 &2 for ISMS.

 

But, if the question is what should be memorized for CCSP exam... it's simple...look at the exam outline given by ISC2 for CCSP, you can see some ISO standards specified explicitly...those should be on top of your mind because they are useful for a CCSP professional to refer during job task execution.

 

Yes, same thing applies to legal and regulatory obligations. To address unique Risks within the Cloud Environment, we need to know some basic Acts and regulation, you don't need to be legal expert(legal team can help in this regard)

For example, CLOUD Act requires U.S. -based companies to respond to legal requests for data regardless of where the data is physically located. As a CCSP, it’s important that we understand how to approach these challenges.

 

You should have a baseline understanding of relevant security and privacy laws and regulations, ISO standards, NIST Publications, it's a basic requirement.

 

Hope this answers your query

 

Thanks

 

 

Chandra Mouli, CISSP, CCSP, CSSLP
francisbandi
Newcomer I

Congratulation Chandra

 

Do you advice me to take 1st CISSP? I failed my CCSP, and now I am thinking to go for other certs 

iluom
Contributor II

Hi @francisbandi 

 

CCSP is for Cloud Security, CISSP is for Leadership and Operations, there is nothing like any sequential order...it all depends on your career interest and skill requirement. CISSP knowledge definitely helps to understand things faster & better but lacking CISSP will not stop you to take CCSP, but CCSP is specific to cloud security which leverages basic InfoSec concepts and extends to Cloud. If you are in software development CSSLP is best fit.

 

 

ultimately everything boils down to RISK and MITIGATION, if you already have InfoSec fundamentals strong proceed with CCSP which is a different context for risk and mitigation

 

Thanks

 

Chandra Mouli, CISSP, CCSP, CSSLP
safe_secs
Newcomer I

Congrats, Mouli! This is some great advice.

awais1116
Newcomer I

Thanks