Hello CCSP enthusiasts,
I've passed CCSP in my second attempt. Here are some tips that I followed:
1. Don't think like a technologist while answering the questions, solve the problem from a broader perspective and your thought process for any scenarios should be from the eyes of leadership and management roles.
2. Answer should be more generic rather specific, when all options seem correct.
3. This test is not facts based, no need to remember figures and acronyms.
4. Crystal clear understanding of each concept mentioned in the CCSP Exam Outline, I mean what it is for, how it works, how can we use it, how does it help to secure a particular scenario, usually in cloud domain, pros and cons of it
5. Most Challenging areas in Cloud service solutions from the perspective of all 6 domains, for instance Support of digital forensics from Domain 5
6. No specific guide, pick a book based on topic for preparation from the list given @ https://www.isc2.org/Certifications/References
Good to read:
NIST SP 800-146- Recommendations for cloud
NIST SP 800-145-Definition of Cloud Computing
NIST SP 800-144- Security of Public Cloud
NIST SP 500-299 -Security Ref Architecture
NIST SP 500-292 -Cloud Ref Architecture
NIST SP 500-291R2 Cloud Computing Standards Roadmap
ISO-17788- Cloud computing -Overview and vocabulary
ISO-17789- Cloud Computing Reference Architecture
ENISA Security aspects of virtualization
CSA Best Practices for Mitigating Risks in Virtualized Environments
CSA's Areas of Focus in Cloud Computing v4.0
Happy learning, wish you good luck. Cheers
@awais1116 , Yes, you need to be aware of them, I think we should know few ISO standards numbers which are relevant to the domain we are working and few are necessary for any InfoSec professional, for instance ISO 27001 &2 for ISMS.
But, if the question is what should be memorized for CCSP exam... it's simple...look at the exam outline given by ISC2 for CCSP, you can see some ISO standards specified explicitly...those should be on top of your mind because they are useful for a CCSP professional to refer during job task execution.
Yes, same thing applies to legal and regulatory obligations. To address unique Risks within the Cloud Environment, we need to know some basic Acts and regulation, you don't need to be legal expert(legal team can help in this regard)
For example, CLOUD Act requires U.S. -based companies to respond to legal requests for data regardless of where the data is physically located. As a CCSP, it’s important that we understand how to approach these challenges.
You should have a baseline understanding of relevant security and privacy laws and regulations, ISO standards, NIST Publications, it's a basic requirement.
Hope this answers your query
CCSP is for Cloud Security, CISSP is for Leadership and Operations, there is nothing like any sequential order...it all depends on your career interest and skill requirement. CISSP knowledge definitely helps to understand things faster & better but lacking CISSP will not stop you to take CCSP, but CCSP is specific to cloud security which leverages basic InfoSec concepts and extends to Cloud. If you are in software development CSSLP is best fit.
ultimately everything boils down to RISK and MITIGATION, if you already have InfoSec fundamentals strong proceed with CCSP which is a different context for risk and mitigation