Certified Cloud Security Professional (CCSP) (CS8527)

Cloud computing has been transforming the way the world conducts business for some time now. Organizations are rethinking their IT strategies and embracing the concepts and practices of cloud computing as a way to be competitive in today's global markets. In addition, the information security industry has begun to recognize the uniqueness of this specialized, new, disruptive force and the need for trained professionals with the right cloud security knowledge and skill sets.

The Certified Cloud Security Professional (CCSP) certification was developed by (ISC)² in partnership with the Cloud Security Alliance (CSA) to satisfy the growing demand for trained and qualified cloud security professionals.

The CCSP (ISC)² Certified Cloud Security Professional course offers the cloud professional a solid foundation for taking and passing the Certified Cloud Security Professional (CCSP) exam. 

A preferential rate (-15%) applies to the regular cost for non-profit organizations, as well as the government sector. In addition, you can benefit from additional advantages through a corporate agreement when you need to train several people or teams in your company. Contact us for details.

Public class

Virtual classroom
Tentative dateTentative date
April 17 2023
Virtual classroom
Tentative dateTentative date
May 29 2023
Virtual classroom
Tentative dateTentative date
July 3 2023
Virtual classroom
Tentative dateTentative date
August 14 2023
5 days / 35 hours

Private class

On site / Virtual classroom
Minimum no. of participants: 5
5 days / 35 hours
Price on request
English or French
Training plan: 

Module 1: Architectural Concepts and Design Requirements

  • Cloud Computing Definitions
  • Cloud Computing Roles
  • Key Cloud Computing Characteristics
  • Cloud Transition Scenario
  • Building Blocks
  • Cloud Computing Functions
  • Cloud Service Categories
  • Cloud Deployment Models
  • Cloud Cross-Cutting Aspects
  • Network Security and Perimeter
  • Cryptography
  • IAM and Access Control
  • Data and Media Sanitization
  • Virtualization Security
  • Common Threats
  • Security Considerations for Different Cloud Categories
  • Open Web Application Security Project Top Ten Security Threats
  • Cloud Secure Data Lifecycle
  • Information and Data Governance Types
  • Business Continuity and Disaster Recovery Planning
  • Cost-Benefit Analysis
  • Certification Against Criteria
  • System and Subsystem Product Certification

Module 2: Cloud Data Security

  • The Cloud Data Lifecycle Phases
  • Location and Access of Data
  • Functions, Actors, and Controls of the Data
  • Cloud Services, Products, and Solutions
  • Data Storage
  • Relevant Data Security Technologies
  • Application of Security Strategy Technologies
  • Emerging Technologies
  • Data Discovery
  • Data Classification
  • Data Privacy Acts
  • Typical Meanings for Common Privacy Terms
  • Privacy Roles for Customers and Service Providers
  • Responsibility Depending on the Type of Cloud Services
  • Implementation of Data Discovery
  • Classification of Discovered Sensitive Data
  • Mapping and Definition of Controls
  • Privacy Level Agreement
  • PLA Versus Essential P&DP Requirements Activity
  • Application of Defined Controls for PII
  • Data Rights Management Objectives
  • Data-Protection Policies
  • Events
  • Supporting Continuous Operations
  • Chain of Custody and Nonrepudiation

Module 3: Cloud Platform and Infrastructure Security

  • Network and Communications in the Cloud
  • The Compute Parameters of a Cloud Server
  • Storage Issues in the Cloud
  • Management of Cloud Computing Risks
  • Countermeasure Strategies Across the Cloud
  • Physical and Environmental Protections
  • System and Communication Protections
  • Virtualization Systems Controls
  • Managing Identification, Authentication, and Authorization in the Cloud Infrastructure
  • Risk Audit Mechanisms
  • Understanding the Cloud Environment Related to BCDR
  • Understanding the Business Requirements Related to BCDR
  • BCDR Strategies
  • Creating the BCDR Plan

Module 4: Cloud Application Security

  • Determining Data Sensitivity and Importance
  • Understanding the API Formats
  • Common Pitfalls of Cloud Security Application Deployment
  • Awareness of Encryption Dependencies
  • Understanding the Software Development Lifecycle Process for a Cloud Environment
  • Assessing Common Vulnerabilities
  • Cloud-Specific Risks
  • Threat Modeling
  • Identity and Access Management
  • Federated Identity Management
  • Multifactor Authentication
  • Supplemental Security Devices
  • Cryptography
  • Tokenization
  • Data Masking
  • Sandboxing
  • Application Virtualization
  • Cloud-Based Functional Data
  • Cloud-Secure Development Lifecycle
  • Application Security Testing

Module 5: Operations

  • Modern Data Centers and Cloud Service Offerings
  • Factors That Affect Data Center Design
  • Enterprise Operations
  • Secure Configuration of Hardware: Specific Requirements
  • Installation and Configuration of Virtualization Management Tools for the Host
  • Securing the Network Configuration
  • Identifying and Understanding Server Threats
  • Using Standalone Hosts
  • Using Clustered Hosts 
  • Accounting for Dynamic Operation
  • Using Storage Clusters
  • Using Maintenance Mode
  • Providing HA on the Cloud
  • The Physical Infrastructure for Cloud Environments
  • Configuring Access Control for Remote Access
  • Performing Patch Management
  • Performance Monitoring
  • Backing Up and Restoring the Host Configuration
  • Implementing Network Security Controls: Defense in Depth
  • Developing a Management Plan
  • Building a Logical Infrastructure for Cloud Environments
  • Running a Logical Infrastructure for Cloud Environments
  • Managing the Logical Infrastructure for Cloud Environments
  • Implementation of Network Security Controls
  • Using an ITSM Solution
  • Considerations for Shadow IT
  • Operations Management
  • Managing Risk in Logical and Physical Infrastructures
  • The Risk-Management Process Overview
  • Understanding the Collection and Preservation of Digital Evidence
  • Managing Communications with Relevant Parties
  • Wrap-Up: Data Breach Example

Module 6: Legal and Compilance

  • International Legislation Conflicts
  • Legislative Concepts
  • Frameworks and Guidelines Relevant to Cloud Computing
  • Common Legal Requirements
  • Legal Controls and Cloud Service Providers
  • e-Discovery 
  • Cloud Forensics and ISO/IEC 27050-1
  • Protecting Personal Information in the Cloud
  • Auditing in the Cloud
  • Standard Privacy Requirements (ISO/IEC 27018)
  • GAPP
  • Internal ISMS
  • Implementing Policies
  • Identifying and Involving the Relevant Stakeholders
  • Impact of Distributed IT Models
  • Understanding the Implications of the Cloud to Enterprise Risk Management
  • Risk Mitigation
  • Understanding Outsourcing and Contract Design
  • Business Requirements
  • Vendor Management
  • Cloud Computing Certification
  • Contract Management
  • Supply Chain Management
  • Supply Chain Risk

APPENDIX A: Answers to Review Questions

  • Module 1: Architectural Concepts and Design Requirements
  • Module 2: Cloud Data Security
  • Module 3: Cloud Platform and Infrastructure Security
  • Module 4: Cloud Application Security
  • Module 5: Operations
  • Module 6: Legal and Compilance Issues



  • FREE attendance to the Cybersecurity Awareness for Users (CS8525) training for 20 participants from your organization
  • One year access to the class recording
  • Practice exam questions
  • One year subscription to the CodeRed platform containing thousands of cybersecurity videos
  • Course material accessible in electronic format
  • Certificate of attendance
Certification information: 

Exam characteristics:

  • Preparing for the Certified Cloud Security Professional (CCSP) certification
  • Cost: 599 USD
  • Questions type: Multiple choice
  • Skills measured
    • 1. Cloud Concepts, Architecture and Design 17%
    • 2. Cloud Data Security 19%
    • 3. Cloud Platform & Infrastructure Security 17%
    • 4. Cloud Application Security 17%
    • 5. Cloud Security Operations 17%
    • 6. Legal, Risk and Compliance 13%
  • Duration: 3 hours
  • Number of questions: 125
  • Language: English
  • Passing score: 700/1000
  • All details...

Contact us for more information on pricing::

Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3