Menu

Cloud Security Operations

  1. Implement and Build Physical and Logical Infrastructure for Cloud Environment
    • Hardware Specific Security Configuration Requirements (e.g., Basic Input Output System (BIOS), settings for virtualization and Trusted Platform Module (TPM), storage controllers, network controllers)
    • Installation and Configuration of Virtualization Management Tools
    • Virtual Hardware Specific Security Configuration Requirements (e.g., network, storage, memory, Central Processing Unit (CPU))
    • Installation of Guest Operating System (OS) Virtualization Toolsets
  2. Operate Physical and Logical Infrastructure for Cloud Environment
    • Configure Access Control for Local and Remote Access (e.g., Secure Keyboard Video Mouse (KVM), console-based access mechanisms, Remote Desktop Protocol (RDP))
    • Secure Network Configuration (e.g., Virtual Local Area Networks (VLAN), Transport Layer Security (TLS), Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Virtual Private Network (VPN))
    • Operating System (OS) Hardening Through the Application of Baselines (e.g., Windows, Linux, VMware)
    • Availability of Stand-Alone Hosts
    • Availability of Clustered Hosts (e.g., Distributed Resource Scheduling (DRS), Dynamic Optimization (DO), storage clusters, maintenance mode, High Availability)
    • Availability of Guest Operating System (OS)
  3. Manage Physical and Logical Infrastructure for Cloud Environment
    • Access Controls for Remote Access (e.g., Remote Desktop Protocol (RDP), Secure Terminal Access, Secure Shell (SSH))
    • Operating System (OS) Baseline Compliance Monitoring and Remediation
    • Patch Management
    • Performance and Capacity Monitoring (e.g., network, compute, storage, response time)
    • Hardware Monitoring (e.g., Disk, Central Processing Unit (CPU), fan speed, temperature)
    • Configuration of Host and Guest Operating System (OS) Backup and Restore Functions
    • Network Security Controls (e.g., firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), honeypots, vulnerability assessments, network security groups)
    • Management Plane (e.g., scheduling, orchestration, maintenance)
  4. Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
    • Change Management
    • Continuity Management
    • Information Security Management
    • Continual Service Improvement Management
    • Incident Management
    • Problem Management
    • Release Management
    • Deployment Management
    • Configuration Management
    • Service level Management
    • Availability Management
    • Capacity Management
  5. Support Digital Forensics
    • Forensic Data Collection Methodologies
    • Evidence Management
    • Collect, Acquire and Preserve Digital Evidence
  6. Manage Communication with Relevant Parties
    • Vendors
    • Customers
    • Partners
    • Regulators
    • Other Stakeholders
  7. Manage Security Operations
    • Security Operations Center (SOC)
    • Monitoring of Security Controls (e.g., firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), honeypots, vulnerability assessments, network security groups)
    • Log Capture and Analysis (e.g., Security Information and Event Management (SIEM), log management)
    • Incident Management

CCSP

  1. Cloud Concepts, Architecture, and Design
  2. Cloud Data Security
  3. Cloud Platform and Infrastructure Security
  4. Cloud Application Security
  5. Cloud Security Operations
  6. Legal, Risk, and Compliance