ISC Course

course overview

Click to View dates & book now


(ISC)² and the Cloud Security Alliance (CSA) developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory frameworks. A CCSP applies information security expertise to a cloud computing environment and demonstrates competence in cloud security architecture, design, operations, and service orchestration. This professional competence is measured against a globally recognized body of knowledge. The CCSP is a standalone credential that complements and builds upon existing credentials and educational programs, including (ISC)²'s Certified Information Systems Security Professional (CISSP) and CSA's Certificate of Cloud Security Knowledge (CCSK). 

As an (ISC)2 Official Training Provider, we use courseware developed by (ISC)² –creator of the CCSP CBK –to ensure your training is relevant and up-to-date. Our instructors are verified security experts who hold the CCSP and have completed intensive training to teach (ISC)² content. 

Please Note: An exam voucher is included with this course


The course is designed for :

  • Enterprise architects
  • Security administrators
  • Systems engineers
  • Security architects
  • Security consultants
  • Security engineers
  • Security managers
  • Systems architects

Important Information for CCSP Candidates


  • Candidates must have at least five years of cumulative, paid full-time working experience in Information Technology. Three of these years must be in information security, and one of which must be in one of the six CCSP domains; or
  • Candidates who are already (ISC)2 members in good standing and who possess a Certified Information Systems Security Professional (CISSP) certificate may substitute all of the CCSP experience requirements on this basis; and
  • CCSP candidates who have passed the Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK) may count this certification towards one year of experience in one of the six domains.

Course Preparation:

  • You will be asked to read essential background documents from the Cloud Security Alliance (CSA), National Institute for Standards & Technology (NIST) and the European Network and Information Security Agency (ENISA) before the course that will assist with your learning and exam preparation.

Skills Gained

  • Identify and explain the Cloud Computing concepts and definitions based on the ISO/IEC 17788 and NIST standards.
  • Identify and explain the Cloud Security Alliance's Notorious Nine, Treacherous Twelve and Egregious Eleven.
  • Understand, and be able to differentiate between, the various service delivery models, frameworks and hypervisor threats that are incorporated into the cloud computing reference architecture.
  • Demonstrate the application of appropriate security strategies and be able to recommend appropriate controls for protecting data at rest, data in use and data in motion.
  • Discuss strategies for data ownership, data sovereignty, data classification and implementing appropriate measures for assurance for ensuring privacy, compliance with regulatory agencies and working with authorities during legal investigations.
  • Understand the challenges for data centre design, forensic analysis and cloud environment deployments and recommend appropriate risk mitigation strategies.
  • Understand and apply Business Continuity Planning and Disaster Recovery procedures for disaster situations.
  • Design appropriate identity and access management solutions.
  • Comprehend and apply appropriate processes and frameworks including the Software Development Life-Cycle (SDLC) process and secure operations.

"Chris Evans is an excellent cyber security and cloud instructor. He set a lovely tone in the virtual Zoom class, was extremely knowledgeable and approachable instructor with global professional experience. He worked very respectfully with students based outside Australia, including those for whom English was a secondary language. Chris was really generous with his time, was not judgemental about students needing to come/go to meet various workplace obligations. Good control of the class and content and pace. I look forward to working with Chris and ALC again!"


1. Introduction and Course Overview
2. Architectural Concepts and Designs Requirements
  • Important cloud computing concepts
  • Cloud reference architecture
  • Security concepts relevant to cloud computing
  • Security design principles of cloud computing
  • Trusted cloud services
3. Cloud Data Security
  • The cloud data lifecycle
  • Design and implementation of cloud data storage architectures
  • Design and application of data security strategies
  • Implementation of data discovery and classification technologies
  • Implementation of data protection for personally identifiable information (PII)
  • Design and implementation of Data Rights Management
  • Design and implementation of data retention, deletion and archiving policies
  • Auditability, traceability and accountability of data events
4. Cloud Platform and Infrastructure Security
  • Comprehend cloud infrastructure components
  • Analyse risks associated to cloud infrastructure
  • Design and plan security controls
  • Plan disaster recovery and business continuity management
5. Cloud Application Security
  • Training and awareness for application security
  • Cloud software assurance and validation
  • Use of verified secure software
  • Understand and apply the Software Development Life-Cycle (SDLC) process
  • Comprehend the specifics of Cloud Application Architecture
  • Design appropriate Identity and Access Management (IAM) solutions
6. Operations
  • Support the planning process for the data centre design
  • Build, run and manage physical infrastructure for cloud environment
  • Build, run and manage logical infrastructure for cloud environment
  • Ensure compliance with various regulations and control requirements
  • Conduct risk assessments for logical and physical infrastructure
  • Collection, acquisition and preservation of digital evidence
  • Manage communication with relevant parties
7. Legal and Compliance
  • Legal requirements and unique risks within the cloud environment
  • Privacy issues, including jurisdictional variation
  • The audit process and methodologies adapted for the cloud environment
  • Implications of cloud to enterprise risk management
  • Outsourcing and cloud contract design
  • Vendor management
8. Summary
  • Review
  • Mock exam

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.