I posted about the RSA Conference early bird special pricing in late October and signed up for the conference at that time, but later I got approval and signed up for the ISC2 CCSP training the two days prior.
I had been looking at the CCSP, as it looks interesting from a cloud service provider neutral point of view.
The CCSP - Certified Cloud Security Professional is "Backed by...the Cloud Security Alliance (CSA) and (ISC)², the CCSP credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with cyber, information, software and cloud computing infrastructure security. CCSPs help you achieve the highest standard for cloud security expertise and enable your organization to benefit from the power of cloud computing while keeping sensitive data secure."1.
It's a two day class cram. So I believe in over preparing. I skimmed the CBK Guide and came up with a list of documents and standards as a reading list. My intent is to read the CBK Guide and the reading list at least once before the class.
Below is the reading list including the CBK Guide. If you think there is any other beneficial document for me to prep the CCSP with let me know.
CCSP Reading List
- The Official (ISC)2 Guide to the CCSP CBK, 2nd Edition
- Information technology — Cloud computing — Overview and vocabulary c060544_ISO_IEC_17788_2014
- Information technology — Cloud computing — Reference architecture c060545_ISO_IEC_17789_2014
- Information technology — Service management — Part 10: Concepts and terminology c068673_ISO_IEC_TR_20000-10_2015
- Information technology — Service management — Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: ITIL c062151_ISO_IEC_TR_20000-11_2015
- Information technology — Service management — Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC c069203_ISO_IEC_TR_20000-12_2016
- Information technology — Security techniques — Information security management systems — Overview and vocabulary c066435_ISO_IEC_27000_2016(E)
- Information technology — Security techniques — Information security management systems — Requirements iso-27001-2013
- Information technology — Security techniques — Code of practice for information security management iso_iec_27002
- Information technology — Security techniques — Information security management system implementation guidance iso_iec_27003
- Information technology — Security techniques — Information security management — Measurement ISO-IEC 27004-2009
- Information technology - Security techniques - Information security risk management iso_iec_27005
- Information technology — Security techniques — Vulnerability disclosure c045170_ISO_IEC_29147_2014
- Risk management — Principles and guidelines is.iso.31000.2009
- Federal Information Processing Standards Publication 140-2 fips1402
- The NIST Definition of Cloud Computing nistspecialpublication800-145
- Some of the Standards for download https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html