Domain 1: Cloud Concepts, Architecture, and Design (17%)
- Understand cloud computing concepts
- Describe cloud reference architecture
- Understand security concepts relevant to cloud computing
- Understand design principles of secure cloud computing
- Evaluate cloud service providers
Domain 2: Cloud Data Security (20%)
- Describe cloud data concepts
- Design and implement cloud data storage architectures
- Design and apply data security technologies and strategies
- Implement data discovery
- Plan and implement data classification
- Design and implement Information Rights Management (IRM)
- Plan and implement data retention, deletion and archiving policies
- Design and implement auditability, traceability and accountability of data events
Domain 3: Cloud Platform & Infrastructure Security (17%)
- Comprehend cloud infrastructure and platform components
- Design a secure data center
- Analyze risks associated with cloud infrastructure and platforms
- Plan and implementation of security controls
- Plan business continuity (BC) and disaster recovery (DR)
Domain 4: Cloud Application Security (17%)
- Advocate training and awareness for application security
- Describe the Secure Software Development Life Cycle (SDLC) process
- Apply the Secure Software Development Life Cycle (SDLC)
- Apply cloud software assurance and validation
- Use verified secure software
- Comprehend the specifics of cloud application architecture
- Design appropriate Identity and Access Management (IAM) solutions
Domain 5: Cloud Security Operations (16%)
- Build and implement physical and logical infrastructure for cloud environment
- Operate and maintain physical and logical infrastructure for cloud environment
- Implement operational controls and standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
- Support digital forensics
- Manage communication with relevant parties
- Manage security operations
Domain 6: Legal, Risk and Compliance (13%)
- Articulate legal requirements and unique risks within the cloud environment
- Understand privacy issues
- Understand audit process, methodologies, and required adaptations for a cloud environment
- Understand implications of cloud to enterprise risk management
- Understand outsourcing and cloud contract design