Year-End Learning Carnival: Get Free Courses and Up to 50% off on Career Booster Combos!
D H M S

New CCSP vs the old CCSP

As many of you may be aware, the new CCSP exam is coming into effect on August 1st ,2019.  We have tabulated some of the changes that are being made from the old CCSP to the new CCSP exam.

Here are the old CCSP domains and weightage vs the new CCSP domains and weightage:

Old CCSP domains and weightage New CCSP domains and weightage
Architectural Concepts & Design Requirements 19% Cloud Concepts, Architecture and Design 17%
Cloud Data Security 20% Cloud Data Security 19%
Cloud Platform & Infrastructure Security 19% Cloud Platform & Infrastructure Security 17%
Cloud Application Security 15% Cloud Application Security 17%
Operations 15% Cloud Security Operations 17%
Legal & Compliance 12% Legal, Risk and Compliance 13%

As we can see from the above, the first three domains have less weight now and the last three domains have slightly more weight in the new CCSP exam.
Here is the comparison of exam information between the old CCSP examination, and the new CCSP examination:

Old CCSP exam information New CCSP exam information
Length of exam 4 hours 3 hours
No.of questions 125 125
Question format Multiple choice Multiple choice
Passing grade 700 out of 1000 points 700 out of 1000 points

As we can see from the above table, the duration of the new CCSP examination has been reduced by an hour for the same number of questions (125) The question format for the new CCSP exam remains the same as the old format (multiple-choice) The passing grade for the new CCSP exam also remains the same as the old CCSP exam (700 points out of 1000 points)

Let us look at the detailed changes from the old CCSP to the new CCSP:

Domain 1:
The first domain has been renamed as ‘Cloud concepts, Architecture and design’. The weightage for this domain has reduced to 17%.

Old CCSP domain 1 New CCSP domain 1
1. Understand Cloud Computing Concepts 1. Understand Cloud Computing Concepts
1.2 Describe Cloud Reference Architecture 1.2 Describe Cloud Reference Architecture

ADDED:
‘Impact of Related Technologies’

1.3 Understand Security Concepts Relevant to Cloud Computing

 

1.3 Understand Security Concepts Relevant to Cloud Computing

REMOVED:
‘Security Considerations for different Cloud Categories’

1.4 Understand the Design Principles of Secure Cloud Computing 1.4 Understand the Design Principles of Secure Cloud Computing

ADDED:
‘Security Considerations for Different Cloud Categories’

1 5 Identify Trusted Cloud Services 1.5 Evaluate Cloud Service Providers (RENAMED)

Domain 2:
The second domain of the new CCSP exam is ‘Cloud Data security’ and has the same name as the old version. This domain has 19% weightage and has 1% weight than the old exam.
Here are a few more details regarding the second domain.

Old CCSP domain 2 New CCSP domain 2
2.1 Understand Cloud Data Lifecycle (CSA Guidance) 2.1 Describe Cloud Data Concepts (RENAMED)
ADDED:  ‘Data Dispersion’
2.2 Design and Implement Cloud Data Storage Architectures 2.2 Design and Implement Cloud Data Storage Architectures
REMOVED: ‘Technologies Available to Address Threats’
2.3 Design and Apply Data Security Strategies 2.3 Design and Apply Data Security Technologies and Strategies

REMOVED:
Application of Technologies
Emerging Technologies

ADDED:
Data Loss Prevention (DLP)
Data Obfuscation
Data De-identification

2.4 Understand and Implement Data Discovery and Classification Technologies 2.4 Implement Data Discovery (RENAMED)
REMOVED ALL OLD SUB-SECTIONS ADDED:
Structured Data
Unstructured Data
2.5 Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII) 2.5 Implement Data Classification(RENAMED)

OLD SUB-SECTIONS CHANGED TO:

  1. Mapping
  2. Labeling
  3. Sensitive data
2.6 Design and Implement Data Rights Management 2.6 Design and Implement Information Rights Management (IRM) (RENAMED)
2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies 2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies

ADDED: ‘Legal Hold’

2.8 Design and Implement Auditability, Traceability, and Accountability of Data Events 2.8 Design and Implement Auditability, Traceability, and Accountability of Data Events

REMOVED:
‘Storage and Analysis of Data Events’
‘Continuous Optimizations’

Domain 3:
The third domain retains the same name ‘Cloud Platform and Infrastructure Security’. However, the weightage for this domain has dropped by 2% and now it has 17% weightage.

Old CCSP domain 3 New CCSP domain 3
3.1 Comprehend Cloud Infrastructure Components 3.1 Comprehend Cloud Infrastructure Components
3.2 Analyze Risks Associated to Cloud Infrastructure 3.2 Design a Secure Data Center (NEW)
3.3 Design and Plan Security Controls 3.3 Analyze Risks Associated with Cloud Infrastructure
3.4 Plan Disaster Recovery and Business Continuity Management 3.4 Design and Plan Security Controls
3.5 Plan Disaster Recovery (DR) and Business Continuity (BC)

Domain 4:
The fourth domain retains the same name ‘Cloud application security’ and has 17% weightage in the exam. Here are the details:

Old CCSP domain 4 New CCSP domain 4
4.1 Recognize the need for Training and Awareness in Application Security 4.1 Advocate Training and Awareness for Application Security
4.2 Understand Cloud Software Assurance and Validation 4.2 Describe the Secure Software Development Life Cycle (SDLC) Process
4.3 Use Verified Secure Software 4.3 Apply the Secure Software Development Life Cycle (SDLC)
4.4 Comprehend the Software Development Life-Cycle (SDLC) Process 4.4 Apply Cloud Software Assurance and Validation
4.5 Apply the Secure Software Development Life-Cycle 4.5 Use Verified Secure Software
4.6  Comprehend the Specifics of Cloud Application Architecture 4.6 Comprehend the Specifics of Cloud Application Architecture
4.7 Design Appropriate Identity and Access Management (IAM) Solutions 4.7 Design Appropriate Identity and Access Management (IAM) Solutions

Domain 5:
The fifth domain of the CCSP exam has been changed from ‘Operations’ to ‘Cloud Security operations’ and has 17% weightage in the exam. These are the details:

Old CCSP domain 5 New CCSP domain 5
5.1 Support the Planning Process for the Data Center Design 5.1 Implement and Build Physical and Logical Infrastructure for Cloud Environment
5.2 Implement and Build Physical Infrastructure for Cloud Environment 5.2 Operate Physical and Logical Infrastructure for Cloud Environment
5.3 Run Physical Infrastructure for Cloud Environment 5.3 Manage Physical and Logical Infrastructure for Cloud Environment
5.4 Manage Physical Infrastructure for Cloud Environment 5.4 Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
5.5 Build Logical Infrastructure for Cloud Environment 5.5 Support Digital Forensics (NEW)
5.6 Run Logical Infrastructure for Cloud Environment 5.6 Manage Communication with Relevant Parties
5.7 Manage Logical Infrastructure for Cloud Environment

5.8 Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1)

5.9 Conduct Risk Assesment to Logical and Physical Infrastructure

5.10 Understand the Collection, Acquisition and Preservation of Digital Evidence

5.11 Manage Communication with Relevant Parties

5.7 Manage Security Operations (NEW)

Domain 6:
The sixth domain of the new CCSP exam has been changed from ‘Legal and Compliance’ to ‘Legal, risk and compliance’ and has a weightage of 13% in the exam. Here are the details:

Old CCSP domain 6 New CCSP domain 6
6.1 Understand Legal Requirements and Unique Risks within the Cloud Environment 6.1 Articulate Legal Requirements and Unique Risks within the Cloud Environment
6.2 Understand Privacy Issues, Including Jurisdictional Variation 6.2 Understand Privacy Issues
6.3 Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 6.3 Understand Audit Process, Methodologies, and Required Adaptations for a Cloud environment
6.4 Understand the Implications of Cloud to Enterprise Risk Management 6.4 Understand the Implications of Cloud to Enterprise Risk Management
6.5 Understand Outsourcing and Cloud Contract Design

 

6.5 Understand Outsourcing and Cloud Contract Design
6.6 Execute Vendor Management

We have the seen the changes in the new CCSP exam that are slated to come into effect from August 1st 2019.

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.
Your Guide to ISO IEC 42001
TOP
whatsapp