| Section | Weight | Objectives |
| Legal, Risk and Compliance | 13% | - Understand cloud contract design and terms - Understand risk management - Understand audit process, methodologies, and required standards - Understand supply chain management - Understand legal and regulatory requirements
- 1. Data protection, privacy, jurisdiction
- Understand privacy issues
|
| Cloud Concepts, Architecture and Design | 17% | - Understand security concepts relevant to cloud computing - Understand cloud reference architecture - Understand cloud computing concepts
- 1. Definitions, roles and responsibilities
- 2. Service models: IaaS, PaaS, SaaS
- 3. Deployment models: public, private, hybrid, community
- Understand design principles of secure cloud computing - Design secure cloud architectures - Evaluate cloud service providers
|
| Cloud Platform and Infrastructure Security | 17% | - Comprehend cloud infrastructure components
- 1. Physical, network, compute, storage, virtualization
- Design and secure cloud infrastructure - Understand virtualization and related security risks - Manage physical and logical infrastructure security - Design and plan security of management plane - Plan business continuity and disaster recovery
|
| Cloud Data Security | 20% | - Implement information rights management - Plan and implement data retention, deletion, and archiving - Design and apply data security technologies and strategies
- 1. Data masking, anonymization
- 2. Encryption, key management, tokenization
- Design and implement cloud data storage architectures - Understand cloud data concepts
- 1. Data lifecycle, data location, data flows
- Implement data discovery and classification
|
| Cloud Application Security | 17% | - Secure application programming interfaces - Assess application security - Understand cloud software development lifecycle - Apply secure software development practices - Understand cloud application architecture and risks - Identify and validate cloud software security requirements
|
| Cloud Security Operations | 16% | - Understand security operations concepts - Plan, test, and manage incident response - Manage security operations - Plan and implement physical and logical access controls - Manage cloud security compliance - Build and operate security monitoring and logging
|