WOONGJIN IT’s Post

CCSP passed! Another great course from ISC2 Some important knowledge reinforced; ✅ As you plan to get into the cloud, also plan how to get out! This should be part of each system design requirement. It includes how to independently and seamlessly move the system (application and dependencies) elsewhere, while ensuring no data remanence. This is different from your BC/DR. ✅ Standards and frameworks (ISO, NIST, CSA, etc) for operating and securing workloads on the cloud. No need to reinvent the wheel. A cloud security professional should know how to leverage the CSA's Cloud Control Matrix, working with the CSP to define and delineate the Shared Security Responsibility Model (SSRM) Control Ownerships in each deployment model, in order to avoid ambiguity, while also using the Implementation Guidelines for each Control Specification to tailor both CSP and 3rd party controls at each security domain. ✅ A cloud security professional should understand cloud computing risks at the underlying data center, infrastructure, and hypervisor levels. A lot of threats to the security (and privacy) of your data are out of scope of your SSRM Control Ownership, whereas you are accountable for any data breach or noncompliance - irrespective of the deployment model. Understanding of these risk should;  📍 Reflect while threat modeling or assessing risk for any system. 📍 Guide what you should be looking out for in a CSP audit report, as part of evaluation process. 📍 Inform your BC/DR plans. 📍 Basis for negotiation with the CSP, especially if you are big organization with good negotiation power. Special appreciation to Guenevere (Gwen) Bettwy (ˈbet ˈwē). I used her Udemy course; "Preparing for the (ISC)2 CCSP exam! - All six domains", and she's just awesome! #CCSP #ISC2 #CloudSecurity

ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services. Vertical Registrar provides remarkable certification services to the standard ISO 27018 to enable your organization to enjoy benefits from a cloud security management system. If you have a requirement for certification, contact Vertical Registrar now. #ISO27018 #cloudsecuritymanagementsystem #cloudsecurity #managementsystem #verticalregistrar #vertical #registrar #certification #ISO #ISOcertification #ISOcertificationfirm #certificationfirm #certificationbody #ISOcertificationbody #facebook #certificate #ISOstandards #standards #ISO9001 #ISO14001 #ISO45001 #ISO22000 #ISO27001 #managementsystemcertification #instagram #trending #linkedin #viral #explore #foryou 

ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services. Vertical Registrar provides remarkable certification services to the standard ISO 27018 to enable your organization to enjoy benefits from a cloud security management system. If you have a requirement for certification, contact Vertical Registrar now. #ISO27018 #cloudsecuritymanagementsystem #cloudsecurity #managementsystem #verticalregistrar #vertical #registrar #certification #ISO #ISOcertification #ISOcertificationfirm #certificationfirm #certificationbody #ISOcertificationbody #facebook #certificate #ISOstandards #standards #ISO9001 #ISO14001 #ISO45001 #ISO22000 #ISO27001 #managementsystemcertification #instagram #trending #linkedin #viral #explore #foryou

The CCSP can be a tough cert to pass There some easy to tips that can make it easier Here they are 👇 ✅ Understand, Don’t Memorize: The CCSP is all about applying concepts. Dive deep into understanding principles rather than rote memorization. Context is king! ✅ Real-World Scenarios: Engage with real-life case studies. The more you align your preparation with real-world challenges, the better you'll fare in those scenario-based questions. ✅ Practice Makes Perfect: Invest in mock exams. The more you practice, the more familiar you become with the exam pattern, time management, and identifying your weak spots. ✅ Holistic Approach: Beyond technicalities, understand the governance, legal, and compliance aspects of cloud security. Remember, CCSP isn't just about securing data; it's about doing so responsibly. Before you dive back into your study session, remember this: The CCSP isn't just a test of knowledge, but of perspective and approach. Embrace the journey, and the results will follow! Best of luck to all CCSP aspirants! Got any additional tips? Drop them below! 🚀 #CCSP #CloudSecurity #ExamPrep #CyberCertifications

I'm thrilled to share my achievement in passing the CCSP exam from ISC2. I had earlier learned that this exam is difficult, and indeed, it proved to be the most challenging exam I have faced. The breadth of cloud security concepts—architecture, cloud infrastructure, compliance and legal requirements, risk management, data security, application security, and more was overwhelming. Although I had a foundation in most of the concepts from the CISSP exam, this was quite different, with cloud concepts at the core. Many thanks to my manager, Fekry Nabil, for giving me the opportunity to study and take the exam. Special thanks to Prabh Nair for his coffee shots and videos, Pete Zerger 🔐☁️ for his amazing videos, Luke Ahmed 🚀, and Guenevere (Gwen) Bettwy (ˈbet ˈwē). After facing the 150 grueling questions within 4 hours, I came out feeling emotionally drained and unsure if I had passed. It was all smiles after turning the sheet over and seeing "Congratulations". For those pursuing the CCSP, believe in yourself and stick to your study plan. Below is a list of resources that helped me in my journey: Books: OSG 3rd Edition CBK Reference,4th Edition CCSP Cloud Guardians Cirrus 8000ft view CSA Cloud Security Guardian v4.0 Practice Tests: OSG Practice Test 3rd Edition PocketPrep LearnZapp Videos: Pete Zerger 🔐☁️ on YouTube Prabh Nair Coffee Shorts Guenevere (Gwen) Bettwy (ˈbet ˈwē) (I watched all her tips on how to take an ISC2 exams on YouTube) #CCSP #Cloudsecurity #Cloudcomputing #CSA #Success #datasecurity #data #dataprivacy

When starting your audit, Kevin Zack, CISSP, CCSP, CISA, AWS SAA has two pieces of advice for you: 1. Be prepared - Have your subject matter experts ready and available. 2. Don’t stress - You have a great partner to help you through! We want to be your partner in compliance! Connect with one of our experts today to see how we can help make your audit worth it!

🎯 Very excited to share that I passed successfully the Certificate of Competence in Zero Trust (#CCZT) from the Cloud Security Alliance (#CSA) ✔️ Never Trust Always verify ✔️ Assume a hostile environment ✔️ Assume breach ✔️ Scrutinize explicitly ✔️ Apply unified analytics 👉 The #CCZT is considered the first Zero Trust certificate in the industry, developed by combining the guidance of Zero Trust experts, foundational documents from authoritative sources, and leadership from vendor-neutral #CSA Research. 🚀 Building on the foundational principle of Zero Trust that no part of a computing and networking system can be implicitly trusted, #CCZT will give you the knowledge and skills necessary to implement a Zero Trust strategy and reduce systemic risk. 🛡 #CCZT outlines how to put specific measures in place to provide assurance that systems and their components operate appropriately and are continuously verified. ⚔ #CCZT enables you to understand and implement Zero Trust principles into business planning, enterprise architectures, and technology deployments. 📚 The Certificate of Competence in Zero Trust consists of the following topics: ✔️ Introduction to Zero Trust Architecture (#ZTA) ✔️ Introduction to Software-Defined Perimeter (#SDP) ✔️ ZT Planning ✔️ ZT Implementation 📙 Recommanded authoritative sources : ✔️ CISA Zero Trust Maturity Model ✔️ NSTAC Report to the President on Zero Trust ✔️ NIST Zero Trust Architecture (SP.800-207) 🙏 Thank's to Rajan Iyer and Abdulrahman Alkayali who inspired me to write this post. 🙏 Congratulations to Troy Leach and Dominik Vleming for the quality of this program 👉 To know more about #CCZT and #CSA : https://lnkd.in/eRYCUZkB 👉 I also wrote a post on my #space #cybersecurity website to explain : ✔️ What is Zero Trust Architecture (#ZTA) ✔️ What is Certificate of Competence in Zero Trust (#CCZT) ✔️ Who is #CCZT for ✔️ What is the #CCZT exam structure ✔️ What does #CCZT cover ✔️ How do I prepare for the #CCZT exam ✔️ What is the cost https://lnkd.in/erKMAxDY #ZeroTrust #ZeroTrustSecurity #ZTNA

With the increased use of cloud vendors, governance of #tech has become a top strategic priority for most enterprises. Become an ISACA member to read more on how board oversight can aid this strategy in Vol. 4 of the ISACA Journal. https://bit.ly/3pSX525

With the increased use of cloud vendors, governance of #tech has become a top strategic priority for most enterprises. Become an ISACA member to read more on how board oversight can aid this strategy in Vol. 4 of the ISACA Journal. https://bit.ly/3pSX525

With the increased use of cloud vendors, governance of #tech has become a top strategic priority for most enterprises. Become an ISACA member to read more on how board oversight can aid this strategy in Vol. 4 of the ISACA Journal. https://bit.ly/3pSX525