Domain 5: Cloud Security Operations
5.1 Build and implement physical and logical infrastructure for cloud environment
- Hardware specific security configuration requirements
- Hardware security module (HSM) and Trusted Platform Module (TPM)
- Installation and configuration of management tools
- Virtual hardware specific security configuration requirements
- Network
- Storage
- Memory
- Central processing unit (CPU)
- Hypervisor type 1 and 2
- Installation of guest operating system (OS) virtualization toolsets
5.2 Operate and maintain physical and logical infrastructure for cloud environment
- Access controls for local and remote access
- Remote Desktop Protocol (RDP)
- Secure terminal access
- Secure Shell (SSH)
- Console-based access mechanisms
- Jumpboxes
- Virtual client
- Secure network configuration
- Virtual local area networks (VLAN)
- Transport Layer Security (TLS)
- Dynamic Host Configuration Protocol (DHCP)
- Domain Name System Security Extensions (DNSSEC)
- Virtual private network (VPN)
- Network security controls
- Firewalls
- Intrusion detection systems (IDS)
- Intrusion prevention systems (IPS)
- Honeypots
- Vulnerability assessments
- Network security groups
- Bastion host
- Operating system (OS) hardening through the application of baselines, monitoring and remediation
- Patch management
- Infrastructure as Code (IaC) strategy
- Availability of clustered hosts
- Distributed resource scheduling
- Dynamic optimization
- Storage clusters
- Maintenance mode
- High availability (HA)
- Availability of guest operating system (OS)
- Performance and capacity monitoring
- Network
- Compute
- Storage
- Response time
- Hardware monitoring
- Disk
- Central processing unit (CPU)
- Fan speed
- Temperature
- Configuration of host and guest operating system (OS) backup and restore functions
- Management plane
- Scheduling
- Orchestration
- Maintenance
5.3 Implement operational controls and standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
- Incident management
- Problem management
- Release management
- Deployment management
- Configuration management
- Service level management
- Availability management
- Capacity management
5.4 Support digital forensics
- Forensic data collection methodologies
- Evidence management
- Collect, acquire, and preserve digital evidence
5.5 Manage communication with relevant parties
- Vendors
- Customers
- Partners
- Regulators
- Other stakeholders
5.6 Manage security operations
- Forensic data collection methodologies
- Evidence management
- Collect, acquire, and preserve digital evidence
- Security operations center (SOC)
- Intelligent monitoring of security controls
- Firewalls
- Intrusion detection systems (IDS)
- Intrusion prevention systems (IPS)
- Honeypots
- Network security groups
- Artificial intelligence (AI)
- Log capture and analysis
- Security information and event management (SIEM)
- Log management
- Incident management
- Vulnerability assessments