ISC2 CCSP glossary of cloud security, shared responsibility, governance, and architecture terms.
Use this glossary when Certified Cloud Security Professional (CCSP) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| CASB | Cloud access security broker for visibility and policy enforcement across cloud services. |
| Shared responsibility | Division of security duties between cloud provider and customer. |
| Tenant isolation | Separation of customers or workloads in a shared cloud environment. |
| BYOK | Bring your own key: customer-supplied key material for encryption. |
| Data residency | Requirement or fact about where data is stored or processed geographically. |
| Cloud forensics | Evidence collection and analysis adapted to cloud platforms. |
| Pair | How to separate them |
|---|---|
| Cloud architecture and concepts vs Cloud data security | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.