Book Description Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Comprehensive coverage of every domain on the CCSP exam This highly effective self-study guide covers all six domains of the 2019 release of the challenging Certified Cloud Security Professional exam as well as the CCSP Common Body of Knowledge, developed by the International Information Systems Security Certification Consortium (ISC)2®. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Second Edition offers clear explanations, real-world examples, and practice questions that match the content, tone, and format of those on the actual exam. To aid in retention, each chapter includes exam tips that highlight key information, a summary that serves as a quick review of salient points, and practice questions that allow you to test your comprehension. “Notes,” “Tips,” and “Cautions” throughout provide additional insight. Covers all six exam domains: • Cloud Concepts, Architecture, and Design • Cloud Data Security • Cloud Platform & Infrastructure Security • Cloud Application Security • Cloud Security Operations • Legal, Risk, and Compliance Online content includes: • 300 practice questions Show and hide more
Table of Contents
Cover Title Page Copyright Page Dedication ABOUT THE AUTHOR CONTENTS AT A GLANCE CONTENTS Introduction Acknowledgments Chapter 1 How to Obtain the CCSP and Introduction to Security Why Get Certified? How to Get Certified CCSP Domains Domain 1: Cloud Concepts, Architecture, and Design Domain 2: Cloud Data Security Domain 3: Cloud Platform and Infrastructure Security Domain 4: Cloud Application Security Domain 5: Cloud Security Operations Domain 6: Legal, Risk, and Compliance Introduction to IT Security Basic Security Concepts Risk Management Business Continuity and Disaster Recovery Chapter Review Chapter 2 Cloud Concepts, Architecture, and Design Cloud Computing Concepts Cloud Computing Definitions Cloud Computing Roles Key Cloud Computing Characteristics Building-Block Technologies Cloud Reference Architecture Cloud Computing Activities Cloud Service Capabilities Cloud Service Categories Cloud Deployment Models Cloud Shared Considerations Impact of Related Technologies Security Concepts Relevant to Cloud Computing Cryptography Access Control Data and Media Sanitation Network Security Virtualization Security Common Threats Security Considerations for the Different Cloud Categories Design Principles of Secure Cloud Computing Cloud Secure Data Lifecycle Cloud-Based Business Continuity/Disaster Recovery Planning Cost-Benefit Analysis Identify Trusted Cloud Services Certification Against Criteria System/Subsystem Product Certifications Cloud Architecture Models Sherwood Applied Business Security Architecture (SABSA) IT Infrastructure Library (ITIL) The Open Group Architecture Framework (TOGAF) NIST Cloud Technology Roadmap Exercise Chapter Review Questions Questions and Answers Chapter 3 Cloud Data Security Describe Cloud Data Concepts Cloud Data Lifecycle Phases Data Dispersion Design and Implement Cloud Data Storage Architectures Storage Types Threats to Storage Types Design and Apply Data Security Strategies Encryption Hashing Key Management Tokenization Data Loss Prevention Data De-identification Application of Technologies Emerging Technologies Implement Data Discovery Structured Data Unstructured Data Implement Data Classification Mapping Labeling Sensitive Data Relevant Jurisdictional Data Protections for Personally Identifiable Information Data Privacy Acts Privacy Roles and Responsibilities Implementation of Data Discovery Classification of Discovered Sensitive Data Mapping and Definition of Controls Application of Defined Controls Data Rights Management Data Rights Objectives Tools Data Retention, Deletion, and Archiving Policies Data Retention Data Deletion Data Archiving Legal Hold Auditability, Traceability, and Accountability of Data Events Definition of Event Sources Identity Attribution Requirements Data Event Logging Storage and Analysis of Data Events Continuous Optimizations Chain of Custody and Nonrepudiation Exercise Chapter Review Questions Questions and Answers Chapter 4 Cloud Platform and Infrastructure Security Comprehend Cloud Infrastructure Components Physical Environment Network and Communications Compute Storage Virtualization Management Plane Analyze Risks Associated with Cloud Infrastructure Risk Assessment and Analysis Virtualization Risks Countermeasure Strategies Design and Plan Security Controls Physical and Environmental Protection System and Communication Protection Virtualization Systems Protection Identification, Authentication, and Authorization in a Cloud Infrastructure Audit Mechanisms Disaster Recovery and Business Continuity Management Planning Understanding the Cloud Environment Understanding Business Requirements Understanding Risks Disaster Recovery/Business Continuity Strategy Exercise Chapter Review Questions Questions and Answers Chapter 5 Cloud Application Security Advocate Training and Awareness for Application Security Cloud Development Basics Common Pitfalls Describe the Secure Software Development Lifecycle (SDLC) Process Business Requirements Phases and Methodologies Apply the Secure Software Development Lifecycle Avoid Common Vulnerabilities During Development Cloud-Specific Risks Quality of Service Threat Modeling Software Configuration Management and Versioning Cloud Software Assurance and Validation Cloud-Based Functional Testing Cloud Secure Development Lifecycle (CSDLC) Security Testing Verified Secure Software Approved API Supply-Chain Management Community Knowledge Cloud Application Architecture Supplemental Security Devices Cryptography Sandboxing Application Virtualization Identity and Access Management (IAM) Solutions Federated Identity Identity Providers Single Sign-On Multifactor Authentication Exercise Chapter Review Questions Questions and Answers Chapter 6 Cloud Security Operations Support the Planning Process for the Data Center Design Logical Design Physical Design Environmental Design Implement and Build the Physical Infrastructure for the Cloud Environment Secure Configuration of Hardware-Specific Requirements Installation and Configuration of Virtualization Management Tools Virtual Hardware Specific Security Configuration Requirements Installation of Guest Operating System Virtualization Toolsets Operate the Physical and Logical Infrastructure for the Cloud Environment Configuration of Access Control for Local and Remote Access Secure Network Configuration OS Hardening via Application of Baselines Availability of Standalone Hosts Availability of Clustered Hosts Availability of the Guest Operating System Manage the Physical and Logical Infrastructure for Cloud Environment Access Controls for Remote Access OS Baseline Compliance Monitoring and Remediation Patch Management Performance Monitoring Hardware Monitoring Backup and Restore Functions Network Security Controls Management Plan Implement Operational Controls and Standards Change Management Continuity Management Information Security Management Continual Service Improvement Management Incident Management Problem Management Release and Deployment Management Configuration Management Service Level Management Availability Management Capacity Management Support Digital Forensics Proper Methodologies for the Forensic Collection of Data Evidence Management Manage Communication with Relevant Parties Vendors Customers Partners Regulators Other Stakeholders Manage Security Operations Security Operations Center Monitoring of Security Controls Log Capture and Analysis Exercise Chapter Review Questions Questions and Answers Chapter 7 Legal, Risk, and Compliance Articulate Legal Requirements and Unique Risks Within the Cloud Environment Conflicting International Legislation Evaluation of Legal Risks Specific to Cloud Computing Legal Framework and Guidelines eDiscovery Forensics Requirements Understand Privacy Issues Difference Between Contractual and Regulated Personally Identifiable Information (PII) Country-Specific Legislation Related to PII and Data Privacy Differences Among Confidentiality, Integrity, Availability, and Privacy Standard Privacy Requirements Understand Audit Processes, Methodologies, and Required Adaptations for a Cloud Environment Internal and External Audit Controls Impact of Audit Requirements Identify Assurance Challenges of Virtualization and Cloud Types of Audit Reports Restrictions of Audit Scope Statements Gap Analysis Audit Planning Internal Information Security Management System (ISMS) Internal Information Security Controls System Policies Identification and Involvement of Relevant Stakeholders Specialized Compliance Requirements for Highly Regulated Industries Impact of Distributed IT Model Understand Implications of Cloud to Enterprise Risk Management Assess Provider’s Risk Management Difference Between Data Owner/Controller vs. Data Custodian/Processor Risk Treatment Different Risk Frameworks Metrics for Risk Management Assessment of the Risk Environment Understand Outsourcing and Cloud Contract Design Business Requirements Vendor Management Contract Management Executive Vendor Management Supply-Chain Management Exercise Chapter Review Questions Questions and Answers Appendix A Exam Review Questions Questions Quick Answers Questions and Comprehensive Answer Explanations Appendix B About the Online Content System Requirements Your Total Seminars Training Hub Account Privacy Notice Single User License Terms and Conditions TotalTester Online Technical Support Glossary Index