0%

The only official body of knowledge for CCSP—the most popular cloud security credential—fully revised and updated.

Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)2 Guide to the CCSP CBK is the authoritative, vendor-neutral common body of knowledge for cloud security professionals. 

This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture, and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk, and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.

Developed by (ISC)2, the world leader in professional cybersecurity certification and training, this indispensable guide:

  • Covers the six CCSP domains and over 150 detailed objectives
  • Provides guidance on real-world best practices and techniques
  • Includes illustrated examples, tables, diagrams and sample questions

The Official (ISC)2 Guide to the CCSP CBK is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Acknowledgments
  5. About the Authors
  6. About the Technical Editor
  7. Foreword to the Third Edition
  8. Introduction
  9. Domain 1: Cloud Concepts, Architecture, and Design
    1. UNDERSTAND CLOUD COMPUTING CONCEPTS
    2. DESCRIBE CLOUD REFERENCE ARCHITECTURE
    3. UNDERSTAND SECURITY CONCEPTS RELEVANT TO CLOUD COMPUTING
    4. UNDERSTAND DESIGN PRINCIPLES OF SECURE CLOUD COMPUTING
    5. EVALUATE CLOUD SERVICE PROVIDERS
  10. Domain 2: Cloud Data Security
    1. DESCRIBE CLOUD DATA CONCEPTS
    2. DESIGN AND IMPLEMENT CLOUD DATA STORAGE ARCHITECTURES
    3. DESIGN AND APPLY DATA SECURITY TECHNOLOGIES AND STRATEGIES
    4. IMPLEMENT DATA DISCOVERY
    5. IMPLEMENT DATA CLASSIFICATION
    6. DESIGN AND IMPLEMENT INFORMATION RIGHTS MANAGEMENT
    7. PLAN AND IMPLEMENT DATA RETENTION, DELETION, AND ARCHIVING POLICIES
    8. DESIGN AND IMPLEMENT AUDITABILITY, TRACEABILITY, AND ACCOUNTABILITY OF DATA EVENTS
    9. SUMMARY
  11. Domain 3: Cloud Platform and Infrastructure Security
    1. COMPREHEND CLOUD INFRASTRUCTURE COMPONENTS
    2. DESIGN A SECURE DATA CENTER
    3. ANALYZE RISKS ASSOCIATED WITH CLOUD INFRASTRUCTURE
    4. DESIGN AND PLAN SECURITY CONTROLS
    5. PLAN DISASTER RECOVERY AND BUSINESS CONTINUITY
    6. SUMMARY
  12. Domain 4: Cloud Application Security
    1. ADVOCATE TRAINING AND AWARENESS FOR APPLICATION SECURITY
    2. DESCRIBE THE SECURE SOFTWARE DEVELOPMENT LIFECYCLE PROCESS
    3. APPLY THE SECURE SOFTWARE DEVELOPMENT LIFECYCLE
    4. APPLY CLOUD SOFTWARE ASSURANCE AND VALIDATION
    5. USE VERIFIED SECURE SOFTWARE
    6. COMPREHEND THE SPECIFICS OF CLOUD APPLICATION ARCHITECTURE
    7. DESIGN APPROPRIATE IDENTITY AND ACCESS MANAGEMENT SOLUTIONS
    8. SUMMARY
  13. Domain 5: Cloud Security Operations
    1. IMPLEMENT AND BUILD PHYSICAL AND LOGICAL INFRASTRUCTURE FOR CLOUD ENVIRONMENT
    2. OPERATE PHYSICAL AND LOGICAL INFRASTRUCTURE FOR CLOUD ENVIRONMENT
    3. MANAGE PHYSICAL AND LOGICAL INFRASTRUCTURE FOR CLOUD ENVIRONMENT
    4. IMPLEMENT OPERATIONAL CONTROLS AND STANDARDS
    5. SUPPORT DIGITAL FORENSICS
    6. MANAGE COMMUNICATION WITH RELEVANT PARTIES
    7. MANAGE SECURITY OPERATIONS
    8. SUMMARY
  14. Domain 6: Legal, Risk, and Compliance
    1. ARTICULATING LEGAL REQUIREMENTS AND UNIQUE RISKS WITHIN THE CLOUD ENVIRONMENT
    2. UNDERSTANDING PRIVACY ISSUES
    3. UNDERSTANDING AUDIT PROCESS, METHODOLOGIES, AND REQUIRED ADAPTATIONS FOR A CLOUD ENVIRONMENT
    4. UNDERSTAND IMPLICATIONS OF CLOUD TO ENTERPRISE RISK MANAGEMENT
    5. UNDERSTANDING OUTSOURCING AND CLOUD CONTRACT DESIGN
    6. SUMMARY
  15. Index
  16. End User License Agreement
35.175.212.5