We use cookies to provide essential features and services. By using our website you agree to our use of cookies .

×

COVID-19 Response at Fishpond

Read what we're doing...

CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide
By

Rating

Product Description
Product Details

Table of Contents

Introduction xv Assessment Test xxiii Chapter 1 Architectural Concepts 1 Business Requirements 4 Existing State 4 Quantifying Benefits and Opportunity Cost 5 Intended Impact 8 Cloud Evolution, Vernacular, and Definitions 8 New Technology, New Options 8 Cloud Computing Service Models 10 Cloud Deployment Models 11 Cloud Computing Roles and Responsibilities 13 Cloud Computing Definitions 13 Foundational Concepts of Cloud Computing 16 Sensitive Data 17 Virtualization 17 Encryption 17 Auditing and Compliance 18 Cloud Service Provider Contracts 18 Summary 19 Exam Essentials 19 Written Labs 19 Review Questions 20 Chapter 2 Design Requirements 25 Business Requirements Analysis 26 Inventory of Assets 26 Valuation of Assets 27 Determination of Criticality 27 Risk Appetite 29 Boundaries of Cloud Models 31 IaaS Boundaries 31 PaaS Boundaries 32 SaaS Boundaries 32 Design Principles for Protecting Sensitive Data 34 Hardening Devices 34 Encryption 35 Layered Defenses 36 Summary 37 Exam Essentials 37 Written Labs 37 Review Questions 38 Chapter 3 Data Classification 43 Data Inventory and Discovery 45 Data Ownership 45 The Data Life Cycle 46 Data Discovery Methods 49 Jurisdictional Requirements 50 Data Rights Management 51 Intellectual Property Protections 51 DRM Tool Traits 55 Data Control 57 Data Retention 58 Data Audit 59 Data Destruction/Disposal 61 Summary 62 Exam Essentials 63 Written Labs 63 Review Questions 64 Chapter 4 Cloud Data Security 67 Cloud Data Life Cycle 69 Create 70 Store 70 Use 71 Share 71 Archive 72 Destroy 74 Cloud Storage Architectures 74 Volume Storage: File-Based Storage and Block Storage 74 Object-Based Storage 74 Databases 75 Content Delivery Network (CDN) 75 Cloud Data Security Foundational Strategies 75 Encryption 75 Masking, Obfuscation, Anonymization, and Tokenization 77 Security Information and Event Management 80 Egress Monitoring (DLP) 81 Summary 82 Exam Essentials 82 Written Labs 83 Review Questions 84 Chapter 5 Security in the Cloud 87 Shared Cloud Platform Risks and Responsibilities 88 Cloud Computing Risks by Deployment and Service Model 90 Private Cloud 91 Community Cloud 91 Public Cloud 92 Hybrid Cloud 97 IaaS (Infrastructure as a Service) 97 PaaS (Platform as a Service) 97 SaaS (Software as a Service) 98 Virtualization 98 Cloud Attack Surface 99 Threats by Deployment Model 100 Countermeasure Methodology 102 Disaster Recovery (DR) and Business Continuity Management (BCM) 105 Cloud-Specific BIA Concerns 105 Customer/Provider Shared BC/DR Responsibilities 106 Summary 108 Exam Essentials 109 Written Labs 109 Review Questions 110 Chapter 6 Responsibilities in the Cloud 115 Foundations of Managed Services 118 Business Requirements 119 Business Requirements: The Cloud Provider Perspective 119 Shared Responsibilities by Service Type 125 IaaS 125 PaaS 125 SaaS 125 Shared Administration of OS, Middleware, or Applications 126 Operating System Baseline Configuration and Management 126 Share Responsibilities: Data Access 128 Customer Directly Administers Access 128 Provider Administers Access on Behalf of the Customer 129 Third-Party (CASB) Administers Access on Behalf of the Customer 129 Lack of Physical Access 131 Audits 131 Shared Policy 134 Shared Monitoring and Testing 134 Summary 135 Exam Essentials 135 Written Labs 136 Review Questions 137 Chapter 7 Cloud Application Security 141 Training and Awareness 143 Common Cloud Application Deployment Pitfalls 146 Cloud-Secure Software Development Life Cycle (SDLC) 148 ISO/IEC 27034-1 Standards for Secure Application Development 150 Identity and Access Management (IAM) 151 Identity Repositories and Directory Services 153 Single Sign-On (SSO) 153 Federated Identity Management 153 Federation Standards 154 Multifactor Authentication 155 Supplemental Security Devices 155 Cloud Application Architecture 157 Application Programming Interfaces 157 Tenancy Separation 159 Cryptography 159 Sandboxing 162 Application Virtualization 162 Cloud Application Assurance and Validation 162 Threat Modeling 163 Quality of Service 166 Software Security Testing 166 Approved APIs 171 Software Supply Chain (API) Management 171 Securing Open Source Software 172 Runtime Application Self-Protection (RASP) 173 Secure Code Reviews 173 OWASP Top 9 Coding Flaws 173 Summary 174 Exam Essentials 174 Written Labs 175 Review Questions 176 Chapter 8 Operations Elements 181 Physical/Logical Operations 183 Facilities and Redundancy 184 Virtualization Operations 194 Storage Operations 195 Physical and Logical Isolation 197 Security Training and Awareness 198 Training Program Categories 199 Additional Training Insights 203 Basic Operational Application Security 203 Threat Modeling 204 Application Testing Methods 205 Summary 206 Exam Essentials 206 Written Labs 207 Review Questions 208 Chapter 9 Operations Management 213 Monitoring, Capacity, and Maintenance 215 Monitoring 215 Maintenance 217 Change and Configuration Management (CM) 221 Baselines 221 Deviations and Exceptions 222 Roles and Process 223 Business Continuity and Disaster Recovery (BC/DR) 225 Primary Focus 226 Continuity of Operations 227 The BC/DR Plan 227 The BC/DR Kit 229 Relocation 230 Power 231 Testing 232 Summary 233 Exam Essentials 233 Written Labs 234 Review Questions 235 Chapter 10 Legal and Compliance Part 1 239 Legal Requirements and Unique Risks in the Cloud Environment 241 Legal Concepts 241 U.S. Laws 247 International Laws 252 Laws, Frameworks, and Standards Around the World 252 The Difference Between Laws, Regulations and Standards 261 Potential Personal and Data Privacy Issues in the Cloud Environment 261 eDiscovery 262 Forensic Requirements 263 International Conflict Resolution 263 Cloud Forensic Challenges 263 Contractual and Regulated PII 264 Direct and Indirect Identifiers 264 Audit Processes, Methodologies, and Cloud Adaptations 265 Virtualization 265 Scope 266 Gap Analysis 266 Information Security Management Systems (ISMSs) 266 The Right to Audit in Managed Services 267 Audit Scope Statements 267 Policies 268 Different Types of Audit Reports 268 Auditor Independence 269 AICPA Reports and Standards 270 Summary 271 Exam Essentials 272 Written Labs 273 Review Questions 274 Chapter 11 Legal and Compliance Part 2 279 The Impact of Diverse Geographical Locations and Legal Jurisdictions 281 Policies 282 Implications of the Cloud for Enterprise Risk Management 287 Choices Involved in Managing Risk 288 Risk Management Frameworks 291 Risk Management Metrics 293 Contracts and Service-Level Agreements (SLAs) 294 Business Requirements 297 Cloud Contract Design and Management for Outsourcing 297 Identifying Appropriate Supply Chain and Vendor Management Processes 298 Common Criteria Assurance Framework (ISO/IEC 15408-1:2009) 299 Cloud Computing Certification 299 CSA Security, Trust, and Assurance Registry (STAR) 300 Supply Chain Risk 302 Summary 303 Exam Essentials 303 Written Labs 304 Review Questions 305 Appendix A Answers to the Review Questions 309 Chapter 1: Architectural Concepts 310 Chapter 2: Design Requirements 311 Chapter 3: Data Classification 312 Chapter 4: Cloud Data Security 314 Chapter 5: Security in the Cloud 316 Chapter 6: Responsibilities in the Cloud 317 Chapter 7: Cloud Application Security 319 Chapter 8: Operations Elements 320 Chapter 9: Operations Management 321 Chapter 10: Legal and Compliance Part 1 323 Chapter 11: Legal and Compliance Part 2 325 Appendix B Answers to the Written Labs 327 Chapter 1 328 Chapter 2 328 Chapter 3 329 Chapter 4 330 Chapter 5 331 Chapter 6 331 Chapter 7 332 Chapter 8 332 Chapter 9 333 Chapter 10 333 Chapter 11 334 Index 335

About the Author

ABOUT THE AUTHORS Brian T. O'Hara, CCSP, CISA, CISM, CRISC, CISSP, is Information Security Officer for Do it Best Corporation and an ISSA Fellow. He serves as President of the InfraGard Indiana Members Alliance, a partnership between the FBI and the private sector. Ben Malisow, CISSP, CISM, CCSP, Security+, has been involved in INFOSEC and education for more than 20 years. At Carnegie Mellon University, he crafted and delivered the CISSP prep course for CMU's CERT/SEU. Malisow was the ISSM for the FBI's most highly classified counterterror intelligence-sharing network.

Ask a Question About this Product More...
Write your question below:
Look for similar items by category
Home » Books » Computers » General
Item ships from and is sold by Fishpond.com, Inc.
Back to top