The official (ISC)2 CCSP CBK reference
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Hoboken, N.J.:
Sybex, a Wiley brand
c2021.
Hoboken, New Jersey : [2021] |
| Edición: | Third edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009633608106719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- Acknowledgments
- About the Authors
- About the Technical Editor
- Contents at a Glance
- Contents
- Foreword to the Third Edition
- Introduction
- Domain 1: Cloud Concepts, Architecture, and Design
- Domain 2: Cloud Data Security
- Domain 3: Cloud Platform and Infrastructure Security
- Domain 4: Cloud Application Security
- Domain 5: Cloud Security Operations
- Domain 6: Legal, Risk, and Compliance
- How to Contact the Publisher
- Domain 1 Cloud Concepts, Architecture, and Design
- Understand Cloud Computing Concepts
- Cloud Computing Definitions
- Cloud Computing Roles
- Key Cloud Computing Characteristics
- Building Block Technologies
- Describe Cloud Reference Architecture
- Cloud Computing Activities
- Cloud Service Capabilities
- Cloud Service Categories
- Cloud Deployment Models
- Cloud Shared Considerations
- Impact of Related Technologies
- Understand Security Concepts Relevant to Cloud Computing
- Cryptography and Key Management
- Access Control
- Data and Media Sanitization
- Network Security
- Virtualization Security
- Common Threats
- Understand Design Principles of Secure Cloud Computing
- Cloud Secure Data Lifecycle
- Cloud-Based Disaster Recovery and Business Continuity Planning
- Cost-Benefit Analysis
- Functional Security Requirements
- Security Considerations for Different Cloud Categories
- Evaluate Cloud Service Providers
- Verification against Criteria
- System/Subsystem Product Certifications
- Summary
- Domain 2 Cloud Data Security
- Describe Cloud Data Concepts
- Cloud Data Lifecycle Phases
- Data Dispersion
- Design and Implement Cloud Data Storage Architectures
- Storage Types
- Threats to Storage Types
- Design and Apply Data Security Technologies and Strategies
- Encryption and Key Management
- Hashing
- Masking.
- Tokenization
- Data Loss Prevention
- Data Obfuscation
- Data De-identification
- Implement Data Discovery
- Structured Data
- Unstructured Data
- Implement Data Classification
- Mapping
- Labeling
- Sensitive Data
- Design and Implement Information Rights Management
- Objectives
- Appropriate Tools
- Plan and Implement Data Retention, Deletion, and Archiving Policies
- Data Retention Policies
- Data Deletion Procedures and Mechanisms
- Data Archiving Procedures and Mechanisms
- Legal Hold
- Design and Implement Auditability, Traceability, and Accountability of Data Events
- Definition of Event Sources and Requirement of Identity Attribution
- Logging, Storage, and Analysis of Data Events
- Chain of Custody and Nonrepudiation
- Summary
- Domain 3 Cloud Platform and Infrastructure Security
- Comprehend Cloud Infrastructure Components
- Physical Environment
- Network and Communications
- Compute
- Virtualization
- Storage
- Management Plane
- Design a Secure Data Center
- Logical Design
- Physical Design
- Environmental Design
- Analyze Risks Associated with Cloud Infrastructure
- Risk Assessment and Analysis
- Cloud Vulnerabilities, Threats, and Attacks
- Virtualization Risks
- Countermeasure Strategies
- Design and Plan Security Controls
- Physical and Environmental Protection
- System and Communication Protection
- Virtualization Systems Protection
- Identification, Authentication, and Authorization in Cloud Infrastructure
- Audit Mechanisms
- Plan Disaster Recovery and Business Continuity
- Risks Related to the Cloud Environment
- Business Requirements
- Business Continuity/Disaster Recovery Strategy
- Creation, Implementation, and Testing of Plan
- Summary
- Domain 4 Cloud Application Security
- Advocate Training and Awareness for Application Security
- Cloud Development Basics.
- Common Pitfalls
- Common Cloud Vulnerabilities
- Describe the Secure Software Development Lifecycle Process
- NIST Secure Software Development Framework
- OWASP Software Assurance Security Model
- Business Requirements
- Phases and Methodologies
- Apply the Secure Software Development Lifecycle
- Avoid Common Vulnerabilities During Development
- Cloud-Specific Risks
- Quality Assurance
- Threat Modeling
- Software Configuration Management and Versioning
- Apply Cloud Software Assurance and Validation
- Functional Testing
- Security Testing Methodologies
- Use Verified Secure Software
- Approved Application Programming Interfaces
- Supply-Chain Management
- Third-Party Software Management
- Validated Open-Source Software
- Comprehend the Specifics of Cloud Application Architecture
- Supplemental Security Components
- Cryptography
- Sandboxing
- Application Virtualization and Orchestration
- Design Appropriate Identity and Access Management Solutions
- Federated Identity
- Identity Providers
- Single Sign-On
- Multifactor Authentication
- Cloud Access Security Broker
- Summary
- Domain 5 Cloud Security Operations
- Implement and Build Physical and Logical Infrastructure for Cloud Environment
- Hardware-Specific Security Configuration Requirements
- Installation and Configuration of Virtualization Management Tools
- Virtual Hardware-Specific Security Configuration Requirements
- Installation of Guest Operating System Virtualization Toolsets
- Operate Physical and Logical Infrastructure for Cloud Environment
- Configure Access Control for Local and Remote Access
- Secure Network Configuration
- Operating System Hardening through the Application of Baselines
- Availability of Stand-Alone Hosts
- Availability of Clustered Hosts
- Availability of Guest Operating Systems.
- Manage Physical and Logical Infrastructure for Cloud Environment
- Access Controls for Remote Access
- Operating System Baseline Compliance Monitoring and Remediation
- Patch Management
- Performance and Capacity Monitoring
- Hardware Monitoring
- Configuration of Host and Guest Operating System Backup and Restore Functions
- Network Security Controls
- Management Plane
- Implement Operational Controls and Standards
- Change Management
- Continuity Management
- Information Security Management
- Continual Service Improvement Management
- Incident Management
- Problem Management
- Release Management
- Deployment Management
- Configuration Management
- Service Level Management
- Availability Management
- Capacity Management
- Support Digital Forensics
- Forensic Data Collection Methodologies
- Evidence Management
- Collect, Acquire, and Preserve Digital Evidence
- Manage Communication with Relevant Parties
- Vendors
- Customers
- Partners
- Regulators
- Other Stakeholders
- Manage Security Operations
- Security Operations Center
- Monitoring of Security Controls
- Log Capture and Analysis
- Incident Management
- Summary
- Domain 6 Legal, Risk, and Compliance
- Articulating Legal Requirements and Unique Risks Within the Cloud Environment
- Conflicting International Legislation
- Evaluation of Legal Risks Specific to Cloud Computing
- Legal Frameworks and Guidelines That Affect Cloud Computing
- Forensics and eDiscovery in the Cloud
- Understanding Privacy Issues
- Difference between Contractual and Regulated Private Data
- Country-Specific Legislation Related to Private Data
- Jurisdictional Differences in Data Privacy
- Standard Privacy Requirements
- Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
- Internal and External Audit Controls.
- Impact of Audit Requirements
- Identity Assurance Challenges of Virtualization and Cloud
- Types of Audit Reports
- Restrictions of Audit Scope Statements
- Gap Analysis
- Audit Planning
- Internal Information Security Management Systems
- Internal Information Security Controls System
- Policies
- Identification and Involvement of Relevant Stakeholders
- Specialized Compliance Requirements for Highly Regulated Industries
- Impact of Distributed Information Technology Models
- Understand Implications of Cloud to Enterprise Risk Management
- Assess Providers Risk Management Programs
- Differences Between Data Owner/Controller vs. Data Custodian/Processor
- Regulatory Transparency Requirements
- Risk Treatment
- Risk Frameworks
- Metrics for Risk Management
- Assessment of Risk Environment
- Understanding Outsourcing and Cloud Contract Design
- Business Requirements
- Vendor Management
- Contract Management
- Supply Chain Management
- Summary
- Index
- EULA.
