The Official (ISC)2 CCSP CBK Reference

The only official body of knowledge for CCSP--the most popular cloud security credential--fully revised and updated. Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the c...

Descripción completa

Detalles Bibliográficos
Otros Autores:	Kraus, Aaron, author (author)
Formato:	Libro electrónico
Idioma:	Inglés
Publicado:	Hoboken, New Jersey : John Wiley & Sons, Incorporated [2022]
Edición:	Fourth edition
Materias:	Cloud computing > Security measures > Examinations, questions, etc. Computer security > Examinations, questions, etc.
Ver en Biblioteca Universitat Ramon Llull:	https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009703319106719

Tabla de Contenidos:

Cover
Title Page
Copyright Page
Acknowledgments
About the Author
About the Technical Editor
Contents
Foreword to the Fourth Edition
Introduction
Chapter 1 Cloud Concepts, Architecture, and Design
Understand Cloud Computing Concepts
Cloud Computing Definitions
Cloud Computing Roles and Responsibilities
Key Cloud Computing Characteristics
Building Block Technologies
Describe Cloud Reference Architecture
Cloud Computing Activities
Cloud Service Capabilities
Cloud Service Categories
Cloud Deployment Models
Cloud Shared Considerations
Impact of Related Technologies
Understand Security Concepts Relevant to Cloud Computing
Cryptography and Key Management
Identity and Access Control
Data and Media Sanitization
Network Security
Virtualization Security
Common Threats
Security Hygiene
Understand Design Principles of Secure Cloud Computing
Cloud Secure Data Lifecycle
Cloud-Based Business Continuity and Disaster Recovery Plan
Business Impact Analysis
Functional Security Requirements
Security Considerations for Different Cloud Categories
Cloud Design Patterns
DevOps Security
Evaluate Cloud Service Providers
Verification Against Criteria
System/Subsystem Product Certifications
Summary
Chapter 2 Cloud Data Security
Describe Cloud Data Concepts
Cloud Data Lifecycle Phases
Data Dispersion
Data Flows
Design and Implement Cloud Data Storage Architectures
Storage Types
Threats to Storage Types
Design and Apply Data Security Technologies and Strategies
Encryption and Key Management
Hashing
Data Obfuscation
Tokenization
Data Loss Prevention
Keys, Secrets, and Certificates Management
Implement Data Discovery
Structured Data
Unstructured Data
Semi-structured Data
Data Location.
Implement Data Classification
Data Classification Policies
Mapping
Labeling
Design and Implement Information Rights Management
Objectives
Appropriate Tools
Plan and Implement Data Retention, Deletion, and Archiving Policies
Data Retention Policies
Data Deletion Procedures and Mechanisms
Data Archiving Procedures and Mechanisms
Legal Hold
Design and Implement Auditability, Traceability, and Accountability of Data Events
Definition of Event Sources and Requirement of Event Attribution
Logging, Storage, and Analysis of Data Events
Chain of Custody and Nonrepudiation
Summary
Chapter 3 Cloud Platform and Infrastructure Security
Comprehend Cloud Infrastructure and Platform Components
Physical Environment
Network and Communications
Compute
Virtualization
Storage
Management Plane
Design a Secure Data Center
Logical Design
Physical Design
Environmental Design
Analyze Risks Associated with Cloud Infrastructure and Platforms
Risk Assessment
Cloud Vulnerabilities, Threats, and Attacks
Risk Mitigation Strategies
Plan and Implementation of Security Controls
Physical and Environmental Protection
System, Storage, and Communication Protection
Identification, Authentication, and Authorization in Cloud Environments
Audit Mechanisms
Plan Disaster Recovery and Business Continuity
Business Continuity/Disaster Recovery Strategy
Business Requirements
Creation, Implementation, and Testing of Plan
Summary
Chapter 4 Cloud Application Security
Advocate Training and Awareness for Application Security
Cloud Development Basics
Common Pitfalls
Common Cloud Vulnerabilities
Describe the Secure Software Development Life Cycle Process
NIST Secure Software Development Framework
OWASP Software Assurance Maturity Model.
Business Requirements
Phases and Methodologies
Apply the Secure Software Development Life Cycle
Cloud-Specific Risks
Threat Modeling
Avoid Common Vulnerabilities during Development
Secure Coding
Software Configuration Management and Versioning
Apply Cloud Software Assurance and Validation
Functional and Non-functional Testing
Security Testing Methodologies
Quality Assurance
Abuse Case Testing
Use Verified Secure Software
Securing Application Programming Interfaces
Supply-Chain Management
Third-Party Software Management
Validated Open-Source Software
Comprehend the Specifics of Cloud Application Architecture
Supplemental Security Components
Cryptography
Sandboxing
Application Virtualization and Orchestration
Design Appropriate Identity and Access Management Solutions
Federated Identity
Identity Providers
Single Sign-on
Multifactor Authentication
Cloud Access Security Broker
Summary
Chapter 5 Cloud Security Operations
Build and Implement Physical and Logical Infrastructure for Cloud Environment
Hardware-Specific Security Configuration Requirements
Installation and Configuration of Virtualization Management Tools
Virtual Hardware-Specific Security Configuration Requirements
Installation of Guest Operating System Virtualization Toolsets
Operate Physical and Logical Infrastructure for Cloud Environment
Configure Access Control for Local and Remote Access
Secure Network Configuration
Operating System Hardening through the Application of Baselines
Availability of Stand-Alone Hosts
Availability of Clustered Hosts
Availability of Guest Operating Systems
Manage Physical and Logical Infrastructure for Cloud Environment
Access Controls for Remote Access
Operating System Baseline Compliance Monitoring and Remediation.
Patch Management
Performance and Capacity Monitoring
Hardware Monitoring
Configuration of Host and Guest Operating System Backup and Restore Functions
Network Security Controls
Management Plane
Implement Operational Controls and Standards
Change Management
Continuity Management
Information Security Management
Continual Service Improvement Management
Incident Management
Problem Management
Release Management
Deployment Management
Configuration Management
Service Level Management
Availability Management
Capacity Management
Support Digital Forensics
Forensic Data Collection Methodologies
Evidence Management
Collect, Acquire, and Preserve Digital Evidence
Manage Communication with Relevant Parties
Vendors
Customers
Partners
Regulators
Other Stakeholders
Manage Security Operations
Security Operations Center
Monitoring of Security Controls
Log Capture and Analysis
Incident Management
Summary
Chapter 6 Legal, Risk, and Compliance
Articulating Legal Requirements and Unique Risks within the Cloud Environment
Conflicting International Legislation
Evaluation of Legal Risks Specific to Cloud Computing
Legal Frameworks and Guidelines
eDiscovery
Forensics Requirements
Understand Privacy Issues
Difference between Contractual and Regulated Private Data
Country-Specific Legislation Related to Private Data
Jurisdictional Differences in Data Privacy
Standard Privacy Requirements
Privacy Impact Assessments
Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
Internal and External Audit Controls
Impact of Audit Requirements
Identify Assurance Challenges of Virtualization and Cloud
Types of Audit Reports
Restrictions of Audit Scope Statements
Gap Analysis
Audit Planning.
Internal Information Security Management System
Internal Information Security Controls System
Policies
Identification and Involvement of Relevant Stakeholders
Specialized Compliance Requirements for Highly Regulated Industries
Impact of Distributed Information Technology Model
Understand Implications of Cloud to Enterprise Risk Management
Assess Provider's Risk Management Programs
Differences between Data Owner/Controller vs. Data Custodian/Processor
Regulatory Transparency Requirements
Risk Treatment
Risk Frameworks
Metrics for Risk Management
Assessment of Risk Environment
Understand Outsourcing and Cloud Contract Design
Business Requirements
Vendor Management
Contract Management
Supply Chain Management
Summary
Index
EULA.

The Official (ISC)2 CCSP CBK Reference

Ejemplares similares