Details

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

Sybex Study Guide 3. Aufl.

von: Mike Chapple, David Seidl
41,99 €
Verlag:	Wiley
Format:	EPUB
Veröffentl.:	02.09.2022
ISBN/EAN:	9781119909392
Sprache:	englisch
Anzahl Seiten:	416

In den Warenkorb

Als Gutschein

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

Titelbeschreibung

The only official study guide for the new CCSP exam objectives effective from 2022-2025 (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide, 3rd Edition is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. In this completely rewritten 3rd Edition, experienced cloud security professionals Mike Chapple and David Seidl use their extensive training and hands on skills to help you prepare for the CCSP exam. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Cloud Concepts, Architecture and Design, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Cloud Security Operations, and Legal, Risk, and Compliance with real-world scenarios to help you apply your skills along the way. The CCSP credential from (ISC)2 and the Cloud Security Alliance is designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond. <ul> <li>Review 100% of all CCSP exam objectives</li> <li>Practice applying essential concepts and skills</li> <li>Access the industry-leading online study tool set</li> <li>Test your knowledge with bonus practice exams and more</li></ul>As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification and apply your skills in a real-world setting.

Inhaltsverzeichnis

Introduction xxiii Assessment Test xxxii Chapter 1 Architectural Concepts 1 Cloud Characteristics 3 Business Requirements 5 Understanding the Existing State 6 Cost/Benefit Analysis 7 Intended Impact 10 Cloud Computing Service Categories 11 Software as a Service 11 Infrastructure as a Service 12 Platform as a Service 12 Cloud Deployment Models 13 Private Cloud 13 Public Cloud 13 Hybrid Cloud 13 Multi- Cloud 13 Community Cloud 13 Multitenancy 14 Cloud Computing Roles and Responsibilities 15 Cloud Computing Reference Architecture 16 Virtualization 18 Hypervisors 18 Virtualization Security 19 Cloud Shared Considerations 20 Security and Privacy Considerations 20 Operational Considerations 21 Emerging Technologies 22 Machine Learning and Artificial Intelligence 22 Blockchain 23 Internet of Things 24 Containers 24 Quantum Computing 25 Edge and Fog Computing 26 Confidential Computing 26 DevOps and DevSecOps 27 Summary 28 Exam Essentials 28 Review Questions 30 Chapter 2 Data Classification 35 Data Inventory and Discovery 37 Data Ownership 37 Data Flows 42 Data Discovery Methods 43 Information Rights Management 46 Certificates and IRM 47 IRM in the Cloud 47 IRM Tool Traits 47 Data Control 49 Data Retention 50 Data Audit and Audit Mechanisms 53 Data Destruction/Disposal 55 Summary 57 Exam Essentials 57 Review Questions 59 Chapter 3 Cloud Data Security 63 Cloud Data Lifecycle 65 Create 66 Store 66 Use 67 Share 67 Archive 69 Destroy 70 Cloud Storage Architectures 71 Storage Types 71 Volume Storage: File- Based Storage and Block Storage 72 Object- Based Storage 72 Databases 73 Threats to Cloud Storage 73 Designing and Applying Security Strategies for Storage 74 Encryption 74 Certificate Management 77 Hashing 77 Masking, Obfuscation, Anonymization, and Tokenization 78 Data Loss Prevention 81 Log Capture and Analysis 82 Summary 85 Exam Essentials 85 Review Questions 86 Chapter 4 Security in the Cloud 91 Chapter 5 Shared Cloud Platform Risks and Responsibilities 92 Cloud Computing Risks by Deployment Model 94 Private Cloud 95 Community Cloud 95 Public Cloud 97 Hybrid Cloud 101 Cloud Computing Risks by Service Model 102 Infrastructure as a Service (IaaS) 102 Platform as a Service (PaaS) 102 Software as a Service (SaaS) 103 Virtualization 103 Threats 105 Risk Mitigation Strategies 107 Disaster Recovery (DR) and Business Continuity (BC) 110 Cloud- Specific BIA Concerns 110 Customer/Provider Shared BC/DR Responsibilities 111 Cloud Design Patterns 114 Summary 115 Exam Essentials 115 Review Questions 116 Cloud Platform, Infrastructure, and Operational Security 121 Foundations of Managed Services 123 Cloud Provider Responsibilities 124 Shared Responsibilities by Service Type 125 IaaS 125 PaaS 126 SaaS 126 Securing Communications and Infrastructure 126 Firewalls 127 Intrusion Detection/Intrusion Prevention Systems 128 Honeypots 128 Vulnerability Assessment Tools 128 Bastion Hosts 129 Identity Assurance in Cloud and Virtual Environments 130 Securing Hardware and Compute 130 Securing Software 132 Third- Party Software Management 133 Validating Open- Source Software 134 OS Hardening, Monitoring, and Remediation 134 Managing Virtual Systems 135 Assessing Vulnerabilities 137 Securing the Management Plane 138 Auditing Your Environment and Provider 141 Adapting Processes for the Cloud 142 Planning for Cloud Audits 143 Summary 144 Exam Essentials 145 Review Questions 147 Chapter 6 Cloud Application Security 151 Developing Software for the Cloud 154 Common Cloud Application Deployment Pitfalls 155 Cloud Application Architecture 157 Cryptography 157 Sandboxing 158 Application Virtualization and Orchestration 158 Application Programming Interfaces 159 Multitenancy 162 Supplemental Security Components 162 Cloud- Secure Software Development Lifecycle (SDLC) 164 Software Development Phases 165 Software Development Models 166 Cloud Application Assurance and Validation 172 Threat Modeling 172 Common Threats to Applications 174 Quality Assurance and Testing Techniques 175 Supply Chain Management and Licensing 177 Identity and Access Management 177 Cloud Identity and Access Control 178 Single Sign- On 179 Identity Providers 180 Federated Identity Management 180 Multifactor Authentication 181 Secrets Management 182 Common Threats to Identity and Access Management in the Cloud 183 Zero Trust 183 Summary 183 Exam Essentials 184 Review Questions 186 Chapter 7 Operations Elements 191 Designing a Secure Data Center 193 Build vs. Buy 193 Location 194 Facilities and Redundancy 196 Data Center Tiers 200 Logical Design 201 Virtualization Operations 202 Storage Operations 205 Managing Security Operations 207 Security Operations Center (SOC) 208 Continuous Monitoring 208 Incident Management 209 Summary 209 Exam Essentials 210 Review Questions 211 Chapter 8 Operations Management 215 Monitoring, Capacity, and Maintenance 217 Monitoring 217 Physical and Environmental Protection 218 Maintenance 219 Change and Configuration Management 224 Baselines 224 Roles and Process 226 Release and Deployment Management 228 Problem and Incident Management 229 IT Service Management and Continual Service Improvement 229 Business Continuity and Disaster Recovery 231 Prioritizing Safety 231 Continuity of Operations 232 BC/DR Planning 232 The BC/DR Toolkit 234 Relocation 235 Power 237 Testing 238 Summary 239 Exam Essentials 239 Review Questions 241 Chapter 9 Legal and Compliance Issues 245 Legal Requirements and Unique Risks in the Cloud Environment 247 Constitutional Law 247 Legislation 249 Administrative Law 249 Case Law 250 Common Law 250 Contract Law 250 Analyzing a Law 251 Determining Jurisdiction 251 Scope and Application 252 Legal Liability 253 Torts and Negligence 254 U.S. Privacy and Security Laws 255 Health Insurance Portability and Accountability Act 255 The Health Information Technology for Economic and Clinical Health Act 258 Gramm–Leach–Bliley Act 259 Sarbanes–Oxley Act 261 State Data Breach Notification Laws 261 International Laws 263 European Union General Data Protection Regulation 263 Adequacy Decisions 267 U.S.- EU Safe Harbor and Privacy Shield 267 Laws, Regulations, and Standards 269 Payment Card Industry Data Security Standard 270 Critical Infrastructure Protection Program 270 Conflicting International Legislation 270 Information Security Management Systems 272 Iso/iec 27017:2015 272 Privacy in the Cloud 273 Generally Accepted Privacy Principles 273 Iso 27018 279 Direct and Indirect Identifiers 279 Privacy Impact Assessments 280 Cloud Forensics 281 Forensic Requirements 281 Cloud Forensic Challenges 281 Collection and Acquisition 282 Evidence Preservation and Management 283 e-discovery 283 Audit Processes, Methodologies, and Cloud Adaptations 284 Virtualization 284 Scope 284 Gap Analysis 285 Restrictions of Audit Scope Statements 285 Policies 286 Audit Reports 286 Summary 288 Exam Essentials 288 Review Questions 290 Chapter 10 Cloud Vendor Management 295 The Impact of Diverse Geographical Locations and Legal Jurisdictions 297 Security Policy Framework 298 Policies 298 Standards 300 Procedures 302 Guidelines 303 Exceptions and Compensating Controls 304 Developing Policies 305 Enterprise Risk Management 306 Risk Identification 308 Risk Calculation 308 Risk Assessment 309 Risk Treatment and Response 313 Risk Mitigation 313 Risk Avoidance 314 Risk Transference 314 Risk Acceptance 315 Risk Analysis 316 Risk Reporting 316 Enterprise Risk Management 318 Assessing Provider Risk Management Practices 318 Risk Management Frameworks 319 Cloud Contract Design 320 Business Requirements 321 Vendor Management 321 Data Protection 323 Negotiating Contracts 324 Common Contract Provisions 324 Contracting Documents 326 Government Cloud Standards 327 Common Criteria 327 FedRAMP 327 Fips 140- 2 327 Manage Communication with Relevant Parties 328 Summary 328 Exam Essentials 329 Review Questions 330 Appendix Answers to the Review Questions 335 Chapter 1: Architectural Concepts 336 Chapter 2: Data Classification 337 Chapter 3: Cloud Data Security 339 Chapter 4: Security in the Cloud 341 Chapter 5: Cloud Platform, Infrastructure, and Operational Security 343 Chapter 6: Cloud Application Security 345 Chapter 7: Operations Elements 347 Chapter 8: Operations Management 349 Chapter 9: Legal and Compliance Issues 350 Chapter 10: Cloud Vendor Management 352 Index 355

Autorenportrait

About the Authors Mike Chapple, PhD, CCSP, CISSP, is a bestselling author and Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is also the Academic Director of the University’s Master of Science in Business Analytics program and holds multiple technical certifications, including the CIPP/US, CySA+, CISM, PenTest+, and Security+. David Seidl, CISSP, is Vice President for Information Technology and Chief Information Officer at Miami University. He holds multiple technical certifications including GPEN, GCIH, PenTest+, and CySA+ and has written books on security certification and cyberwarfare.

Back cover copy

Your Official Study Guide for the Certified Cloud Security Professional (CCSP)® Exam Organizations increasingly rely on cloud-based services, making cloud data security more vital than ever. The (ISC)2 Certified Cloud Security Professional (CCSP) credential proves your expertise in every aspect of essential cloud security, and this Sybex Study Guide is the only Official Study Guide reviewed and endorsed by (ISC)2. Covering 100% of CCSP exam objectives and completely updated and all-new for the 2022 exam objectives, this book helps you prepare with assessment tests that check exam readiness, objective maps, exercises, chapter review questions, and an industry-leading online study tool set. Along with plenty of practice in applying critical concepts and skills, you’ll have online access to two complete practice exams, a searchable glossary of essential terms, and more than 100 electronic flash cards to help you review. It’s the smartest, most effective way to prepare for the exam – and further your career. Coverage of all exam objectives in this Study Guide means you’ll be ready for: <ul><li>Cloud Concepts, Architecture, and Design</li> <li>Cloud Data Security</li> <li>Cloud Platform and Infrastructure Security</li> <li>Cloud Application Security</li> <li>Cloud Security Operations</li> <li>Legal, Risk, and Compliance</li></ul> Interactive learning environment Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: <ul><li>Interactive test bank with 2 practice exams to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you’re ready to take the certification exam.</li> <li>More than 100 electronic flashcards to reinforce learning and last-minute prep before the exam.</li> <li>Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.</li></ul> ABOUT THE CCSP CERTIFICATION The CCSP is the premier cloud security certification from (ISC)2. This vendor-neutral certification validates IT and information security professionals’ knowledge and competency to apply best practices to cloud security architecture, design, operations, and service orchestration. It shows you’re on the forefront of cloud security. (ISC)2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, adhere to the (ISC)2 Code of Ethics and maintain continuing education requirements or recertify every three years. Visit www.isc2.org to learn more.