Rights Contact Login For More Details
More About This Title CCSP (ISC)2 Certified Cloud Security ProfessionalOfficial Study Guide
English
CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.
The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.
- Review 100% of all CCSP exam objectives
- Practice applying essential concepts and skills
- Access the industry-leading online study tool set
- Test your knowledge with bonus practice exams and more
As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.
English
ABOUT THE AUTHORS
Brian T. O'Hara, CCSP, CISA, CISM, CRISC, CISSP, is Information Security Officer for Do it Best Corporation and an ISSA Fellow. He serves as President of the InfraGard Indiana Members Alliance, a partnership between the FBI and the private sector. Ben Malisow, CISSP, CISM, CCSP, Security+, has been involved in INFOSEC and education for more than 20 years. At Carnegie Mellon University, he crafted and delivered the CISSP prep course for CMU's CERT/SEU. Malisow was the ISSM for the FBI's most highly classified counterterror intelligence-sharing network.
English
Introduction xv
Assessment Test xxiii
Chapter 1 Architectural Concepts 1
Business Requirements 4
Existing State 4
Quantifying Benefits and Opportunity Cost 5
Intended Impact 8
Cloud Evolution, Vernacular, and Definitions 8
New Technology, New Options 8
Cloud Computing Service Models 10
Cloud Deployment Models 11
Cloud Computing Roles and Responsibilities 13
Cloud Computing Definitions 13
Foundational Concepts of Cloud Computing 16
Sensitive Data 17
Virtualization 17
Encryption 17
Auditing and Compliance 18
Cloud Service Provider Contracts 18
Summary 19
Exam Essentials 19
Written Labs 19
Review Questions 20
Chapter 2 Design Requirements 25
Business Requirements Analysis 26
Inventory of Assets 26
Valuation of Assets 27
Determination of Criticality 27
Risk Appetite 29
Boundaries of Cloud Models 31
IaaS Boundaries 31
PaaS Boundaries 32
SaaS Boundaries 32
Design Principles for Protecting Sensitive Data 34
Hardening Devices 34
Encryption 35
Layered Defenses 36
Summary 37
Exam Essentials 37
Written Labs 37
Review Questions 38
Chapter 3 Data Classification 43
Data Inventory and Discovery 45
Data Ownership 45
The Data Life Cycle 46
Data Discovery Methods 49
Jurisdictional Requirements 50
Data Rights Management 51
Intellectual Property Protections 51
DRM Tool Traits 55
Data Control 57
Data Retention 58
Data Audit 59
Data Destruction/Disposal 61
Summary 62
Exam Essentials 63
Written Labs 63
Review Questions 64
Chapter 4 Cloud Data Security 67
Cloud Data Life Cycle 69
Create 70
Store 70
Use 71
Share 71
Archive 72
Destroy 74
Cloud Storage Architectures 74
Volume Storage: File-Based Storage and Block Storage 74
Object-Based Storage 74
Databases 75
Content Delivery Network (CDN) 75
Cloud Data Security Foundational Strategies 75
Encryption 75
Masking, Obfuscation, Anonymization, and Tokenization 77
Security Information and Event Management 80
Egress Monitoring (DLP) 81
Summary 82
Exam Essentials 82
Written Labs 83
Review Questions 84
Chapter 5 Security in the Cloud 87
Shared Cloud Platform Risks and Responsibilities 88
Cloud Computing Risks by Deployment and Service Model 90
Private Cloud 91
Community Cloud 91
Public Cloud 92
Hybrid Cloud 97
IaaS (Infrastructure as a Service) 97
PaaS (Platform as a Service) 97
SaaS (Software as a Service) 98
Virtualization 98
Cloud Attack Surface 99
Threats by Deployment Model 100
Countermeasure Methodology 102
Disaster Recovery (DR) and Business Continuity Management (BCM) 105
Cloud-Specific BIA Concerns 105
Customer/Provider Shared BC/DR Responsibilities 106
Summary 108
Exam Essentials 109
Written Labs 109
Review Questions 110
Chapter 6 Responsibilities in the Cloud 115
Foundations of Managed Services 118
Business Requirements 119
Business Requirements: The Cloud Provider Perspective 119
Shared Responsibilities by Service Type 125
IaaS 125
PaaS 125
SaaS 125
Shared Administration of OS, Middleware, or Applications 126
Operating System Baseline Configuration and Management 126
Share Responsibilities: Data Access 128
Customer Directly Administers Access 128
Provider Administers Access on Behalf of the Customer 129
Third-Party (CASB) Administers Access on Behalf of the Customer 129
Lack of Physical Access 131
Audits 131
Shared Policy 134
Shared Monitoring and Testing 134
Summary 135
Exam Essentials 135
Written Labs 136
Review Questions 137
Chapter 7 Cloud Application Security 141
Training and Awareness 143
Common Cloud Application Deployment Pitfalls 146
Cloud-Secure Software Development Life Cycle (SDLC) 148
ISO/IEC 27034-1 Standards for Secure Application Development 150
Identity and Access Management (IAM) 151
Identity Repositories and Directory Services 153
Single Sign-On (SSO) 153
Federated Identity Management 153
Federation Standards 154
Multifactor Authentication 155
Supplemental Security Devices 155
Cloud Application Architecture 157
Application Programming Interfaces 157
Tenancy Separation 159
Cryptography 159
Sandboxing 162
Application Virtualization 162
Cloud Application Assurance and Validation 162
Threat Modeling 163
Quality of Service 166
Software Security Testing 166
Approved APIs 171
Software Supply Chain (API) Management 171
Securing Open Source Software 172
Runtime Application Self-Protection (RASP) 173
Secure Code Reviews 173
OWASP Top 9 Coding Flaws 173
Summary 174
Exam Essentials 174
Written Labs 175
Review Questions 176
Chapter 8 Operations Elements 181
Physical/Logical Operations 183
Facilities and Redundancy 184
Virtualization Operations 194
Storage Operations 195
Physical and Logical Isolation 197
Security Training and Awareness 198
Training Program Categories 199
Additional Training Insights 203
Basic Operational Application Security 203
Threat Modeling 204
Application Testing Methods 205
Summary 206
Exam Essentials 206
Written Labs 207
Review Questions 208
Chapter 9 Operations Management 213
Monitoring, Capacity, and Maintenance 215
Monitoring 215
Maintenance 217
Change and Configuration Management (CM) 221
Baselines 221
Deviations and Exceptions 222
Roles and Process 223
Business Continuity and Disaster Recovery (BC/DR) 225
Primary Focus 226
Continuity of Operations 227
The BC/DR Plan 227
The BC/DR Kit 229
Relocation 230
Power 231
Testing 232
Summary 233
Exam Essentials 233
Written Labs 234
Review Questions 235
Chapter 10 Legal and Compliance Part 1 239
Legal Requirements and Unique Risks in the Cloud Environment 241
Legal Concepts 241
U.S. Laws 247
International Laws 252
Laws, Frameworks, and Standards Around the World 252
The Difference Between Laws, Regulations and Standards 261
Potential Personal and Data Privacy Issues in the Cloud Environment 261
eDiscovery 262
Forensic Requirements 263
International Conflict Resolution 263
Cloud Forensic Challenges 263
Contractual and Regulated PII 264
Direct and Indirect Identifiers 264
Audit Processes, Methodologies, and Cloud Adaptations 265
Virtualization 265
Scope 266
Gap Analysis 266
Information Security Management Systems (ISMSs) 266
The Right to Audit in Managed Services 267
Audit Scope Statements 267
Policies 268
Different Types of Audit Reports 268
Auditor Independence 269
AICPA Reports and Standards 270
Summary 271
Exam Essentials 272
Written Labs 273
Review Questions 274
Chapter 11 Legal and Compliance Part 2 279
The Impact of Diverse Geographical Locations and Legal Jurisdictions 281
Policies 282
Implications of the Cloud for Enterprise Risk Management 287
Choices Involved in Managing Risk 288
Risk Management Frameworks 291
Risk Management Metrics 293
Contracts and Service-Level Agreements (SLAs) 294
Business Requirements 297
Cloud Contract Design and Management for Outsourcing 297
Identifying Appropriate Supply Chain and Vendor Management Processes 298
Common Criteria Assurance Framework (ISO/IEC 15408-1:2009) 299
Cloud Computing Certification 299
CSA Security, Trust, and Assurance Registry (STAR) 300
Supply Chain Risk 302
Summary 303
Exam Essentials 303
Written Labs 304
Review Questions 305
Appendix A Answers to the Review Questions 309
Chapter 1: Architectural Concepts 310
Chapter 2: Design Requirements 311
Chapter 3: Data Classification 312
Chapter 4: Cloud Data Security 314
Chapter 5: Security in the Cloud 316
Chapter 6: Responsibilities in the Cloud 317
Chapter 7: Cloud Application Security 319
Chapter 8: Operations Elements 320
Chapter 9: Operations Management 321
Chapter 10: Legal and Compliance Part 1 323
Chapter 11: Legal and Compliance Part 2 325
Appendix B Answers to the Written Labs 327
Chapter 1 328
Chapter 2 328
Chapter 3 329
Chapter 4 330
Chapter 5 331
Chapter 6 331
Chapter 7 332
Chapter 8 332
Chapter 9 333
Chapter 10 333
Chapter 11 334
Index 335
