(ISC)2 CCSP Certified Cloud Security Professional Official Study - Guide -2nd Ediition-

Read more

The only official study guide for the new CCSP exam(ISC)² CCSP Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)², this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.The CCSP is the latest credential from (ISC)² and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.* Review 100% of all CCSP exam objectives* Practice applying essential concepts and skills* Access the industry-leading online study tool set* Test your knowledge with bonus practice exams and moreAs organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)² CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.

List of contents

Introduction xxiAssessment Test xxviiiChapter 1 Architectural Concepts 1Cloud Characteristics 2Business Requirements 4Existing State 5Quantifying Benefits and Opportunity Cost 6Intended Impact 8Cloud Evolution, Vernacular, and Models 9New Technology, New Options 9Cloud Computing Service Models 10Cloud Deployment Models 12Cloud Computing Roles and Responsibilities 13Cloud Computing Definitions 14Foundational Concepts of Cloud Computing 16Sensitive Data 16Virtualization 16Encryption 16Auditing and Compliance 17Cloud Service Provider Contracts 17Related and Emerging Technologies 18Summary 19Exam Essentials 19Written Labs 20Review Questions 21Chapter 2 Design Requirements 25Business Requirements Analysis 26Inventory of Assets 26Valuation of Assets 27Determination of Criticality 27Risk Appetite 29Security Considerations for Different Cloud Categories 31IaaS Considerations 32PaaS Considerations 32SaaS Considerations 32General Considerations 33Design Principles for Protecting Sensitive Data 33Hardening Devices 33Encryption 35Layered Defenses 35Summary 36Exam Essentials 37Written Labs 37Review Questions 38Chapter 3 Data Classification 43Data Inventory and Discovery 45Data Ownership 45The Data Lifecycle 46Data Discovery Methods 50Jurisdictional Requirements 51Information Rights Management (IRM) 53Intellectual Property Protections 53IRM Tool Traits 57Data Control 59Data Retention 60Data Audit 61Data Destruction/Disposal 63Summary 65Exam Essentials 65Written Labs 66Review Questions 67Chapter 4 Cloud Data Security 71Cloud Data Lifecycle 73Create 74Store 75Use 75Share 75Archive 76Destroy 77Cloud Storage Architectures 78Volume Storage: File-Based Storage and Block Storage 78Object-Based Storage 78Databases 79Content Delivery Network (CDN) 79Cloud Data Security Foundational Strategies 79Encryption 79Masking, Obfuscation, Anonymization, and Tokenization 81Security Information and Event Management 84Egress Monitoring (DLP) 85Summary 86Exam Essentials 86Written Labs 87Review Questions 88Chapter 5 Security in the Cloud 93Shared Cloud Platform Risks and Responsibilities 95Cloud Computing Risks by Deployment Model 97Private Cloud 98Community Cloud 98Public Cloud 100Hybrid Cloud 104Cloud Computing Risks by Service Model 104Infrastructure as a Service (IaaS) 104Platform as a Service (PaaS) 105Software as a Service (SaaS) 106Virtualization 106Threats 107Countermeasure Methodology 109Disaster Recovery (DR) and Business Continuity (BC) 112Cloud-Specific BIA Concerns 112Customer/Provider Shared BC/DR Responsibilities 113Summary 116Exam Essentials 116Written Labs 117Review Questions 118Chapter 6 Responsibilities in the Cloud 123Foundations of Managed Services 126Business Requirements 127Business Requirements: The Cloud Provider Perspective 127Shared Responsibilities by Service Type 133IaaS 133PaaS 133SaaS 133Shared Administration of OS, Middleware, or Applications 134Operating System Baseline Configuration and Management 134Shared Responsibilities: Data Access 136Customer Directly Administers Access 137Provider Administers Access on Behalf of the Customer 137Third-Party (CASB) Administers Access on Behalf of the Customer 137Lack of Physical Access 137Audits 138Shared Policy 142Shared Monitoring and Testing 142Summary 143Exam Essentials 143Written Labs 144Review Questions 145Chapter 7 Cloud Application Security 149Training and Awareness 151Common Cloud Application Deployment Pitfalls 154Cloud-Secure Software Development Lifecycle (SDLC) 156Configuration Management for the SDLC 157ISO/IEC 27034-1 Standards for Secure Application Development 158Identity and Access Management (IAM) 159Identity Repositories and Directory Services 160Single Sign-On (SSO) 161Federated Identity Management 161Federation Standards 162Multifactor Authentication 162Supplemental Security Components 163Cloud Application Architecture 164Application Programming Interfaces 164Tenancy Separation 165Cryptography 165Sandboxing 166Application Virtualization 167Cloud Application Assurance and Validation 167Threat Modeling 167Quality of Service 169Software Security Testing 170Approved APIs 172Software Supply Chain (API) Management 172Securing Open-Source Software 172Application Orchestration 173The Secure Network Environment 174Summary 175Exam Essentials 175Written Labs 176Review Questions 177Chapter 8 Operations Elements 181Physical/Logical Operations 183Facilities and Redundancy 184Virtualization Operations 194Storage Operations 196Physical and Logical Isolation 199Application Testing Methods 200Security Operations Center 201Continuous Monitoring 201Incident Management 202Summary 203Exam Essentials 204Written Labs 204Review Questions 205Chapter 9 Operations Management 209Monitoring, Capacity, and Maintenance 211Monitoring 211Maintenance 213Change and Configuration Management (CM) 217Baselines 218Deviations and Exceptions 218Roles and Process 219Release Management 221IT Service Management and Continual Service Improvement 222Business Continuity and Disaster Recovery (BC/DR) 223Primary Focus 224Continuity of Operations 225The BC/DR Plan 225The BC/DR Kit 227Relocation 228Power 229Testing 230Summary 231Exam Essentials 231Written Labs 232Review Questions 233Chapter 10 Legal and Compliance Part 1 237Legal Requirements and Unique Risks in the Cloud Environment 239Legal Concepts 239US Laws 242International Laws 246Laws, Frameworks, and Standards Around the World 246Information Security Management Systems (ISMSs) 252The Difference between Laws, Regulations, and Standards 254Potential Personal and Data Privacy Issues in the Cloud Environment 254eDiscovery 255Forensic Requirements 256Conflicting International Legislation 256Cloud Forensic Challenges 257Direct and Indirect Identifiers 258Forensic Data Collection Methodologies 258Audit Processes, Methodologies, and Cloud Adaptations 259Virtualization 259Scope 259Gap Analysis 260Restrictions of Audit Scope Statements 260Policies 261Different Types of Audit Reports 261Auditor Independence 262AICPA Reports and Standards 262Summary 263Exam Essentials 264Written Labs 264Review Questions 265Chapter 11 Legal and Compliance Part 2 269The Impact of Diverse Geographical Locations and Legal Jurisdictions 271Policies 272Implications of the Cloud for Enterprise Risk Management 276Choices Involved in Managing Risk 276Risk Management Frameworks 279Risk Management Metrics 281Contracts and Service-Level Agreements (SLAs) 281Business Requirements 284Cloud Contract Design and Management for Outsourcing 284Identifying Appropriate Supply Chain and Vendor Management Processes 285Common Criteria Assurance Framework (ISO/IEC 15408-1:2009) 285CSA Security, Trust, and Assurance Registry (STAR) 286Supply Chain Risk 287Manage Communication with Relevant Parties 288Summary 289Exam Essentials 289Written Labs 289Review Questions 290Appendix A Answers to Written Labs 295Chapter 1: Architectural Concepts 296Chapter 2: Design Requirements 296Chapter 3: Data Classification 297Chapter 4: Cloud Data Security 298Chapter 5: Security in the Cloud 299Chapter 6: Responsibilities in the Cloud 299Chapter 7: Cloud Application Security 300Chapter 8: Operations Elements 300Chapter 9: Operations Management 301Chapter 10: Legal and Compliance Part 1 302Chapter 11: Legal and Compliance Part 2 302Appendix B Answers to Review Questions 303Chapter 1: Architectural Concepts 304Chapter 2: Design Requirements 305Chapter 3: Data Classification 307Chapter 4: Cloud Data Security 308Chapter 5: Security in the Cloud 310Chapter 6: Responsibilities in the Cloud 311Chapter 7: Cloud Application Security 313Chapter 8: Operations Elements 314Chapter 9: Operations Management 316Chapter 10: Legal and Compliance Part 1 317Chapter 11: Legal and Compliance Part 2 319Index 321

About the author

ABOUT THE AUTHOR

Ben Malisow, CCSP, CISSP, SSCP, CISM, Security+, has worked with INFOSEC and education for more than 20 years. He has taught computer classes to students from grade 6 through university level and crafted and delivered the CISSP prep course (among others) for Carnegie-Mellon University's CERT/SEU. In addition, Malisow built and ran DARPA's internal INFOSEC training program, was the ISSM for the FBI's most-classified counterterror intelligence-sharing network and was a security architect for TSA. He also teaches exam prep courses for (ISC)². You can find more of his writings at his blog: securityzed.com.

Summary

The only official study guide for the new CCSP exam

(ISC)² CCSP Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)², this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP is the latest credential from (ISC)² and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.
* Review 100% of all CCSP exam objectives
* Practice applying essential concepts and skills
* Access the industry-leading online study tool set
* Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)² CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.