The Official (ISC)2 CCSP CBK Reference

The Official (ISC)2 CCSP CBK Reference
Авторы книги: id книги: 2084232     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 7726,46 руб.     (77,57$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Зарубежная компьютерная литература Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119603467 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

The only official body of knowledge for CCSP—the most popular cloud security credential—fully revised and updated. Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)2 Guide to the CCSP CBK is the authoritative, vendor-neutral common body of knowledge for cloud security professionals.  This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture, and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk, and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses. Developed by (ISC)2, the world leader in professional cybersecurity certification and training, this indispensable guide: Covers the six CCSP domains and over 150 detailed objectives Provides guidance on real-world best practices and techniques Includes illustrated examples, tables, diagrams and sample questions The Official (ISC)2 Guide to the CCSP CBK is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.

Оглавление

Leslie Fife. The Official (ISC)2 CCSP CBK Reference

Table of Contents

List of Tables

List of Illustrations

Guide

Pages

CCSP®: Certified Cloud Security Professional. The Official (ISC)2® CCSP® CBK® Reference

Acknowledgments

About the Authors

About the Technical Editor

Foreword to the Third Edition

Introduction

Domain 1: Cloud Concepts, Architecture, and Design

Domain 2: Cloud Data Security

Domain 3: Cloud Platform and Infrastructure Security

Domain 4: Cloud Application Security

Domain 5: Cloud Security Operations

Domain 6: Legal, Risk, and Compliance

HOW TO CONTACT THE PUBLISHER

DOMAIN 1 Cloud Concepts, Architecture, and Design

UNDERSTAND CLOUD COMPUTING CONCEPTS

Cloud Computing Definitions

Cloud Computing

Service Models

Deployment Models

Cloud Computing Roles

Cloud Service Customer

Cloud Service Provider

Cloud Service Partner

Cloud Service Broker

Key Cloud Computing Characteristics

On-Demand Self-Service

Broad Network Access

Multitenancy

Rapid Elasticity and Scalability

Resource Pooling

Measured Service

Building Block Technologies

Virtualization

Storage

Networking

Databases

Orchestration

DESCRIBE CLOUD REFERENCE ARCHITECTURE

Cloud Computing Activities

Cloud Service Capabilities

Application Capability Types

Platform Capability Types

Infrastructure Capability Types

Cloud Service Categories

Software as a Service

Platform as a Service

Infrastructure as a Service

Cloud Deployment Models

Public Cloud

Private Cloud

Community Cloud

Hybrid Cloud

Cloud Shared Considerations

Interoperability

Portability

Reversibility

Availability

Security

Privacy

Resiliency

Performance

Governance

Maintenance and Versioning

Service Levels and Service Level Agreements

Auditability

Regulatory

Impact of Related Technologies

Machine Learning

Artificial Intelligence

Blockchain

Internet of Things

Containers

Quantum Computing

UNDERSTAND SECURITY CONCEPTS RELEVANT TO CLOUD COMPUTING

Cryptography and Key Management

Access Control

Data and Media Sanitization

Overwriting

Cryptographic Erase

Network Security

Network Security Groups

Cloud Gateways

Contextual-Based Security

Ingress and Egress Monitoring

Virtualization Security

Hypervisor Security

Container Security

Common Threats

UNDERSTAND DESIGN PRINCIPLES OF SECURE CLOUD COMPUTING

Cloud Secure Data Lifecycle

Cloud-Based Disaster Recovery and Business Continuity Planning

Cost-Benefit Analysis

Functional Security Requirements

Portability

Interoperability

Vendor Lock-in

Security Considerations for Different Cloud Categories

Software as a Service

Platform as a Service

Infrastructure as a Service

EVALUATE CLOUD SERVICE PROVIDERS

Verification against Criteria

International Organization for Standardization/International Electrotechnical Commission

Payment Card Industry Data Security Standard

System/Subsystem Product Certifications

Common Criteria

FIPS 140-2

Summary

DOMAIN 2 Cloud Data Security

DESCRIBE CLOUD DATA CONCEPTS

Cloud Data Lifecycle Phases

Data Dispersion

DESIGN AND IMPLEMENT CLOUD DATA STORAGE ARCHITECTURES

Storage Types

IaaS

PaaS

SaaS

Threats to Storage Types

DESIGN AND APPLY DATA SECURITY TECHNOLOGIES AND STRATEGIES

Encryption and Key Management

Hashing

Masking

Tokenization

Data Loss Prevention

Data Obfuscation

Data De-identification

IMPLEMENT DATA DISCOVERY

Structured Data

Unstructured Data

IMPLEMENT DATA CLASSIFICATION

Mapping

Labeling

Sensitive Data

DESIGN AND IMPLEMENT INFORMATION RIGHTS MANAGEMENT

Objectives

Appropriate Tools

PLAN AND IMPLEMENT DATA RETENTION, DELETION, AND ARCHIVING POLICIES

Data Retention Policies

Storage Costs and Access Requirements

Specified Legal and Regulatory Retention Periods

Data Retention Practices

Data Security and Discovery

Data Deletion Procedures and Mechanisms

Data Archiving Procedures and Mechanisms

Legal Hold

DESIGN AND IMPLEMENT AUDITABILITY, TRACEABILITY, AND ACCOUNTABILITY OF DATA EVENTS

Definition of Event Sources and Requirement of Identity Attribution

Logging, Storage, and Analysis of Data Events

Chain of Custody and Nonrepudiation

SUMMARY

DOMAIN 3 Cloud Platform and Infrastructure Security

COMPREHEND CLOUD INFRASTRUCTURE COMPONENTS

Physical Environment

Network and Communications

Compute

Virtualization

Storage

Management Plane

DESIGN A SECURE DATA CENTER

Logical Design

Tenant Partitioning

Access Control

Physical Design

Location

Buy and Hold

Environmental Design

Heating, Ventilation, and Air Conditioning

Multivendor Pathway Connectivity

ANALYZE RISKS ASSOCIATED WITH CLOUD INFRASTRUCTURE

Risk Assessment and Analysis

Cloud Vulnerabilities, Threats, and Attacks

Virtualization Risks

Countermeasure Strategies

DESIGN AND PLAN SECURITY CONTROLS

Physical and Environmental Protection

System and Communication Protection

Virtualization Systems Protection

Identification, Authentication, and Authorization in Cloud Infrastructure

Audit Mechanisms

Log Collection

Packet Capture

PLAN DISASTER RECOVERY AND BUSINESS CONTINUITY

Risks Related to the Cloud Environment

Business Requirements

Recovery Time Objective

Recovery Point Objective

Recovery Service Level

Business Continuity/Disaster Recovery Strategy

Creation, Implementation, and Testing of Plan

Plan Creation

BCP/DRP Implementation

BCP/DRP Testing

SUMMARY

DOMAIN 4 Cloud Application Security

ADVOCATE TRAINING AND AWARENESS FOR APPLICATION SECURITY

Cloud Development Basics

Common Pitfalls

Common Cloud Vulnerabilities

CSA Top Threats to Cloud Computing

OWASP Top 10

DESCRIBE THE SECURE SOFTWARE DEVELOPMENT LIFECYCLE PROCESS

NIST Secure Software Development Framework

OWASP Software Assurance Security Model

Business Requirements

Phases and Methodologies

APPLY THE SECURE SOFTWARE DEVELOPMENT LIFECYCLE

Avoid Common Vulnerabilities During Development

Cloud-Specific Risks

CSA Security Issue 1: Data Breaches

CSA Security Issue 2: Misconfiguration and Inadequate Change Control

CSA Security Issue 3: Lack of Cloud Security Architecture and Strategy

CSA Security Issue 4: Insufficient Identity, Credential, Access, and Key Management

Quality Assurance

Threat Modeling

Software Configuration Management and Versioning

APPLY CLOUD SOFTWARE ASSURANCE AND VALIDATION

Functional Testing

Security Testing Methodologies

USE VERIFIED SECURE SOFTWARE

Approved Application Programming Interfaces

Supply-Chain Management

Third-Party Software Management

Validated Open-Source Software

COMPREHEND THE SPECIFICS OF CLOUD APPLICATION ARCHITECTURE

Supplemental Security Components

Web Application Firewall

Database Activity Monitoring

Extensible Markup Language Firewalls

Application Programming Interface Gateway

Cryptography

Sandboxing

Application Virtualization and Orchestration

DESIGN APPROPRIATE IDENTITY AND ACCESS MANAGEMENT SOLUTIONS

Federated Identity

Identity Providers

Single Sign-On

Multifactor Authentication

Cloud Access Security Broker

SUMMARY

DOMAIN 5 Cloud Security Operations

IMPLEMENT AND BUILD PHYSICAL AND LOGICAL INFRASTRUCTURE FOR CLOUD ENVIRONMENT

Hardware-Specific Security Configuration Requirements

Storage Controllers

Network Configuration

Installation and Configuration of Virtualization Management Tools

Virtual Hardware–Specific Security Configuration Requirements

Installation of Guest Operating System Virtualization Toolsets

OPERATE PHYSICAL AND LOGICAL INFRASTRUCTURE FOR CLOUD ENVIRONMENT

Configure Access Control for Local and Remote Access

Secure Network Configuration

Virtual Local Area Networks

Transport Layer Security

Dynamic Host Configuration Protocol

Domain Name System and DNS Security Extensions

DNS Attacks

Virtual Private Network

Software-Defined Perimeter

Operating System Hardening through the Application of Baselines

Availability of Stand-Alone Hosts

Availability of Clustered Hosts

High Availability

Distributed Resource Scheduling

Microsoft Virtual Machine Manager and Dynamic Optimization

Storage Clusters

Availability of Guest Operating Systems

MANAGE PHYSICAL AND LOGICAL INFRASTRUCTURE FOR CLOUD ENVIRONMENT

Access Controls for Remote Access

Operating System Baseline Compliance Monitoring and Remediation

Patch Management

✓ Equifax Data Breach

Performance and Capacity Monitoring

Hardware Monitoring

Configuration of Host and Guest Operating System Backup and Restore Functions

Network Security Controls

Firewalls

Intrusion Detection/Intrusion Prevention Systems (IDS/IPS)

Honeypots and Honeynets

Vulnerability Assessments

Management Plane

IMPLEMENT OPERATIONAL CONTROLS AND STANDARDS

Change Management

Continuity Management

Information Security Management

Continual Service Improvement Management

Incident Management

Problem Management

Release Management

Deployment Management

✓ Immutable Infrastructure

Configuration Management

✓ Infrastructure as Code

Service Level Management

Availability Management

Capacity Management

SUPPORT DIGITAL FORENSICS

Forensic Data Collection Methodologies

Evidence Management

Collect, Acquire, and Preserve Digital Evidence

Preparing for Evidence Collection

Evidence Collection Best Practices

Evidence Preservation Best Practices

MANAGE COMMUNICATION WITH RELEVANT PARTIES

Vendors

Customers

Shared Responsibility Model

Partners

Regulators

Other Stakeholders

MANAGE SECURITY OPERATIONS

Security Operations Center

Monitoring of Security Controls

Log Capture and Analysis

Log Management

Incident Management

Incident Classification

Incident Response Phases

Cloud-Specific Incident Management

Incident Management Standards

SUMMARY

DOMAIN 6 Legal, Risk, and Compliance

ARTICULATING LEGAL REQUIREMENTS AND UNIQUE RISKS WITHIN THE CLOUD ENVIRONMENT

Conflicting International Legislation

Evaluation of Legal Risks Specific to Cloud Computing

Legal Frameworks and Guidelines That Affect Cloud Computing

The Organization for Economic Cooperation and Development

Asia Pacific Economic Cooperation Privacy Framework

General Data Protect Regulation

Additional Legal Controls

Laws and Regulations

Forensics and eDiscovery in the Cloud

eDiscovery Challenges in the Cloud

eDiscovery Considerations

Conducting eDiscovery Investigations

Cloud Forensics and Standards

UNDERSTANDING PRIVACY ISSUES

Difference between Contractual and Regulated Private Data

Contractual Private Data

Regulated Private Data

Components of a Contract

Country-Specific Legislation Related to Private Data

The European Union (GDPR)

Australia

The United States

Privacy Shield

The Health Insurance Portability and Accountability Act of 1996

The Gramm–Leach–Bliley Act (GLBA) of 1999

The Stored Communication Act of 1986

The California Consumer Privacy Act of 2018

Jurisdictional Differences in Data Privacy

Standard Privacy Requirements

Generally Accepted Privacy Principles

Standard Privacy Rights Under GDPR

UNDERSTANDING AUDIT PROCESS, METHODOLOGIES, AND REQUIRED ADAPTATIONS FOR A CLOUD ENVIRONMENT

Internal and External Audit Controls

Impact of Audit Requirements

Identity Assurance Challenges of Virtualization and Cloud

Types of Audit Reports

Service Organization Controls

Cloud Security Alliance

Restrictions of Audit Scope Statements

Gap Analysis

Audit Planning

Internal Information Security Management Systems

Benefits of an ISMS

Internal Information Security Controls System

Policies

Organizational Policies

Functional Policies

Cloud Computing Policies

Identification and Involvement of Relevant Stakeholders

Stakeholder Identification Challenges

Governance Challenges

Specialized Compliance Requirements for Highly Regulated Industries

Impact of Distributed Information Technology Models

Communications

Coordination of Activities

Governance of Activities

UNDERSTAND IMPLICATIONS OF CLOUD TO ENTERPRISE RISK MANAGEMENT

Assess Providers Risk Management Programs

Risk Profile

Risk Appetite

Differences Between Data Owner/Controller vs. Data Custodian/Processor

Regulatory Transparency Requirements

Breach Notifications

Sarbanes–Oxley Act

GDPR and Transparency

Risk Treatment

Risk Frameworks

ISO 31000:2018

European Network and Information Security Agency

National Institute of Standards and Technology (NIST)

Metrics for Risk Management

Assessment of Risk Environment

ISO 15408-1:2009: The Common Criteria

Cloud Security Alliance (CSA) STAR

ENISA Cloud Certification Schemes List and Metaframework

UNDERSTANDING OUTSOURCING AND CLOUD CONTRACT DESIGN

Business Requirements

Key SLA Requirements

Vendor Management

Contract Management

Cyber Risk Insurance

Supply Chain Management

ISO 27036: Information Security for Supplier Relationships

SUMMARY

Index

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Third Edition

LESLIE FIFE

.....

In a PaaS or IaaS, the customer is responsible for some of the maintenance and versioning. However, each customer that connects to the PaaS and IaaS environment will be accessing the most current version provided. The maintenance and versioning are simplified by restricting the maintenance and versioning to the cloud environment. It is not necessary to update each endpoint running a particular piece of software. Everyone connecting to the cloud is running the same version, even if it is old and has not been updated.

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу The Official (ISC)2 CCSP CBK Reference
Подняться наверх