Official (ISC)2 CCSP CBK Reference, 3rd Edition
-15%
portes grátis
Official (ISC)2 CCSP CBK Reference, 3rd Edition
John Wiley & Sons Inc
08/2021
320
Dura
Inglês
9781119603436
15 a 20 dias
650
Descrição não disponível.
Acknowledgments v About the Authors vii About the Technical Editor ix Foreword to the Third Edition xxi Introduction xxiii Domain 1: Cloud Concepts, Architecture, and Design 1 Understand Cloud Computing Concepts 1 Cloud Computing Definitions 1 Cloud Computing Roles 4 Key Cloud Computing Characteristics 5 Building Block Technologies 9 Describe Cloud Reference Architecture 12 Cloud Computing Activities 12 Cloud Service Capabilities 13 Cloud Service Categories 14 Cloud Deployment Models 15 Cloud Shared Considerations 17 Impact of Related Technologies 23 Understand Security Concepts Relevant to Cloud Computing 27 Cryptography and Key Management 27 Access Control 28 Data and Media Sanitization 29 Network Security 30 Virtualization Security 31 Common Threats 32 Understand Design Principles of Secure Cloud Computing 33 Cloud Secure Data Lifecycle 33 Cloud-Based Disaster Recovery and Business Continuity Planning 33 Cost-Benefit Analysis 34 Functional Security Requirements 35 Security Considerations for Different Cloud Categories 36 Evaluate Cloud Service Providers 38 Verification against Criteria 39 System/Subsystem Product Certifications 40 Summary 41 Domain 2: Cloud Data Security 43 Describe Cloud Data Concepts 43 Cloud Data Lifecycle Phases 44 Data Dispersion 47 Design and Implement Cloud Data Storage Architectures 48 Storage Types 48 Threats to Storage Types 50 Design and Apply Data Security Technologies and Strategies 52 Encryption and Key Management 52 Hashing 55 Masking 56 Tokenization 56 Data Loss Prevention 57 Data Obfuscation 60 Data De-identification 61 Implement Data Discovery 62 Structured Data 64 Unstructured Data 65 Implement Data Classification 66 Mapping 68 Labeling 68 Sensitive Data 69 Design and Implement Information Rights Management 71 Objectives 72 Appropriate Tools 73 Plan and Implement Data Retention, Deletion, and Archiving Policies 74 Data Retention Policies 74 Data Deletion Procedures and Mechanisms 77 Data Archiving Procedures and Mechanisms 79 Legal Hold 80 Design and Implement Auditability, Traceability, and Accountability of Data Events 81 Definition of Event Sources and Requirement of Identity Attribution 81 Logging, Storage, and Analysis of Data Events 82 Chain of Custody and Nonrepudiation 84 Summary 85 Domain 3: Cloud Platform and Infrastructure Security 87 Comprehend Cloud Infrastructure Components 88 Physical Environment 88 Network and Communications 89 Compute 90 Virtualization 91 Storage 93 Management Plane 93 Design a Secure Data Center 95 Logical Design 95 Physical Design 97 Environmental Design 98 Analyze Risks Associated with Cloud Infrastructure 99 Risk Assessment and Analysis 100 Cloud Vulnerabilities, Threats, and Attacks 101 Virtualization Risks 101 Countermeasure Strategies 102 Design and Plan Security Controls 102 Physical and Environmental Protection 103 System and Communication Protection 103 Virtualization Systems Protection 104 Identification, Authentication, and Authorization in Cloud Infrastructure 105 Audit Mechanisms 106 Plan Disaster Recovery and Business Continuity 107 Risks Related to the Cloud Environment 108 Business Requirements 109 Business Continuity/Disaster Recovery Strategy 111 Creation, Implementation, and Testing of Plan 112 Summary 116 Domain 4: Cloud Application Security 117 Advocate Training and Awareness for Application Security 117 Cloud Development Basics 118 Common Pitfalls 118 Common Cloud Vulnerabilities 119 Describe the Secure Software Development Lifecycle Process 120 NIST Secure Software Development Framework 120 OWASP Software Assurance Security Model 121 Business Requirements 121 Phases and Methodologies 122 Apply the Secure Software Development Lifecycle 123 Avoid Common Vulnerabilities During Development 123 Cloud-Specific Risks 124 Quality Assurance 127 Threat Modeling 127 Software Configuration Management and Versioning 128 Apply Cloud Software Assurance and Validation 129 Functional Testing 130 Security Testing Methodologies 131 Use Verified Secure Software 132 Approved Application Programming Interfaces 132 Supply-Chain Management 133 Third-Party Software Management 134 Validated Open Source Software 134 Comprehend the Specifics of Cloud Application Architecture 135 Supplemental Security Components 136 Cryptography 138 Sandboxing 139 Application Virtualization and Orchestration 139 Design Appropriate Identity and Access Management Solutions 140 Federated Identity 140 Identity Providers 141 Single Sign-On 141 Multifactor Authentication 142 Cloud Access Security Broker 142 Summary 143 Domain 5: Cloud Security Operations 145 Implement and Build Physical and Logical Infrastructure for Cloud Environment 145 Hardware-Specific Security Configuration Requirements 146 Installation and Configuration of Virtualization Management Tools 149 Virtual Hardware-Specific Security Configuration Requirements 150 Installation of Guest Operating System Virtualization Toolsets 152 Operate Physical and Logical Infrastructure for Cloud Environment 152 Configure Access Control for Local and Remote Access 153 Secure Network Configuration 155 Operating System Hardening through the Application of Baselines 160 Availability of Stand-Alone Hosts 162 Availability of Clustered Hosts 162 Availability of Guest Operating Systems 165 Manage Physical and Logical Infrastructure for Cloud Environment 166 Access Controls for Remote Access 166 Operating System Baseline Compliance Monitoring and Remediation 168 Patch Management 169 Performance and Capacity Monitoring 172 Hardware Monitoring 173 Configuration of Host and Guest Operating System Backup and Restore Functions 174 Network Security Controls 175 Management Plane 179 Implement Operational Controls and Standards 180 Change Management 180 Continuity Management 182 Information Security Management 184 Continual Service Improvement Management 185 Incident Management 186 Problem Management 189 Release Management 190 Deployment Management 191 Configuration Management 192 Service Level Management 194 Availability Management 195 Capacity Management 196 Support Digital Forensics 197 Forensic Data Collection Methodologies 197 Evidence Management 200 Collect, Acquire, and Preserve Digital Evidence 201 Manage Communication with Relevant Parties 204 Vendors 205 Customers 206 Shared Responsibility Model 206 Partners 208 Regulators 208 Other Stakeholders 209 Manage Security Operations 210 Security Operations Center 210 Monitoring of Security Controls 215 Log Capture and Analysis 217 Incident Management 220 Summary 226 Domain 6: Legal, Risk, and Compliance 227 Articulating Legal Requirements and Unique Risks Within the Cloud Environment 227 Conflicting International Legislation 228 Evaluation of Legal Risks Specific to Cloud Computing 229 Legal Frameworks and Guidelines That Affect Cloud Computing 229 Forensics and eDiscovery in the Cloud 236 Understanding Privacy Issues 238 Difference between Contractual and Regulated Private Data 239 Country-Specific Legislation Related to Private Data 242 Jurisdictional Differences in Data Privacy 247 Standard Privacy Requirements 248 Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 250 Internal and External Audit Controls 251 Impact of Audit Requirements 251 Identity Assurance Challenges of Virtualization and Cloud 252 Types of Audit Reports 252 Restrictions of Audit Scope Statements 255 Gap Analysis 256 Audit Planning 257 Internal Information Security Management Systems 258 Internal Information Security Controls System 259 Policies 260 Identification and Involvement of Relevant Stakeholders 262 Specialized Compliance Requirements for Highly Regulated Industries 264 Impact of Distributed Information Technology Models 264 Understand Implications of Cloud to Enterprise Risk Management 266 Assess Providers Risk Management Programs 266 Differences Between Data Owner/Controller vs. Data Custodian/Processor 268 Regulatory Transparency Requirements 269 Risk Treatment 270 Risk Frameworks 270 Metrics for Risk Management 272 Assessment of Risk Environment 273 Understanding Outsourcing and Cloud Contract Design 276 Business Requirements 277 Vendor Management 278 Contract Management 279 Supply Chain Management 281 Summary 282 Index 283
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
Cloud security; CCSP certification; CCSP exam; CCSP study guide; CCSP reference; CCSP CBK; CCSP domains; CCSP objectives; CCSP examples; CCSP help; CCSP best practices; Certified Cloud Security Professional
Acknowledgments v About the Authors vii About the Technical Editor ix Foreword to the Third Edition xxi Introduction xxiii Domain 1: Cloud Concepts, Architecture, and Design 1 Understand Cloud Computing Concepts 1 Cloud Computing Definitions 1 Cloud Computing Roles 4 Key Cloud Computing Characteristics 5 Building Block Technologies 9 Describe Cloud Reference Architecture 12 Cloud Computing Activities 12 Cloud Service Capabilities 13 Cloud Service Categories 14 Cloud Deployment Models 15 Cloud Shared Considerations 17 Impact of Related Technologies 23 Understand Security Concepts Relevant to Cloud Computing 27 Cryptography and Key Management 27 Access Control 28 Data and Media Sanitization 29 Network Security 30 Virtualization Security 31 Common Threats 32 Understand Design Principles of Secure Cloud Computing 33 Cloud Secure Data Lifecycle 33 Cloud-Based Disaster Recovery and Business Continuity Planning 33 Cost-Benefit Analysis 34 Functional Security Requirements 35 Security Considerations for Different Cloud Categories 36 Evaluate Cloud Service Providers 38 Verification against Criteria 39 System/Subsystem Product Certifications 40 Summary 41 Domain 2: Cloud Data Security 43 Describe Cloud Data Concepts 43 Cloud Data Lifecycle Phases 44 Data Dispersion 47 Design and Implement Cloud Data Storage Architectures 48 Storage Types 48 Threats to Storage Types 50 Design and Apply Data Security Technologies and Strategies 52 Encryption and Key Management 52 Hashing 55 Masking 56 Tokenization 56 Data Loss Prevention 57 Data Obfuscation 60 Data De-identification 61 Implement Data Discovery 62 Structured Data 64 Unstructured Data 65 Implement Data Classification 66 Mapping 68 Labeling 68 Sensitive Data 69 Design and Implement Information Rights Management 71 Objectives 72 Appropriate Tools 73 Plan and Implement Data Retention, Deletion, and Archiving Policies 74 Data Retention Policies 74 Data Deletion Procedures and Mechanisms 77 Data Archiving Procedures and Mechanisms 79 Legal Hold 80 Design and Implement Auditability, Traceability, and Accountability of Data Events 81 Definition of Event Sources and Requirement of Identity Attribution 81 Logging, Storage, and Analysis of Data Events 82 Chain of Custody and Nonrepudiation 84 Summary 85 Domain 3: Cloud Platform and Infrastructure Security 87 Comprehend Cloud Infrastructure Components 88 Physical Environment 88 Network and Communications 89 Compute 90 Virtualization 91 Storage 93 Management Plane 93 Design a Secure Data Center 95 Logical Design 95 Physical Design 97 Environmental Design 98 Analyze Risks Associated with Cloud Infrastructure 99 Risk Assessment and Analysis 100 Cloud Vulnerabilities, Threats, and Attacks 101 Virtualization Risks 101 Countermeasure Strategies 102 Design and Plan Security Controls 102 Physical and Environmental Protection 103 System and Communication Protection 103 Virtualization Systems Protection 104 Identification, Authentication, and Authorization in Cloud Infrastructure 105 Audit Mechanisms 106 Plan Disaster Recovery and Business Continuity 107 Risks Related to the Cloud Environment 108 Business Requirements 109 Business Continuity/Disaster Recovery Strategy 111 Creation, Implementation, and Testing of Plan 112 Summary 116 Domain 4: Cloud Application Security 117 Advocate Training and Awareness for Application Security 117 Cloud Development Basics 118 Common Pitfalls 118 Common Cloud Vulnerabilities 119 Describe the Secure Software Development Lifecycle Process 120 NIST Secure Software Development Framework 120 OWASP Software Assurance Security Model 121 Business Requirements 121 Phases and Methodologies 122 Apply the Secure Software Development Lifecycle 123 Avoid Common Vulnerabilities During Development 123 Cloud-Specific Risks 124 Quality Assurance 127 Threat Modeling 127 Software Configuration Management and Versioning 128 Apply Cloud Software Assurance and Validation 129 Functional Testing 130 Security Testing Methodologies 131 Use Verified Secure Software 132 Approved Application Programming Interfaces 132 Supply-Chain Management 133 Third-Party Software Management 134 Validated Open Source Software 134 Comprehend the Specifics of Cloud Application Architecture 135 Supplemental Security Components 136 Cryptography 138 Sandboxing 139 Application Virtualization and Orchestration 139 Design Appropriate Identity and Access Management Solutions 140 Federated Identity 140 Identity Providers 141 Single Sign-On 141 Multifactor Authentication 142 Cloud Access Security Broker 142 Summary 143 Domain 5: Cloud Security Operations 145 Implement and Build Physical and Logical Infrastructure for Cloud Environment 145 Hardware-Specific Security Configuration Requirements 146 Installation and Configuration of Virtualization Management Tools 149 Virtual Hardware-Specific Security Configuration Requirements 150 Installation of Guest Operating System Virtualization Toolsets 152 Operate Physical and Logical Infrastructure for Cloud Environment 152 Configure Access Control for Local and Remote Access 153 Secure Network Configuration 155 Operating System Hardening through the Application of Baselines 160 Availability of Stand-Alone Hosts 162 Availability of Clustered Hosts 162 Availability of Guest Operating Systems 165 Manage Physical and Logical Infrastructure for Cloud Environment 166 Access Controls for Remote Access 166 Operating System Baseline Compliance Monitoring and Remediation 168 Patch Management 169 Performance and Capacity Monitoring 172 Hardware Monitoring 173 Configuration of Host and Guest Operating System Backup and Restore Functions 174 Network Security Controls 175 Management Plane 179 Implement Operational Controls and Standards 180 Change Management 180 Continuity Management 182 Information Security Management 184 Continual Service Improvement Management 185 Incident Management 186 Problem Management 189 Release Management 190 Deployment Management 191 Configuration Management 192 Service Level Management 194 Availability Management 195 Capacity Management 196 Support Digital Forensics 197 Forensic Data Collection Methodologies 197 Evidence Management 200 Collect, Acquire, and Preserve Digital Evidence 201 Manage Communication with Relevant Parties 204 Vendors 205 Customers 206 Shared Responsibility Model 206 Partners 208 Regulators 208 Other Stakeholders 209 Manage Security Operations 210 Security Operations Center 210 Monitoring of Security Controls 215 Log Capture and Analysis 217 Incident Management 220 Summary 226 Domain 6: Legal, Risk, and Compliance 227 Articulating Legal Requirements and Unique Risks Within the Cloud Environment 227 Conflicting International Legislation 228 Evaluation of Legal Risks Specific to Cloud Computing 229 Legal Frameworks and Guidelines That Affect Cloud Computing 229 Forensics and eDiscovery in the Cloud 236 Understanding Privacy Issues 238 Difference between Contractual and Regulated Private Data 239 Country-Specific Legislation Related to Private Data 242 Jurisdictional Differences in Data Privacy 247 Standard Privacy Requirements 248 Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 250 Internal and External Audit Controls 251 Impact of Audit Requirements 251 Identity Assurance Challenges of Virtualization and Cloud 252 Types of Audit Reports 252 Restrictions of Audit Scope Statements 255 Gap Analysis 256 Audit Planning 257 Internal Information Security Management Systems 258 Internal Information Security Controls System 259 Policies 260 Identification and Involvement of Relevant Stakeholders 262 Specialized Compliance Requirements for Highly Regulated Industries 264 Impact of Distributed Information Technology Models 264 Understand Implications of Cloud to Enterprise Risk Management 266 Assess Providers Risk Management Programs 266 Differences Between Data Owner/Controller vs. Data Custodian/Processor 268 Regulatory Transparency Requirements 269 Risk Treatment 270 Risk Frameworks 270 Metrics for Risk Management 272 Assessment of Risk Environment 273 Understanding Outsourcing and Cloud Contract Design 276 Business Requirements 277 Vendor Management 278 Contract Management 279 Supply Chain Management 281 Summary 282 Index 283
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
