Vor Ort
Merkzettel Warenkorb
Produktbild: (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide
- 20%

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide Sybex Study Guide

Aus der Reihe Sybex Study Guide

Taschenbuch

48,99 €

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

Ebenfalls verfügbar als:

Taschenbuch

Taschenbuch

ab 48,99 €
eBook

eBook

ab 41,99 €
20% sparen

48,99 € UVP 61,90 €

inkl. MwSt, Versandkostenfrei

Beschreibung

Details

Einband

Taschenbuch

Erscheinungsdatum

06.10.2022

Verlag

John Wiley & Sons

Seitenzahl

416

Maße (L/B/H)

23,5/18,8/2,3 cm

Gewicht

768 g

Auflage

3. Auflage

Sprache

Englisch

ISBN

978-1-119-90937-8

Beschreibung

Details

Einband

Taschenbuch

Erscheinungsdatum

06.10.2022

Verlag

John Wiley & Sons

Seitenzahl

416

Maße (L/B/H)

23,5/18,8/2,3 cm

Gewicht

768 g

Auflage

3. Auflage

Sprache

Englisch

ISBN

978-1-119-90937-8

Herstelleradresse

Libri GmbH
Europaallee 1
36244 Bad Hersfeld
DE

Email: gpsr@libri.de

Weitere Bände von Sybex Study Guide

Unsere Kundinnen und Kunden meinen

0.0

0 Bewertungen

Informationen zu Bewertungen

Zur Abgabe einer Bewertung ist eine Anmeldung im Konto notwendig. Die Authentizität der Bewertungen wird von uns nicht überprüft. Wir behalten uns vor, Bewertungstexte, die unseren Richtlinien widersprechen, entsprechend zu kürzen oder zu löschen.

Verfassen Sie die erste Bewertung zu diesem Artikel

Helfen Sie anderen Kund*innen durch Ihre Meinung

Erste Bewertung verfassen

Unsere Kundinnen und Kunden meinen

0.0

0 Bewertungen filtern
Die Leseprobe wird geladen.
  • Produktbild: (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

  • Introduction xxiii

    Assessment Test xxxii

    Chapter 1 Architectural Concepts 1

    Cloud Characteristics 3

    Business Requirements 5

    Understanding the Existing State 6

    Cost/Benefit Analysis 7

    Intended Impact 10

    Cloud Computing Service Categories 11

    Software as a Service 11

    Infrastructure as a Service 12

    Platform as a Service 12

    Cloud Deployment Models 13

    Private Cloud 13

    Public Cloud 13

    Hybrid Cloud 13

    Multi- Cloud 13

    Community Cloud 13

    Multitenancy 14

    Cloud Computing Roles and Responsibilities 15

    Cloud Computing Reference Architecture 16

    Virtualization 18

    Hypervisors 18

    Virtualization Security 19

    Cloud Shared Considerations 20

    Security and Privacy Considerations 20

    Operational Considerations 21

    Emerging Technologies 22

    Machine Learning and Artificial Intelligence 22

    Blockchain 23

    Internet of Things 24

    Containers 24

    Quantum Computing 25

    Edge and Fog Computing 26

    Confidential Computing 26

    DevOps and DevSecOps 27

    Summary 28

    Exam Essentials 28

    Review Questions 30

    Chapter 2 Data Classification 35

    Data Inventory and Discovery 37

    Data Ownership 37

    Data Flows 42

    Data Discovery Methods 43

    Information Rights Management 46

    Certificates and IRM 47

    IRM in the Cloud 47

    IRM Tool Traits 47

    Data Control 49

    Data Retention 50

    Data Audit and Audit Mechanisms 53

    Data Destruction/Disposal 55

    Summary 57

    Exam Essentials 57

    Review Questions 59

    Chapter 3 Cloud Data Security 63

    Cloud Data Lifecycle 65

    Create 66

    Store 66

    Use 67

    Share 67

    Archive 69

    Destroy 70

    Cloud Storage Architectures 71

    Storage Types 71

    Volume Storage: File- Based Storage and Block Storage 72

    Object- Based Storage 72

    Databases 73

    Threats to Cloud Storage 73

    Designing and Applying Security Strategies for Storage 74

    Encryption 74

    Certificate Management 77

    Hashing 77

    Masking, Obfuscation, Anonymization, and Tokenization 78

    Data Loss Prevention 81

    Log Capture and Analysis 82

    Summary 85

    Exam Essentials 85

    Review Questions 86

    Chapter 4 Security in the Cloud 91

    Chapter 5 Shared Cloud Platform Risks and Responsibilities 92

    Cloud Computing Risks by Deployment Model 94

    Private Cloud 95

    Community Cloud 95

    Public Cloud 97

    Hybrid Cloud 101

    Cloud Computing Risks by Service Model 102

    Infrastructure as a Service (IaaS) 102

    Platform as a Service (PaaS) 102

    Software as a Service (SaaS) 103

    Virtualization 103

    Threats 105

    Risk Mitigation Strategies 107

    Disaster Recovery (DR) and Business Continuity (BC) 110

    Cloud- Specific BIA Concerns 110

    Customer/Provider Shared BC/DR Responsibilities 111

    Cloud Design Patterns 114

    Summary 115

    Exam Essentials 115

    Review Questions 116

    Cloud Platform, Infrastructure, and Operational Security 121

    Foundations of Managed Services 123

    Cloud Provider Responsibilities 124

    Shared Responsibilities by Service Type 125

    IaaS 125

    PaaS 126

    SaaS 126

    Securing Communications and Infrastructure 126

    Firewalls 127

    Intrusion Detection/Intrusion Prevention Systems 128

    Honeypots 128

    Vulnerability Assessment Tools 128

    Bastion Hosts 129

    Identity Assurance in Cloud and Virtual Environments 130

    Securing Hardware and Compute 130

    Securing Software 132

    Third- Party Software Management 133

    Validating Open- Source Software 134

    OS Hardening, Monitoring, and Remediation 134

    Managing Virtual Systems 135

    Assessing Vulnerabilities 137

    Securing the Management Plane 138

    Auditing Your Environment and Provider 141

    Adapting Processes for the Cloud 142

    Planning for Cloud Audits 143

    Summary 144

    Exam Essentials 145

    Review Questions 147

    Chapter 6 Cloud Application Security 151

    Developing Software for the Cloud 154

    Common Cloud Application Deployment Pitfalls 155

    Cloud Application Architecture 157

    Cryptography 157

    Sandboxing 158

    Application Virtualization and Orchestration 158

    Application Programming Interfaces 159

    Multitenancy 162

    Supplemental Security Components 162

    Cloud- Secure Software Development Lifecycle (SDLC) 164

    Software Development Phases 165

    Software Development Models 166

    Cloud Application Assurance and Validation 172

    Threat Modeling 172

    Common Threats to Applications 174

    Quality Assurance and Testing Techniques 175

    Supply Chain Management and Licensing 177

    Identity and Access Management 177

    Cloud Identity and Access Control 178

    Single Sign- On 179

    Identity Providers 180

    Federated Identity Management 180

    Multifactor Authentication 181

    Secrets Management 182

    Common Threats to Identity and Access Management in the Cloud 183

    Zero Trust 183

    Summary 183

    Exam Essentials 184

    Review Questions 186

    Chapter 7 Operations Elements 191

    Designing a Secure Data Center 193

    Build vs. Buy 193

    Location 194

    Facilities and Redundancy 196

    Data Center Tiers 200

    Logical Design 201

    Virtualization Operations 202

    Storage Operations 205

    Managing Security Operations 207

    Security Operations Center (SOC) 208

    Continuous Monitoring 208

    Incident Management 209

    Summary 209

    Exam Essentials 210

    Review Questions 211

    Chapter 8 Operations Management 215

    Monitoring, Capacity, and Maintenance 217

    Monitoring 217

    Physical and Environmental Protection 218

    Maintenance 219

    Change and Configuration Management 224

    Baselines 224

    Roles and Process 226

    Release and Deployment Management 228

    Problem and Incident Management 229

    IT Service Management and Continual Service Improvement 229

    Business Continuity and Disaster Recovery 231

    Prioritizing Safety 231

    Continuity of Operations 232

    BC/DR Planning 232

    The BC/DR Toolkit 234

    Relocation 235

    Power 237

    Testing 238

    Summary 239

    Exam Essentials 239

    Review Questions 241

    Chapter 9 Legal and Compliance Issues 245

    Legal Requirements and Unique Risks in the Cloud Environment 247

    Constitutional Law 247

    Legislation 249

    Administrative Law 249

    Case Law 250

    Common Law 250

    Contract Law 250

    Analyzing a Law 251

    Determining Jurisdiction 251

    Scope and Application 252

    Legal Liability 253

    Torts and Negligence 254

    U.S. Privacy and Security Laws 255

    Health Insurance Portability and Accountability Act 255

    The Health Information Technology for Economic and Clinical Health Act 258

    Gramm-Leach-Bliley Act 259

    Sarbanes-Oxley Act 261

    State Data Breach Notification Laws 261

    International Laws 263

    European Union General Data Protection Regulation 263

    Adequacy Decisions 267

    U.S.- EU Safe Harbor and Privacy Shield 267

    Laws, Regulations, and Standards 269

    Payment Card Industry Data Security Standard 270

    Critical Infrastructure Protection Program 270

    Conflicting International Legislation 270

    Information Security Management Systems 272

    Iso/iec 27017:2015 272

    Privacy in the Cloud 273

    Generally Accepted Privacy Principles 273

    Iso 27018 279

    Direct and Indirect Identifiers 279

    Privacy Impact Assessments 280

    Cloud Forensics 281

    Forensic Requirements 281

    Cloud Forensic Challenges 281

    Collection and Acquisition 282

    Evidence Preservation and Management 283

    e-discovery 283

    Audit Processes, Methodologies, and Cloud Adaptations 284

    Virtualization 284

    Scope 284

    Gap Analysis 285

    Restrictions of Audit Scope Statements 285

    Policies 286

    Audit Reports 286

    Summary 288

    Exam Essentials 288

    Review Questions 290

    Chapter 10 Cloud Vendor Management 295

    The Impact of Diverse Geographical Locations and Legal Jurisdictions 297

    Security Policy Framework 298

    Policies 298

    Standards 300

    Procedures 302

    Guidelines 303

    Exceptions and Compensating Controls 304

    Developing Policies 305

    Enterprise Risk Management 306

    Risk Identification 308

    Risk Calculation 308

    Risk Assessment 309

    Risk Treatment and Response 313

    Risk Mitigation 313

    Risk Avoidance 314

    Risk Transference 314

    Risk Acceptance 315

    Risk Analysis 316

    Risk Reporting 316

    Enterprise Risk Management 318

    Assessing Provider Risk Management Practices 318

    Risk Management Frameworks 319

    Cloud Contract Design 320

    Business Requirements 321

    Vendor Management 321

    Data Protection 323

    Negotiating Contracts 324

    Common Contract Provisions 324

    Contracting Documents 326

    Government Cloud Standards 327

    Common Criteria 327

    FedRAMP 327

    Fips 140- 2 327

    Manage Communication with Relevant Parties 328

    Summary 328

    Exam Essentials 329

    Review Questions 330

    Appendix Answers to the Review Questions 335

    Chapter 1: Architectural Concepts 336

    Chapter 2: Data Classification 337

    Chapter 3: Cloud Data Security 339

    Chapter 4: Security in the Cloud 341

    Chapter 5: Cloud Platform, Infrastructure, and Operational Security 343

    Chapter 6: Cloud Application Security 345

    Chapter 7: Operations Elements 347

    Chapter 8: Operations Management 349

    Chapter 9: Legal and Compliance Issues 350

    Chapter 10: Cloud Vendor Management 352

    Index 355