CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide

Book description

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


This effective study guide provides 100% coverage of every topic on the challenging CCSK exam from the Cloud Security Alliance

This highly effective self-study guide covers all domains of the challenging Certificate of Cloud Security Knowledge v4 exam. Written by a cloud security trainer and consultant in collaboration with the Cloud Security Alliance, CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide offers clear explanations, real-world examples, and practice questions that match the content and format of those on the actual exam. To aid in retention, each chapter includes exam tips that highlight key information, a review that serves as a quick recap of salient points, and practice questions that allow you to test your comprehension. Sample cloud policies and a glossary of key terms are also provided.

COVERS ALL EXAM TOPICS, INCLUDING:
• Cloud Computing Concepts and Architectures
• Governance and Enterprise Risk Management
• Legal Issues, Contracts, and Electronic Discovery
• Compliance and Audit Management
• Information Governance
• Management Plane and Business Continuity
• Infrastructure Security
• Virtualization and Containers
• Incident Response
• Application Security
• Data Security and Encryption
• Identity, Entitlement, and Access Management
• Security as a Service
• Related Technologies
• ENISA Cloud Computing: Benefits, Risks, and Recommendations for Information Security

Online content includes:
• 120 practice exam questions
• Test engine that provides full-length practice exams and customizable quizzes by exam topic

Table of contents

  1. Cover
  2. About the Author
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents at a Glance
  7. Contents
  8. Foreword
  9. Acknowledgments
  10. Introduction
  11. Chapter 1 Cloud Computing Concepts and Architectures
    1. Cloud Logical Model
      1. Infrastructure
      2. Metastructure
      3. Infostructure
      4. Applistructure
    2. Cloud Computing Definitions
      1. Essential Characteristics
      2. Cloud Service Models
      3. Cloud Deployment Models
    3. Cloud Security Scope and the Shared Responsibility Model
      1. Shared Responsibility Model
      2. Cloud Security Alliance Tools
      3. Cloud Controls Matrix
      4. Consensus Assessments Initiative Questionnaire
      5. STAR Registry
      6. Cloud Reference and Architecture Models
    4. Chapter Review
      1. Questions
      2. Answers
  12. Chapter 2 Governance and Enterprise Risk Management
    1. Governance
      1. Governance Backgrounder
      2. Cloud Governance
    2. Risk Management
      1. Risk Management Backgrounder
    3. Cloud Risk Management
      1. The Effects of Service and Deployment Models
      2. Cloud Risk Management Trade-Offs
      3. Assessing Cloud Service Providers
    4. Chapter Review
      1. Questions
      2. Answers
  13. Chapter 3 Legal Issues, Contracts, and Electronic Discovery
    1. Legal Frameworks Governing Data Protection and Privacy
      1. Required Security Measures
      2. Treaties
      3. Restrictions to Cross-Border Data Transfers
      4. CLOUD Act
    2. Regional Examples
      1. Asia Pacific Region
      2. European Union and European Economic Area
      3. The Americas
    3. Contracts and Provider Selection
      1. Internal Due Diligence
      2. Monitoring, Testing, and Updating
      3. External Due Diligence
      4. Contract Negotiations
      5. Third-Party Audits and Attestations
    4. Electronic Discovery
      1. Possession, Custody, and Control
      2. Relevant Cloud Applications and Environment
      3. Searchability and E-Discovery Tools
      4. Preservation
      5. Data Retention Laws and Recordkeeping Obligations
      6. Data Collection
      7. Forensics
      8. Reasonable Integrity
      9. Direct Access
      10. Native Production
      11. Authentication
      12. Cooperation Between Provider and Client in E-Discovery
      13. Response to a Subpoena or Search Warrant
    5. Chapter Review
      1. Questions
      2. Answers
  14. Chapter 4 Compliance and Audit Management
    1. Compliance Backgrounder
    2. Impact of the Cloud on Contracts
    3. How the Cloud Changes Compliance
      1. Compliance Inheritance
      2. Continuous Compliance
    4. Audit Backgrounder
    5. Audit Management in the Cloud
    6. SOC Reports and ISO Certifications Backgrounder
      1. SOC Backgrounder
      2. ISO Backgrounder
    7. How the Cloud Changes Audits
      1. Right to Audit
      2. Audit Scope
      3. Auditor Requirements
    8. Chapter Review
      1. Questions
      2. Answers
  15. Chapter 5 Information Governance
    1. Cloud Information Governance Domains
      1. Information Classification Backgrounder
      2. Information Management Backgrounder
    2. The Data Security Lifecycle
      1. Locations and Entitlements
      2. Functions, Actors, and Controls
    3. Chapter Review
      1. Questions
      2. Answers
  16. Chapter 6 Management Plane and Business Continuity
    1. Management Plane
      1. Application Programming Interface Backgrounder
      2. Accessing the Management Plane
      3. Securing the Management Plane
    2. Business Continuity and Disaster Recovery in the Cloud
      1. BCP/DR Backgrounder
      2. Architecting for Failure
      3. Business Continuity Within the Cloud Provider
      4. Chaos Engineering
      5. Business Continuity for Loss of the Cloud Provider
      6. Continuity for Private Cloud and Providers
    3. Chapter Review
      1. Questions
      2. Answers
  17. Chapter 7 Infrastructure Security
    1. Cloud Network Virtualization
      1. OSI Reference Model Backgrounder
      2. VLANs
      3. VXLAN
      4. Networking Planes Backgrounder
      5. Software Defined Networking
      6. Network Functions Virtualization
    2. How Security Changes with Cloud Networking
      1. Challenges of Virtual Appliances
      2. Benefits of SDN Security
      3. Microsegmentation and the Software Defined Perimeter
      4. Additional Considerations for CSPs or Private Clouds
      5. Hybrid Cloud Considerations
    3. Cloud Compute and Workload Security
      1. Compute Abstraction Technologies
      2. How the Cloud Changes Workload Security
      3. Immutable Workloads Enable Security
      4. The Impact of the Cloud on Standard Workload Security Controls
      5. Changes to Workload Security Monitoring and Logging
      6. Changes to Vulnerability Assessment
    4. Chapter Review
      1. Questions
      2. Answers
  18. Chapter 8 Virtualization and Containers
    1. Major Virtualization Categories Relevant to Cloud Computing
      1. Compute Virtualization
      2. Network Virtualization
      3. Storage Virtualization
    2. Containers
      1. Container Definitions Backgrounder
      2. Container Security Recommendations
    3. Chapter Review
      1. Questions
      2. Answers
  19. Chapter 9 Incident Response
    1. Incident Response Lifecycle
      1. Incident and Event Backgrounder
      2. Preparation Phase
      3. Detection and Analysis Phase
      4. Containment, Eradication, and Recovery Phase
      5. Post-Incident Activity Phase
    2. How the Cloud Impacts Incident Response
      1. Preparation
      2. Detection and Analysis
      3. Containment, Eradication, and Recovery
      4. Post-Incident Activity
    3. Chapter Review
      1. Questions
      2. Answers
  20. Chapter 10 Application Security
    1. The SSDLC and Cloud Computing
    2. Secure Design and Development
      1. Training
      2. Define
      3. Design
      4. Develop
      5. Test
    3. Secure Deployment
      1. Cloud Impacts on Vulnerability Assessments
      2. Cloud Impact on Penetration Testing
      3. Deployment Pipeline Security
      4. Impact of IaC and Immutable Workloads
    4. Secure Operations
    5. How the Cloud Impacts Application Design and Architectures
      1. Microservices Backgrounder
    6. The Rise and Role of DevOps
      1. DevOps Backgrounder
      2. Security Implications and Advantages of DevOps
    7. Chapter Review
      1. Questions
      2. Answers
  21. Chapter 11 Data Security and Encryption
    1. Data Security Controls
    2. Cloud Data Storage Types
    3. Managing Data Migrations to the Cloud
      1. CASB Backgrounder
      2. Securing Cloud Data Transfers
    4. Securing Data in the Cloud
      1. Cloud Data Access Controls
      2. Storage (at Rest) Encryption and Tokenization
      3. Key Management (Including Customer-Managed Keys)
    5. Data Security Architecture
    6. Monitoring, Auditing, and Alerting
    7. Additional Data Security Controls
      1. Cloud Platform/Provider-Specific Controls
      2. Data Loss Prevention
      3. Enterprise Rights Management
      4. Data Masking and Test Data Generation
    8. Enforcing Lifecycle Management Security
    9. Chapter Review
      1. Questions
      2. Answers
  22. Chapter 12 Identity, Entitlement, and Access Management
    1. How IAM Works in the Cloud
    2. IAM Terms
    3. IAM Standards
      1. Federation Backgrounder
    4. Managing Users and Identities for Cloud Computing
    5. Authentication and Credentials
    6. Entitlements and Access Management
    7. Privileged User Management
    8. Chapter Review
      1. Questions
      2. Answers
  23. Chapter 13 Security as a Service
    1. Potential Benefits and Concerns of SecaaS
    2. Major Categories of SaaS Offerings
      1. Identity, Entitlement, and Access Management Services
      2. Cloud Access Security Broker
      3. Web Security Gateway
      4. E-mail Security
      5. Security Assessment
      6. Web Application Firewall
      7. Intrusion Detection/Prevention
      8. Security Information and Event Management (SIEM)
      9. Encryption and Key Management
      10. Business Continuity and Disaster Recovery
      11. Security Management
      12. Distributed Denial of Service Protection
    3. Chapter Review
      1. Questions
      2. Answers
  24. Chapter 14 Related Technologies
    1. Big Data
      1. Distributed Data Collection Backgrounder
      2. Hadoop Backgrounder
      3. Security and Privacy Considerations
      4. Data Collection
      5. Key Management
      6. Security Capabilities
      7. Identity and Access Management
      8. PaaS
    2. Internet of Things (IoT)
    3. Mobile Computing
    4. Serverless Computing
    5. Chapter Review
      1. Questions
      2. Answers
  25. Chapter 15 ENISA Cloud Computing: Benefits, Risks, and Recommendations for Information Security
    1. Security Benefits of Cloud
      1. Security and the Benefits of Scale
      2. Security as a Market Differentiator
      3. Standardized Interfaces for Managed Security Services
      4. Rapid, Smart Scaling of Resources
      5. Audit and Evidence Gathering
      6. Timely, Effective, and Efficient Updates and Defaults
      7. Audit and SLAs Force Better Risk Management
      8. Benefits of Resource Concentration
    2. Top Security Risks
      1. IT Risk Backgrounder
      2. Loss of Governance
      3. Lock-in
      4. Isolation Failure
      5. Compliance Risks
      6. Management Interface Compromise
      7. Data Protection
      8. Insecure or Incomplete Data Deletion
      9. Malicious Insider
    3. Five Key Legal Issues Common Across All Scenarios
      1. Data Protection
      2. Confidentiality
      3. Intellectual Property
      4. Professional Negligence
      5. Outsourcing Service and Changes in Control
    4. Additional Items for the Exam
      1. Open Virtualization Format
      2. VM Hopping
      3. Economic Denial of Service
      4. Licensing Risks
      5. Risk Concerns of a Cloud Provider Being Acquired
      6. Data Controller vs. Data Processor Definitions
      7. Guest System Monitoring in IaaS Responsibilities
      8. User Provisioning Vulnerability
      9. Underlying Vulnerability in Loss of Governance
    5. Risks R.1–R.35 and Underlying Vulnerabilities
    6. Chapter Review
      1. Questions
      2. Answers
  26. Appendix A Cloud Computing Security Policy Examples
    1. Cloud Security Policy: Centralized Example
      1. Purpose
      2. Scope
      3. Background
      4. Policy
    2. Cloud Security Policy: Classification Example
      1. Purpose
      2. Scope
      3. Background
      4. Policy
  27. Appendix B About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Technical Support
  28. Glossary
  29. Index

Product information

  • Title: CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide
  • Author(s): Graham Thompson
  • Release date: March 2020
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260460094