O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CCSP Certified Cloud Security Professional All-in-One Exam Guide

Book Description

This self-study guide delivers 100% coverage of all topics on the new CCSP exam

This highly effective test preparation guide covers all six domains within the CCSP Body of Knowledge, as established both by CSA and the (ISC)2. The book offers clear explanations of every subject on the brand-new CCSP exam and features accurate practice questions and real-world examples.

Written by a respected computer security expert, CCSP Certified Cloud Security Professional All-in-One Exam Guide is both a powerful study tool and a valuable reference that will serve you long after the test. To aid in self-study, each chapter includes exam tips that highlight key information, a summary that serves as a quick review of salient points, and practice questions that allow you to test your comprehension. “Notes,” “Tips,” and “Cautions” throughout provide insight and call out potentially harmful situations.

· Practice questions match the tone, content, and format of those on the actual exam

· Electronic content includes 300+ practice questions and a PDF copy of the book

· Written by an experienced technical writer and computer security expert



Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. Chapter 1 How to Obtain the CCSP and Introduction to Security
    1. Why Get Certified?
    2. How to Get Certified
    3. CCSP Domains
      1. Domain 1: Architectural Concepts and Design Requirements
      2. Domain 2: Cloud Data Security
      3. Domain 3: Cloud Platform and Infrastructure Security
      4. Domain 4: Cloud Application Security
      5. Domain 5: Operations
      6. Domain 6: Legal and Compliance
    4. Introduction to IT Security
      1. Basic Security Concepts
      2. Risk Management
      3. Business Continuity and Disaster Recovery
    5. Chapter Review
  9. Chapter 2 Architectural Concepts and Design Requirements
    1. Cloud Computing Concepts
      1. Cloud Computing Definitions
      2. Cloud Computing Roles
      3. Key Cloud Computing Characteristics
      4. Building-Block Technologies
    2. Cloud Reference Architecture
      1. Cloud Computing Activities
      2. Cloud Service Capabilities
      3. Cloud Service Categories
      4. Cloud Deployment Models
      5. Cloud Cross-Cutting Aspects
    3. Security Concepts Relevant to Cloud Computing
      1. Cryptography
      2. Access Control
      3. Data and Media Sanitation
      4. Network Security
      5. Virtualization Security
      6. Common Threats
      7. Security Considerations for the Different Cloud Categories
    4. Design Principles of Secure Cloud Computing
      1. Cloud Secure Data Lifecycle
      2. Cloud-Based Business Continuity/Disaster Recovery Planning
      3. Cost–Benefit Analysis
    5. Identify Trusted Cloud Services
      1. Certification Against Criteria
      2. System/Subsystem Product Certifications
      3. ISO/IEC 27001 and 27001:2013
      4. NIST SP 800-53
      5. Payment Card Industry Data Security Standard (PCI DSS)
      6. SOC 1, SOC 2, and SOC 3
      7. Common Criteria
      8. FIPS 140-2
    6. Cloud Architecture Models
      1. Sherwood Applied Business Security Architecture (SABSA)
      2. IT Infrastructure Library (ITIL)
      3. The Open Group Architecture Framework (TOGAF)
      4. NIST Cloud Technology Roadmap
    7. Exercise
    8. Chapter Review
      1. Questions
      2. Questions and Answers
  10. Chapter 3 Cloud Data Security
    1. Understanding the Cloud Data Lifecycle
      1. Phases
    2. Design and Implement Cloud Data Storage Architectures
      1. Storage Types
      2. Threats to Storage Types
      3. Technologies Available to Address Threats
    3. Design and Apply Data Security Strategies
      1. Encryption
      2. Key Management
      3. Masking/Obfuscation/Anonymization
      4. Tokenization
      5. Application of Technologies
      6. Emerging Technologies
    4. Data Discovery and Classification Techniques
      1. Data Discovery
      2. Classification
    5. Relevant Jurisdictional Data Protections for Personally Identifiable Information
      1. Data Privacy Acts
      2. Privacy Roles and Responsibilities
      3. Implementation of Data Discovery
      4. Classification of Discovered Sensitive Data
      5. Mapping and Definition of Controls
      6. Application of Defined Controls
    6. Data Rights Management
      1. Data Rights Objectives
      2. Tools
    7. Data Retention, Deletion, and Archiving Policies
      1. Data Retention
      2. Data Deletion
      3. Data Archiving
    8. Auditability, Traceability, and Accountability of Data Events
      1. Definition of Event Sources
      2. Identity Attribution Requirements
      3. Data Event Logging
      4. Storage and Analysis of Data Events
      5. Continuous Optimizations
      6. Chain of Custody and Nonrepudiation
    9. Exercise
    10. Chapter Review
      1. Questions
      2. Questions and Answers
  11. Chapter 4 Cloud Platform and Infrastructure Security
    1. Cloud Infrastructure Components
      1. Physical Environment
      2. Networking
      3. Computing
      4. Virtualization
      5. Storage
      6. Management Plane
    2. Risks Associated with Cloud Infrastructure
      1. Risk Assessment and Analysis
      2. Virtualization Risks
      3. Countermeasure Strategies
    3. Design and Plan Security Controls
      1. Physical and Environmental Protection
      2. System and Communication Protection
      3. Virtualization Systems Protection
      4. Management of Identification, Authentication, and Authorization
      5. Auditing
    4. Disaster Recovery and Business Continuity Management Planning
      1. Understanding the Cloud Environment
      2. Understanding Business Requirements
      3. Understanding Risks
      4. Disaster Recovery/Business Continuity Strategy
    5. Exercise
    6. Chapter Review
      1. Questions
      2. Questions and Answers
  12. Chapter 5 Cloud Application Security
    1. Training and Awareness in Application Security
      1. Cloud Development Basics
      2. Common Pitfalls
      3. Common Vulnerabilities
    2. Cloud Software Assurance and Validation
      1. Cloud-Based Functional Testing
      2. Cloud Secure Development Lifecycle
      3. Security Testing
    3. Verified Secure Software
      1. Approved API
      2. Supply-Chain Management
      3. Community Knowledge
    4. Understanding the Software Development Lifecycle (SDLC) Process
      1. Phases and Methodologies
      2. Business Requirements
      3. Software Configuration Management and Versioning
    5. Applying the Secure Software Development Lifecycle
      1. Cloud-Specific Risks
      2. Quality of Service
      3. Threat Modeling
    6. Cloud Application Architecture
      1. Supplemental Security Devices
      2. Cryptography
      3. Sandboxing
      4. Application Virtualization
    7. Identity and Access Management (IAM) Solutions
      1. Federated Identity
      2. Identity Providers
      3. Single Sign-On
      4. Multifactor Authentication
    8. Exercise
    9. Chapter Review
      1. Questions
      2. Questions and Answers
  13. Chapter 6 Operations
    1. Support the Planning Process for the Data Center Design
      1. Logical Design
      2. Physical Design
      3. Environmental Design
    2. Implement and Build the Physical Infrastructure for the Cloud Environment
      1. Secure Configuration of Hardware-Specific Requirements
      2. Installation and Configuration of Virtualization Management Tools
    3. Run the Physical Infrastructure for the Cloud Environment
      1. Configuration of Access Control for Local Access
      2. Securing Network Configuration
      3. OS Hardening via the Application of Baselines
      4. Availability of Standalone Hosts
      5. Availability of Clustered Hosts
    4. Manage the Physical Infrastructure for the Cloud Environment
      1. Configuring Access Controls for Remote Access
      2. OS Baseline Compliance Monitoring and Remediation
      3. Patch Management
      4. Performance Monitoring
      5. Hardware Monitoring
      6. Backup and Restore of Host Configuration
      7. Implementation of Network Security Controls
      8. Log Capture and Analysis
      9. Management Plan
    5. Build the Logical Infrastructure for the Cloud Environment
      1. Secure Configuration of Virtual Hardware–Specific Requirements
      2. Installation of Guest Operating System Virtualization Toolsets
    6. Run the Logical Infrastructure for the Cloud Environment
      1. Secure Network Configuration
      2. OS Hardening via Application of Baselines
      3. Availability of the Guest Operating System
    7. Manage the Logical Infrastructure for the Cloud Environment
      1. Access Control for Remote Access
      2. OS Baseline Compliance Monitoring and Remediation
      3. Patch Management
      4. Performance Monitoring
      5. Backup and Restore of Guest OS Configuration
      6. Implementation of Network Security Controls
      7. Log Capture and Analysis
      8. Management Plan
    8. Ensure Compliance with Regulations and Controls
      1. Change Management
      2. Continuity Management
      3. Information Security Management
      4. Continual Service Improvement Management
      5. Incident Management
      6. Problem Management
      7. Release and Deployment Management
      8. Configuration Management
      9. Service Level Management
      10. Availability Management
      11. Capacity Management
    9. Conduct Risk Assessment for the Logical and Physical Infrastructure
      1. Framing Risk
      2. Assessing Risk
      3. Responding to Risk
      4. Monitoring Risk
    10. Understand the Collection, Acquisition, and Preservation of Digital Evidence
      1. Proper Methodologies for the Forensic Collection of Data
      2. Evidence Management
    11. Manage Communication with Relevant Parties
      1. Vendors
      2. Customers
      3. Partners
      4. Regulators
      5. Other Stakeholders
    12. Exercise
    13. Chapter Review
      1. Questions
      2. Questions and Answers
  14. Chapter 7 Legal and Compliance Domain
    1. Legal Requirements and Unique Risks Within the Cloud Environment
      1. International Legislation Conflicts
      2. Appraisal of Legal Risks Specific to Cloud Computing
      3. Legal Controls
      4. eDiscovery
      5. Forensics Requirements
    2. Privacy Issues and Jurisdictional Variation
      1. Difference Between Contractual and Regulated PII
      2. Country-Specific Legislation Related to PII and Data Privacy
      3. Differences Among Confidentiality, Integrity, Availability, and Privacy
    3. Audit Processes, Methodologies, and Required Adaptions for a Cloud Environment
      1. Internal and External Audit Controls
      2. Impact of Requirements Programs by the Use of Cloud
      3. Assurance Challenges of Virtualization and Cloud
      4. Types of Audit Reports
      5. Restrictions of Audit Scope Statements
      6. Gap Analysis
      7. Audit Plan
      8. Standards Requirements
      9. Internal Information Security Management System (ISMS)
      10. Internal Information Security Controls System
      11. Policies
      12. Identification and Involvement of Relevant Stakeholders
      13. Specialized Compliance Requirements for Highly Regulated Industries
      14. Impact of Distributed IT Model
    4. Implications of Cloud to Enterprise Risk Management
      1. Assess Providers Risk Management
      2. Difference Between Data Owner/Controller vs. Data Custodian/Processor
      3. Risk Mitigation
      4. Different Risk Frameworks
      5. Metrics for Risk Management
      6. Assessment of the Risk Environment
    5. Outsourcing and Cloud Contract Design
      1. Business Requirements
      2. Vendor Management
      3. Contract Management
    6. Executive Vendor Management
      1. Supply-Chain Management
    7. Exercise
    8. Chapter Review
      1. Questions
      2. Questions and Answers
  15. Appendix A Exam Review Questions
    1. Questions
    2. Quick Answers
    3. Questions and Comprehensive Answer Explanations
  16. Appendix B About the Download
    1. System Requirements
    2. Installing and Running Total Tester
    3. Total Tester Premium Practice Exam Software
    4. Technical Support
  17. Glossary
  18. Index