book

Certificate of Cloud Security Knowledge (CCSK v5) Study Guide

Name: Certificate of Cloud Security Knowledge (CCSK v5) Study Guide
Author: Graham Thompson
ISBN: 9781098173418

by Graham Thompson

August 2025

Intermediate to advanced

306 pages

8h 55m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Quizzes

Preface
Who This Book Is ForConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Cloud Computing Concepts and Architectures
Defining Cloud ComputingResource PoolsToolsTwo Definitions of Cloud ComputingLogical Model of the CloudInfostructureApplistructureMetastructureInfrastructureCloud Computing ModelsEssential CharacteristicsCloud Service ModelsCloud Deployment ModelsCloud Security Responsibilities, Frameworks, and Process ModelsShared Security Responsibility ModelCloud Security Frameworks and PatternsSummary
2. Principles of Cloud and IT Governance
Corporate GovernanceIT GovernanceCloud Governance Changes and ChallengesEffective Cloud Governance1. Establish a Governance Hierarchy2. Leverage Cloud-Specific Security Frameworks3. Define Cloud Security Policies4. Set Control Objectives and Specify Control Specifications5. Define Roles and Responsibilities6. Establish a Cloud Center of Excellence or Similar Model7. Conduct Requirements and Information Gathering8. Manage Risks9. Classify Data and Assets10. Comply with Legal and Regulatory Requirements11. Maintain a Cloud RegistryCloud Center of ExcellenceKey Components of a CCoEBenefits of a CCoEStructuring IT Security GovernanceFrameworksPoliciesControl ObjectivesControl Specifications and Implementation GuidanceThinking All the Way Through the Governance StackFoundational Governance Principles and GuidelinesDetermining Risk ToleranceClassifying Data and AssetsIdentifying Regulatory and Legal RequirementsCloud Security Alliance ToolsCloud Controls MatrixSecurity, Trust, Assurance, and Risk RegistrySummary
3. Navigating Risk, Audit, and Compliance
Basics of Risk ManagementUnderstanding the Risk Management ProcessStep 0: Determining Risk ToleranceStep 1: Risk IdentificationStep 2: Risk Assessment (or Risk Analysis)Step 3: Risk TreatmentStep 4: Risk MonitoringStep 5: Risk Communication and ReportingAssessing Cloud ServicesStep 1: Assess the Business RequestStep 2: Review CSP DocumentationStep 3: Review External SourcesStep 4: Map to Compliance RequirementsStep 5: Map to Data ClassificationStep 6: Define Required and Compensating ControlsStep 7: Obtain Final ApprovalGovernance, Risk Management, and Compliance ToolsWhere Compliance Requirements Come FromArtifacts of ComplianceJurisdictionsData Localization LawsCompliance in the CloudSummary
4. Guide to Cloud Organization Management
Organizational Hierarchy ModelsDefinitionsOrganizational StructuresOrganizational Capabilities Within a Cloud Service ProviderBuilding a Hierarchy Within a ProviderManaging Organization-Level Security Within a ProviderConsiderations for Hybrid and Multicloud DeploymentsOrganizational Management for Hybrid Cloud SecurityOrganizational Management for Multicloud SecurityTooling and Staffing for IaaS/PaaS MulticloudOrganizational Management for SaaS Hybrid and MulticloudSummary
5. Identity and Access Management
How IAM Is Different in the CloudFundamental Terms for Understanding IAMPersonaAttributeEntitlementEntitlement MatrixRoleAttribute-Based Access ControlPolicy-Based Access ControlAuthoritative SourceFederated Identity ManagementIdentity ProviderRelying PartyAssertionFederated Identity ManagementCommon Federation StandardsHow Federation WorksManaging Users and Identities for Cloud ComputingStrong Authentication and AuthorizationAuthorizationAuthenticationPrivileged User ManagementPrivileged Identity ManagementPrivileged Access ManagementSummary
6. Detecting Threats in the Cloud
Cloud MonitoringLogs and EventsPosture ManagementCloud Telemetry SourcesManagement Plane LogsService LogsResource LogsCloud Native Security ToolsCloud Security Posture ManagementSaaS Security Posture ManagementCloud Workload Protection PlatformData Security Posture ManagementApplication Security Posture ManagementCloud Infrastructure Entitlement ManagementCloud Detection and ResponseSIEM and SOAR: The Detective and the Robot GuardSecurity Information and Event ManagementSecurity Orchestration, Automation, and ResponseCollection ArchitecturesLog Storage and RetentionCascading Log ArchitectureAI for Security MonitoringSummary
7. Infrastructure and Networking
Cloud Infrastructure SecurityCloud Customer Security TechniquesCSP Infrastructure Security ResponsibilitiesInfrastructure ResilienceSingle-Region ResiliencyMultiregion ResiliencyMultiprovider ResiliencyCloud Network FundamentalsCommon SDN-Based ComponentsCloud ConnectivityCloud Network Security and Secure ArchitecturesPreventive ControlsDetective Security ControlsInfrastructure as CodeZero Trust for Cloud Infrastructure and NetworksSoftware-Defined PerimeterZero Trust Network AccessSecure Access Service EdgeSummary
8. Cloud Workload Security
Securing Virtual MachinesVirtual Machine Challenges and MitigationsCreating Secure VM Images with FactoriesRecommended Tools and Best Practices for VMsThe Vulnerability Management LifecycleSnapshots, Public Exposures, and ExfiltrationSecuring ContainersContainer Image CreationContainer NetworkingContainer Orchestration and Management SystemsContainer Orchestration SecuritySecure Artifact RepositoriesRuntime Protection for ContainersSecuring Serverless and Function as a ServiceFaaS Security IssuesIAM for Serverless ComputingSecuring AI WorkloadsLarge Language Model AssetsTop Nine Large Language Model System ThreatsAI Risk Mitigation and Shared ResponsibilitiesData Security for AIModel SecurityInfrastructure SecuritySupply Chain SecuritySummary
9. Keeping Data Safe in the Cloud
Data StructuresStorage Security PrimerCloud Storage TypesObject StorageVolume StorageDatabase StorageOther Types of StorageData Security Tools and TechniquesData ClassificationIdentity and Access ManagementAccess PoliciesData Loss PreventionCloud Data Encryption at RestEncryption and Key ManagementKey Management ServiceHardware Security ModuleEncryption Key OptionsEncryption Implementation OptionsSymmetric Versus Asymmetric EncryptionData Encryption RecommendationsData Security Posture ManagementSummary

10. Building Secure Applications
Secure Development LifecycleStages of the CSA DevSecOps SDLCThreat ModelingRisk Assessment MatrixTesting: PredeploymentTesting: Post DeploymentArchitecture’s Role in Secure Cloud ApplicationsThe Impact of the Cloud on Architecture-Level SecurityArchitectural ResilienceIAM and Application SecuritySecrets ManagementSecrets Management WorkflowDevOps and DevSecOpsThe DevOps/DevSecOps LifecycleCI/CD PipelinesWeb Application Firewalls and API GatewaysAgent-Based DeploymentCloud Native Provider ServicesThird-Party Marketplace SolutionsWAF and DDoS Protection as a ServiceSummary
11. Incident Response: From Detection to Recovery
Incident ResponseIncident Response LifecyclePhase 1: PreparationPhase 2: Detection and AnalysisPhase 3: Containment, Eradication, and RecoveryPhase 4: Post-Incident AnalysisHow the Preparation Phase Changes in Cloud EnvironmentsTraining for Cloud Incident RespondersHow Detection and Analysis Change in Cloud EnvironmentsImpact of the Cloud on Incident AnalysisCloud System ForensicsForensics Blast ZonesCloud Forensics: Container and Serverless ConsiderationsContainment, Eradication, and RecoveryContainmentEradicationRecoveryPost-Incident AnalysisSummary
12. Deep Dive into Zero Trust and AI
Zero TrustZero Trust PrinciplesZero Trust Technical ObjectivesProtective FrameworkSimplified User ExperienceReduced Attack SurfaceReduced ComplexityContinuous AuthenticationImproved Incident Containment and ManagementPrinciple of Least PrivilegeZero Trust Business ObjectivesReduce RiskImprove ComplianceDemonstrate Commitment to CybersecurityCore Logical Zero Trust ComponentsZero Trust Security FrameworksSoftware-Defined PerimeterZero Trust Network AccessZero Trust PillarsZero Trust Maturity Model LevelsZero Trust Design and ImplementationStep 1: Define the Protect SurfaceStep 2: Map the Transaction FlowsStep 3: Build a Zero Trust ArchitectureStep 4: Create a Zero Trust PolicyStep 5: Monitor and Maintain the EnvironmentZero Trust and Cloud SecurityArtificial IntelligenceCharacteristics of AI WorkloadsHow AI Intersects with Cloud SecuritySummary
13. Preparing for Your CCSK Exam
Studying for the CCSK ExamExam DetailsSigning Up for the CCSK ExamExam TipsUsing ChatGPT as a Study ToolAbout Generative AI Large Language ModelsThe Importance of ProjectsUploading FilesDownloading FilesIntroduction to Prompt EngineeringComponents of a Good PromptCreating Study ToolsGenerating Pretest QuestionsCreating FlashcardsPlaying GamesStudy PlansChatGPT AnnoyancesFinal Exam-Day Thoughts
Index
About the Author

Content preview from Certificate of Cloud Security Knowledge (CCSK v5) Study Guide

Chapter 11. Incident Response: From Detection to Recovery

In preparing for battle I have always found that plans are useless, but planning is indispensable.

Dwight D. Eisenhower

Incident response is the structured approach an organization takes to prepare for, detect, contain, and recover from cybersecurity incidents such as data breaches, malware infections, insider threats, or DoS attacks. Incident response must be planned before an incident occurs. Unfortunately, it is a matter of when, not if, an organization will experience a security incident and possibly a breach. These incidents and breaches can occur for numerous reasons, including accidental reasons.

While organizations likely have incident response plans for internal IT systems, the cloud introduces a new virtual environment that requires expert knowledge of incident response processes, tools and technologies, governance, and new complexity for every cloud platform used.

The CSA references several key tools for its incident response recommendations, including NIST SP 800-61 Rev. 2, the CSA Cloud Incident Response (CIR) framework, ISO/IEC 27035, and ENISA’s “Strategies for Incident Response and Cyber Crisis Cooperation” document. The CSA adapts these recommendations to reflect cloud-specific incident response challenges and processes.

This chapter identifies and explains best practices for incident response in the cloud. These can be used as a reference to develop an organization’s incident response architecture, plans, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide, 3rd Edition

Publisher Resources

ISBN: 9781098173401Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Certificate of Cloud Security Knowledge (CCSK v5) Study Guide

by Graham Thompson

Chapter 11. Incident Response: From Detection to Recovery

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.