CCSP Certified Cloud Security Professional All-in-One Exam Guide, Second Edition, 2nd Edition

Table of contents

1. Cover
2. Title Page
3. Copyright Page
4. Dedication
5. ABOUT THE AUTHOR
6. CONTENTS AT A GLANCE
7. CONTENTS
8. Introduction
9. Acknowledgments
10. Chapter 1 How to Obtain the CCSP and Introduction to Security
    1. Why Get Certified?
    2. How to Get Certified
    3. CCSP Domains
       1. Domain 1: Cloud Concepts, Architecture, and Design
       2. Domain 2: Cloud Data Security
       3. Domain 3: Cloud Platform and Infrastructure Security
       4. Domain 4: Cloud Application Security
       5. Domain 5: Cloud Security Operations
       6. Domain 6: Legal, Risk, and Compliance
    4. Introduction to IT Security
       1. Basic Security Concepts
       2. Risk Management
       3. Business Continuity and Disaster Recovery
    5. Chapter Review
11. Chapter 2 Cloud Concepts, Architecture, and Design
    1. Cloud Computing Concepts
       1. Cloud Computing Definitions
       2. Cloud Computing Roles
       3. Key Cloud Computing Characteristics
       4. Building-Block Technologies
    2. Cloud Reference Architecture
       1. Cloud Computing Activities
       2. Cloud Service Capabilities
       3. Cloud Service Categories
       4. Cloud Deployment Models
       5. Cloud Shared Considerations
       6. Impact of Related Technologies
    3. Security Concepts Relevant to Cloud Computing
       1. Cryptography
       2. Access Control
       3. Data and Media Sanitation
       4. Network Security
       5. Virtualization Security
       6. Common Threats
       7. Security Considerations for the Different Cloud Categories
    4. Design Principles of Secure Cloud Computing
       1. Cloud Secure Data Lifecycle
       2. Cloud-Based Business Continuity/Disaster Recovery Planning
       3. Cost-Benefit Analysis
    5. Identify Trusted Cloud Services
       1. Certification Against Criteria
       2. System/Subsystem Product Certifications
    6. Cloud Architecture Models
       1. Sherwood Applied Business Security Architecture (SABSA)
       2. IT Infrastructure Library (ITIL)
       3. The Open Group Architecture Framework (TOGAF)
       4. NIST Cloud Technology Roadmap
    7. Exercise
    8. Chapter Review
       1. Questions
       2. Questions and Answers
12. Chapter 3 Cloud Data Security
    1. Describe Cloud Data Concepts
       1. Cloud Data Lifecycle Phases
       2. Data Dispersion
    2. Design and Implement Cloud Data Storage Architectures
       1. Storage Types
       2. Threats to Storage Types
    3. Design and Apply Data Security Strategies
       1. Encryption
       2. Hashing
       3. Key Management
       4. Tokenization
       5. Data Loss Prevention
       6. Data De-identification
       7. Application of Technologies
       8. Emerging Technologies
    4. Implement Data Discovery
       1. Structured Data
       2. Unstructured Data
    5. Implement Data Classification
       1. Mapping
       2. Labeling
       3. Sensitive Data
    6. Relevant Jurisdictional Data Protections for Personally Identifiable Information
       1. Data Privacy Acts
       2. Privacy Roles and Responsibilities
       3. Implementation of Data Discovery
       4. Classification of Discovered Sensitive Data
       5. Mapping and Definition of Controls
       6. Application of Defined Controls
    7. Data Rights Management
       1. Data Rights Objectives
       2. Tools
    8. Data Retention, Deletion, and Archiving Policies
       1. Data Retention
       2. Data Deletion
       3. Data Archiving
       4. Legal Hold
    9. Auditability, Traceability, and Accountability of Data Events
       1. Definition of Event Sources
       2. Identity Attribution Requirements
       3. Data Event Logging
       4. Storage and Analysis of Data Events
       5. Continuous Optimizations
       6. Chain of Custody and Nonrepudiation
    10. Exercise
    11. Chapter Review
        1. Questions
        2. Questions and Answers
13. Chapter 4 Cloud Platform and Infrastructure Security
    1. Comprehend Cloud Infrastructure Components
       1. Physical Environment
       2. Network and Communications
       3. Compute
       4. Storage
       5. Virtualization
       6. Management Plane
    2. Analyze Risks Associated with Cloud Infrastructure
       1. Risk Assessment and Analysis
       2. Virtualization Risks
       3. Countermeasure Strategies
    3. Design and Plan Security Controls
       1. Physical and Environmental Protection
       2. System and Communication Protection
       3. Virtualization Systems Protection
       4. Identification, Authentication, and Authorization in a Cloud Infrastructure
       5. Audit Mechanisms
    4. Disaster Recovery and Business Continuity Management Planning
       1. Understanding the Cloud Environment
       2. Understanding Business Requirements
       3. Understanding Risks
       4. Disaster Recovery/Business Continuity Strategy
    5. Exercise
    6. Chapter Review
       1. Questions
       2. Questions and Answers
14. Chapter 5 Cloud Application Security
    1. Advocate Training and Awareness for Application Security
       1. Cloud Development Basics
       2. Common Pitfalls
    2. Describe the Secure Software Development Lifecycle (SDLC) Process
       1. Business Requirements
       2. Phases and Methodologies
    3. Apply the Secure Software Development Lifecycle
       1. Avoid Common Vulnerabilities During Development
       2. Cloud-Specific Risks
       3. Quality of Service
       4. Threat Modeling
       5. Software Configuration Management and Versioning
    4. Cloud Software Assurance and Validation
       1. Cloud-Based Functional Testing
       2. Cloud Secure Development Lifecycle (CSDLC)
       3. Security Testing
    5. Verified Secure Software
       1. Approved API
       2. Supply-Chain Management
       3. Community Knowledge
    6. Cloud Application Architecture
       1. Supplemental Security Devices
       2. Cryptography
       3. Sandboxing
       4. Application Virtualization
    7. Identity and Access Management (IAM) Solutions
       1. Federated Identity
       2. Identity Providers
       3. Single Sign-On
       4. Multifactor Authentication
    8. Exercise
    9. Chapter Review
       1. Questions
       2. Questions and Answers
15. Chapter 6 Cloud Security Operations
    1. Support the Planning Process for the Data Center Design
       1. Logical Design
       2. Physical Design
       3. Environmental Design
    2. Implement and Build the Physical Infrastructure for the Cloud Environment
       1. Secure Configuration of Hardware-Specific Requirements
       2. Installation and Configuration of Virtualization Management Tools
       3. Virtual Hardware Specific Security Configuration Requirements
       4. Installation of Guest Operating System Virtualization Toolsets
    3. Operate the Physical and Logical Infrastructure for the Cloud Environment
       1. Configuration of Access Control for Local and Remote Access
       2. Secure Network Configuration
       3. OS Hardening via Application of Baselines
       4. Availability of Standalone Hosts
       5. Availability of Clustered Hosts
       6. Availability of the Guest Operating System
    4. Manage the Physical and Logical Infrastructure for Cloud Environment
       1. Access Controls for Remote Access
       2. OS Baseline Compliance Monitoring and Remediation
       3. Patch Management
       4. Performance Monitoring
       5. Hardware Monitoring
       6. Backup and Restore Functions
       7. Network Security Controls
       8. Management Plan
    5. Implement Operational Controls and Standards
       1. Change Management
       2. Continuity Management
       3. Information Security Management
       4. Continual Service Improvement Management
       5. Incident Management
       6. Problem Management
       7. Release and Deployment Management
       8. Configuration Management
       9. Service Level Management
       10. Availability Management
       11. Capacity Management
    6. Support Digital Forensics
       1. Proper Methodologies for the Forensic Collection of Data
       2. Evidence Management
    7. Manage Communication with Relevant Parties
       1. Vendors
       2. Customers
       3. Partners
       4. Regulators
       5. Other Stakeholders
    8. Manage Security Operations
       1. Security Operations Center
       2. Monitoring of Security Controls
       3. Log Capture and Analysis
    9. Exercise
    10. Chapter Review
        1. Questions
        2. Questions and Answers
16. Chapter 7 Legal, Risk, and Compliance
    1. Articulate Legal Requirements and Unique Risks Within the Cloud Environment
       1. Conflicting International Legislation
       2. Evaluation of Legal Risks Specific to Cloud Computing
       3. Legal Framework and Guidelines
       4. eDiscovery
       5. Forensics Requirements
    2. Understand Privacy Issues
       1. Difference Between Contractual and Regulated Personally Identifiable Information (PII)
       2. Country-Specific Legislation Related to PII and Data Privacy
       3. Differences Among Confidentiality, Integrity, Availability, and Privacy
       4. Standard Privacy Requirements
    3. Understand Audit Processes, Methodologies, and Required Adaptations for a Cloud Environment
       1. Internal and External Audit Controls
       2. Impact of Audit Requirements
       3. Identify Assurance Challenges of Virtualization and Cloud
       4. Types of Audit Reports
       5. Restrictions of Audit Scope Statements
       6. Gap Analysis
       7. Audit Planning
       8. Internal Information Security Management System (ISMS)
       9. Internal Information Security Controls System
       10. Policies
       11. Identification and Involvement of Relevant Stakeholders
       12. Specialized Compliance Requirements for Highly Regulated Industries
       13. Impact of Distributed IT Model
    4. Understand Implications of Cloud to Enterprise Risk Management
       1. Assess Provider’s Risk Management
       2. Difference Between Data Owner/Controller vs. Data Custodian/Processor
       3. Risk Treatment
       4. Different Risk Frameworks
       5. Metrics for Risk Management
       6. Assessment of the Risk Environment
    5. Understand Outsourcing and Cloud Contract Design
       1. Business Requirements
       2. Vendor Management
       3. Contract Management
    6. Executive Vendor Management
       1. Supply-Chain Management
    7. Exercise
    8. Chapter Review
       1. Questions
       2. Questions and Answers
17. Appendix A Exam Review Questions
    1. Questions
    2. Quick Answers
    3. Questions and Comprehensive Answer Explanations
18. Appendix B About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
       1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Technical Support
19. Glossary
20. Index