(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

Mostrar otras versiones (1)

The only official study guide for the new CCSP exam objectives effective from 2022-2025 (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide, 3 rd Edition is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC) 2, this guide help...

Descripción completa

Detalles Bibliográficos
Otros Autores: Chapple, Mike, author (author), Seidl, David, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Hoboken, NJ : John Wiley and Sons [2023]
Edición:Third edition
Materias:
Cloud computing > Security measures > Examinations > Study guides.
Computer networks > Security measures > Examinations > Study guides.
Electronic data processing personnel > Certification > Examinations > Study guides.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009724224306719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Contents
  • Introduction
  • CCSP Certification
  • Taking the CCSP Exam
  • Computer-Based Testing Environment
  • Exam Retake Policy
  • Work Experience Requirement
  • Recertification Requirements
  • What Does This Book Cover?
  • CCSP Exam Objectives
  • CCSP Certification Exam Objective Map
  • How to Contact the Publisher
  • Assessment Test
  • Answers to Assessment Test
  • Chapter 1 Architectural Concepts
  • Cloud Characteristics
  • Business Requirements
  • Understanding the Existing State
  • Cost/Benefit Analysis
  • Intended Impact
  • Cloud Computing Service Categories
  • Software as a Service
  • Infrastructure as a Service
  • Platform as a Service
  • Cloud Deployment Models
  • Private Cloud
  • Public Cloud
  • Hybrid Cloud
  • Multi-Cloud
  • Community Cloud
  • Multitenancy
  • Cloud Computing Roles and Responsibilities
  • Cloud Computing Reference Architecture
  • Virtualization
  • Hypervisors
  • Virtualization Security
  • Cloud Shared Considerations
  • Security and Privacy Considerations
  • Operational Considerations
  • Emerging Technologies
  • Machine Learning and Artificial Intelligence
  • Blockchain
  • Internet of Things
  • Containers
  • Quantum Computing
  • Edge and Fog Computing
  • Confidential Computing
  • DevOps and DevSecOps
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 2 Data Classification
  • Data Inventory and Discovery
  • Data Ownership
  • Data Flows
  • Data Discovery Methods
  • Information Rights Management
  • Certificates and IRM
  • IRM in the Cloud
  • IRM Tool Traits
  • Data Control
  • Data Retention
  • Data Audit and Audit Mechanisms
  • Data Destruction/Disposal
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 3 Cloud Data Security
  • Cloud Data Lifecycle
  • Create
  • Store
  • Use
  • Share
  • Archive
  • Destroy
  • Cloud Storage Architectures
  • Storage Types.
  • Volume Storage: File-Based Storage and Block Storage
  • Object-Based Storage
  • Databases
  • Threats to Cloud Storage
  • Designing and Applying Security Strategies for Storage
  • Encryption
  • Certificate Management
  • Hashing
  • Masking, Obfuscation, Anonymization, and Tokenization
  • Data Loss Prevention
  • Log Capture and Analysis
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 4 Security in the Cloud
  • Shared Cloud Platform Risks and Responsibilities
  • Cloud Customers, Providers, and Similar Terms
  • Cloud Computing Risks by Deployment Model
  • Private Cloud
  • Community Cloud
  • Public Cloud
  • Hybrid Cloud
  • Cloud Computing Risks by Service Model
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Virtualization
  • Threats
  • Risk Mitigation Strategies
  • Disaster Recovery (DR) and Business Continuity (BC)
  • Cloud-Specific BIA Concerns
  • Customer/Provider Shared BC/DR Responsibilities
  • Cloud Design Patterns
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 5 Cloud Platform, Infrastructure, and Operational Security
  • Foundations of Managed Services
  • Cloud Provider Responsibilities
  • Shared Responsibilities by Service Type
  • IaaS
  • PaaS
  • SaaS
  • Securing Communications and Infrastructure
  • Firewalls
  • Intrusion Detection/Intrusion Prevention Systems
  • Honeypots
  • Vulnerability Assessment Tools
  • Bastion Hosts
  • Identity Assurance in Cloud and Virtual Environments
  • Securing Hardware and Compute
  • Securing Software
  • Third-Party Software Management
  • Validating Open-Source Software
  • OS Hardening, Monitoring, and Remediation
  • Managing Virtual Systems
  • Assessing Vulnerabilities
  • Securing the Management Plane
  • Auditing Your Environment and Provider
  • Adapting Processes for the Cloud
  • Planning for Cloud Audits
  • Summary.
  • Exam Essentials
  • Review Questions
  • Chapter 6 Cloud Application Security
  • Developing Software for the Cloud
  • Common Cloud Application Deployment Pitfalls
  • Cloud Application Architecture
  • Cryptography
  • Sandboxing
  • Application Virtualization and Orchestration
  • Application Programming Interfaces
  • Multitenancy
  • Supplemental Security Components
  • Cloud-Secure Software Development Lifecycle (SDLC)
  • Software Development Phases
  • Software Development Models
  • Cloud Application Assurance and Validation
  • Threat Modeling
  • Common Threats to Applications
  • Quality Assurance and Testing Techniques
  • Supply Chain Management and Licensing
  • Identity and Access Management
  • Cloud Identity and Access Control
  • Single Sign-On
  • Identity Providers
  • Federated Identity Management
  • Multifactor Authentication
  • Secrets Management
  • Common Threats to Identity and Access Management in the Cloud
  • Zero Trust
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 7 Operations Elements
  • Designing a Secure Data Center
  • Build vs. Buy
  • Location
  • Facilities and Redundancy
  • Data Center Tiers
  • Logical Design
  • Virtualization Operations
  • Storage Operations
  • Managing Security Operations
  • Security Operations Center (SOC)
  • Continuous Monitoring
  • Incident Management
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 8 Operations Management
  • Monitoring, Capacity, and Maintenance
  • Monitoring
  • Physical and Environmental Protection
  • Maintenance
  • Change and Configuration Management
  • Baselines
  • Roles and Process
  • Release and Deployment Management
  • Problem and Incident Management
  • IT Service Management and Continual Service Improvement
  • Business Continuity and Disaster Recovery
  • Prioritizing Safety
  • Continuity of Operations
  • BC/DR Planning
  • The BC/DR Toolkit
  • Relocation
  • Power.
  • Testing
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 9 Legal and Compliance Issues
  • Legal Requirements and Unique Risks in the Cloud Environment
  • Constitutional Law
  • Legislation
  • Administrative Law
  • Case Law
  • Common Law
  • Contract Law
  • Analyzing a Law
  • Determining Jurisdiction
  • Scope and Application
  • Legal Liability
  • Torts and Negligence
  • U.S. Privacy and Security Laws
  • Health Insurance Portability and Accountability Act
  • The Health Information Technology for Economic and Clinical Health Act
  • Gramm-Leach-Bliley Act
  • Sarbanes-Oxley Act
  • State Data Breach Notification Laws
  • International Laws
  • European Union General Data Protection Regulation
  • Adequacy Decisions
  • U.S.-EU Safe Harbor and Privacy Shield
  • Laws, Regulations, and Standards
  • Payment Card Industry Data Security Standard
  • Critical Infrastructure Protection Program
  • Conflicting International Legislation
  • Information Security Management Systems
  • ISO/IEC 27017:2015
  • Privacy in the Cloud
  • Generally Accepted Privacy Principles
  • ISO 27018
  • Direct and Indirect Identifiers
  • Privacy Impact Assessments
  • Cloud Forensics
  • Forensic Requirements
  • Cloud Forensic Challenges
  • Collection and Acquisition
  • Evidence Preservation and Management
  • e-discovery
  • Audit Processes, Methodologies, and Cloud Adaptations
  • Virtualization
  • Scope
  • Gap Analysis
  • Restrictions of Audit Scope Statements
  • Policies
  • Audit Reports
  • Summary
  • Exam Essentials
  • Review Questions
  • Chapter 10 Cloud Vendor Management
  • The Impact of Diverse Geographical Locations and Legal Jurisdictions
  • Security Policy Framework
  • Policies
  • Standards
  • Procedures
  • Guidelines
  • Exceptions and Compensating Controls
  • Developing Policies
  • Enterprise Risk Management
  • Risk Identification
  • Risk Calculation
  • Risk Assessment.
  • Risk Treatment and Response
  • Risk Mitigation
  • Risk Avoidance
  • Risk Transference
  • Risk Acceptance
  • Risk Analysis
  • Control Risk
  • Risk Reporting
  • Enterprise Risk Management
  • Assessing Provider Risk Management Practices
  • Risk Management Frameworks
  • Cloud Contract Design
  • Business Requirements
  • Vendor Management
  • Data Protection
  • Negotiating Contracts
  • Common Contract Provisions
  • Contracting Documents
  • Government Cloud Standards
  • Common Criteria
  • FedRAMP
  • FIPS 140-2
  • Manage Communication with Relevant Parties
  • Summary
  • Exam Essentials
  • Review Questions
  • Appendix: Answers to the Review Questions
  • Chapter 1: Architectural Concepts
  • Chapter 2: Data Classification
  • Chapter 3: Cloud Data Security
  • Chapter 4: Security in the Cloud
  • Chapter 5: Cloud Platform, Infrastructure, and Operational Security
  • Chapter 6: Cloud Application Security
  • Chapter 7: Operations Elements
  • Chapter 8: Operations Management
  • Chapter 9: Legal and Compliance Issues
  • Chapter 10: Cloud Vendor Management
  • Index
  • Comprehensive Online Learning Environment
  • EULA.

Ejemplares similares