Librería Portfolio

The only official study guide for the new CCSP exam
CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.

Review 100% of all CCSP exam objectives
Practice applying essential concepts and skills
Access the industry-leading online study tool set
Test your knowledge with bonus practice exams and more
As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.



Table of Contents

Introduction xv

Assessment Test xxiii

Chapter 1 Architectural Concepts 1

Business Requirements 4

Existing State 4

Quantifying Benefits and Opportunity Cost 5

Intended Impact 8

Cloud Evolution, Vernacular, and Definitions 8

New Technology, New Options 8

Cloud Computing Service Models 10

Cloud Deployment Models 11

Cloud Computing Roles and Responsibilities 13

Cloud Computing Definitions 13

Foundational Concepts of Cloud Computing 16

Sensitive Data 17

Virtualization 17

Encryption 17

Auditing and Compliance 18

Cloud Service Provider Contracts 18

Summary 19

Exam Essentials 19

Written Labs 19

Review Questions 20

Chapter 2 Design Requirements 25

Business Requirements Analysis 26

Inventory of Assets 26

Valuation of Assets 27

Determination of Criticality 27

Risk Appetite 29

Boundaries of Cloud Models 31

IaaS Boundaries 31

PaaS Boundaries 32

SaaS Boundaries 32

Design Principles for Protecting Sensitive Data 34

Hardening Devices 34

Encryption 35

Layered Defenses 36

Summary 37

Exam Essentials 37

Written Labs 37

Review Questions 38

Chapter 3 Data Classification 43

Data Inventory and Discovery 45

Data Ownership 45

The Data Life Cycle 46

Data Discovery Methods 49

Jurisdictional Requirements 50

Data Rights Management 51

Intellectual Property Protections 51

DRM Tool Traits 55

Data Control 57

Data Retention 58

Data Audit 59

Data Destruction/Disposal 61

Summary 62

Exam Essentials 63

Written Labs 63

Review Questions 64

Chapter 4 Cloud Data Security 67

Cloud Data Life Cycle 69

Create 70

Store 70

Use 71

Share 71

Archive 72

Destroy 74

Cloud Storage Architectures 74

Volume Storage: File-Based Storage and Block Storage 74

Object-Based Storage 74

Databases 75

Content Delivery Network (CDN) 75

Cloud Data Security Foundational Strategies 75

Encryption 75

Masking, Obfuscation, Anonymization, and Tokenization 77

Security Information and Event Management 80

Egress Monitoring (DLP) 81

Summary 82

Exam Essentials 82

Written Labs 83

Review Questions 84

Chapter 5 Security in the Cloud 87

Shared Cloud Platform Risks and Responsibilities 88

Cloud Computing Risks by Deployment and Service Model 90

Private Cloud 91

Community Cloud 91

Public Cloud 92

Hybrid Cloud 97

IaaS (Infrastructure as a Service) 97

PaaS (Platform as a Service) 97

SaaS (Software as a Service) 98

Virtualization 98

Cloud Attack Surface 99

Threats by Deployment Model 100

Countermeasure Methodology 102

Disaster Recovery (DR) and Business Continuity

Management (BCM) 105

Cloud-Specific BIA Concerns 105

Customer/Provider Shared BC/DR Responsibilities 106

Summary 108

Exam Essentials 109

Written Labs 109

Review Questions 110

Chapter 6 Responsibilities in the Cloud 115

Foundations of Managed Services 118

Business Requirements 119

Business Requirements: The Cloud Provider Perspective 119

Shared Responsibilities by Service Type 125

IaaS 125

PaaS 125

SaaS 125

Shared Administration of OS, Middleware, or Applications 126

Operating System Baseline Configuration and

Management 126

Share Responsibilities: Data Access 128

Customer Directly Administers Access 128

Provider Administers Access on Behalf of

the Customer 129

Third-Party (CASB) Administers Access on Behalf of the Customer 129

Lack of Physical Access 131

Audits 131

Shared Policy 134

Shared Monitoring and Testing 134

Summary 135

Exam Essentials 135

Written Labs 136

Review Questions 137

Chapter 7 Cloud Application Security 141

Training and Awareness 143

Common Cloud Application Deployment Pitfalls 146

Cloud-Secure Software Development Life Cycle (SDLC) 148

ISO/IEC 27034-1 Standards for Secure Application Development 150

Identity and Access Management (IAM) 151

Identity Repositories and Directory Services 153

Single Sign-On (SSO) 153

Federated Identity Management 153

Federation Standards 154

Multifactor Authentication 155

Supplemental Security Devices 155

Cloud Application Architecture 157

Application Programming Interfaces 157

Tenancy Separation 159

Cryptography 159

Sandboxing 162

Application Virtualization 162

Cloud Application Assurance and Validation 162

Threat Modeling 163

Quality of Service 166

Software Security Testing 166

Approved APIs 171

Software Supply Chain (API) Management 171

Securing Open Source Software 172

Runtime Application Self-Protection (RASP) 173

Secure Code Reviews 173

OWASP Top 9 Coding Flaws 173

Summary 174

Exam Essentials 174

Written Labs 175

Review Questions 176

Chapter 8 Operations Elements 181

Physical/Logical Operations 183

Facilities and Redundancy 184

Virtualization Operations 194

Storage Operations 195

Physical and Logical Isolation 197

Security Training and Awareness 198

Training Program Categories 199

Additional Training Insights