Muutke küpsiste eelistusi

E-raamat: CCSP Certified Cloud Security Professional All-in-One Exam Guide

3.98/5 (60 hinnangut Goodreads-ist)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 22-Nov-2016
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781259835452
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 32,76 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CCSP Certified Cloud Security Professional All-in-One Exam GuideSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 22-Nov-2016
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781259835452
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This self-study guide delivers 100 coverage of all topics on the new CCSP examThis highly effective test preparation guide covers all six domains within the CCSP Body of Knowledge, as established both by SCA and the (ISC)2. The book offers clear explanations of every subject on the brand-new CCSP exam and features accurate practice questions and real-world examples.Written by a respected computer security expert, CCSP Certified Cloud Security Professional All-in-One Exam Guide is both a powerful study tool and a valuable reference that will serve you long after the test. To aid in self-study, each chapter includes exam tips that highlight key information, a summary that serves as a quick review of salient points, and practice questions that allow you to test your comprehension. “Notes,” “Tips,” and “Cautions” throughout provide insight and call out potentially harmful situations.·        Practice questions match the tone, content, and format of those on the actual exam·        Electronic content includes 300+ practice questions and a PDF copy of the book·        Written by an experienced technical writer and computer security expert  
Acknowledgments xvii
Introduction xix
Chapter 1 How to Obtain the CCSP and Introduction to Security 1(16)
Why Get Certified?
1(1)
How to Get Certified
2(1)
CCSP Domains
2(7)
Domain 1: Architectural Concepts and Design Requirements
2(2)
Domain 2: Cloud Data Security
4(1)
Domain 3: Cloud Platform and Infrastructure Security
5(1)
Domain 4: Cloud Application Security
6(1)
Domain 5: Operations
7(1)
Domain 6: Legal and Compliance
8(1)
Introduction to IT Security
9(6)
Basic Security Concepts
10(4)
Risk Management
14(1)
Business Continuity and Disaster Recovery
15(1)
Chapter Review
15(2)
Chapter 2 Architectural Concepts and Design Requirements 17(60)
Cloud Computing Concepts
18(5)
Cloud Computing Definitions
18(1)
Cloud Computing Roles
19(1)
Key Cloud Computing Characteristics
20(3)
Building-Block Technologies
23(1)
Cloud Reference Architecture
23(14)
Cloud Computing Activities
23(1)
Cloud Service Capabilities
24(1)
Cloud Service Categories
25(4)
Cloud Deployment Models
29(4)
Cloud Cross-Cutting Aspects
33(4)
Security Concepts Relevant to Cloud Computing
37(18)
Cryptography
37(3)
Access Control
40(2)
Data and Media Sanitation
42(2)
Network Security
44(1)
Virtualization Security
45(1)
Common Threats
46(4)
Security Considerations for the Different Cloud Categories
50(5)
Design Principles of Secure Cloud Computing
55(3)
Cloud Secure Data Lifecycle
55(1)
Cloud-Based Business Continuity/Disaster Recovery Planning
56(1)
Cost—Benefit Analysis
57(1)
Identify Trusted Cloud Services
58(6)
Certification Against Criteria
59(1)
System/Subsystem Product Certifications
59(1)
ISO/IEC 27001 and 27001:2013
59(1)
NIST SP 800-53
60(1)
Payment Card Industry Data Security Standard (PCI DSS)
61(1)
SOC 1, SOC 2, and SOC 3
61(1)
Common Criteria
62(1)
FIPS 140-2
63(1)
Cloud Architecture Models
64(2)
Sherwood Applied Business Security Architecture (SABSA)
)64
IT Infrastructure Library (ITIL)
65(1)
The Open Group Architecture Framework (TOGAF)
65(1)
NIST Cloud Technology Roadmap
66(1)
Exercise
66(1)
Chapter Review
66(11)
Questions
67(2)
Questions and Answers
69(8)
Chapter 3 Cloud Data Security 77(46)
Understanding the Cloud Data Lifecycle
77(3)
Phases
77(3)
Design and Implement Cloud Data Storage Architectures
80(5)
Storage Types
80(2)
Threats to Storage Types
82(1)
Technologies Available to Address Threats
83(2)
Design and Apply Data Security Strategies
85(6)
Encryption
85(2)
Key Management
87(1)
Masking/Obfuscation/Anonymization
88(1)
Tokenization
89(1)
Application of Technologies
89(1)
Emerging Technologies
90(1)
Data Discovery and Classification Techniques
91(3)
Data Discovery
91(2)
Classification
93(1)
Relevant Jurisdictional Data Protections for Personally Identifiable Information
94(4)
Data Privacy Acts
94(1)
Privacy Roles and Responsibilities
95(1)
Implementation of Data Discovery
96(1)
Classification of Discovered Sensitive Data
96(1)
Mapping and Definition of Controls
97(1)
Application of Defined Controls
97(1)
Data Rights Management
98(2)
Data Rights Objectives
98(1)
Tools
99(1)
Data Retention, Deletion, and Archiving Policies
100(4)
Data Retention
100(1)
Data Deletion
101(1)
Data Archiving
101(3)
Auditability, Traceability, and Accountability of Data Events
104(9)
Definition of Event Sources
104(2)
Identity Attribution Requirements
106(2)
Data Event Logging
108(1)
Storage and Analysis of Data Events
109(2)
Continuous Optimizations
111(1)
Chain of Custody and Nonrepudiation
112(1)
Exercise
113(1)
Chapter Review
113(10)
Questions
114(2)
Questions and Answers
116(7)
Chapter 4 Cloud Platform and Infrastructure Security 123(34)
Cloud Infrastructure Components
123(7)
Physical Environment
123(2)
Networking
125(1)
Computing
126(1)
Virtualization
127(1)
Storage
128(1)
Management Plane
129(1)
Risks Associated with Cloud Infrastructure
130(3)
Risk Assessment and Analysis
130(1)
Virtualization Risks
131(1)
Countermeasure Strategies
132(1)
Design and Plan Security Controls
133(7)
Physical and Environmental Protection
133(1)
System and Communication Protection
134(1)
Virtualization Systems Protection
134(2)
Management of Identification, Authentication, and Authorization
136(3)
Auditing
139(1)
Disaster Recovery and Business Continuity Management Planning
140(8)
Understanding the Cloud Environment
140(2)
Understanding Business Requirements
142(1)
Understanding Risks
143(1)
Disaster Recovery/Business Continuity Strategy
144(4)
Chapter Review
148(1)
Excercise
148(9)
Questions
148(3)
Questions and Answers
151(6)
Chapter 5 Cloud Application Security 157(34)
Training and Awareness in Application Security
157(6)
Cloud Development Basics
158(1)
Common Pitfalls
158(2)
Common Vulnerabilities
160(3)
Cloud Software Assurance and Validation
163(3)
Cloud-Based Functional Testing
164(1)
Cloud Secure Development Lifecycle
164(1)
Security Testing
164(2)
Verified Secure Software
166(1)
Approved API
166(1)
Supply-Chain Management
166(1)
Community Knowledge
167(1)
Understanding the Software Development Lifecycle (SDLC) Process
167(3)
Phases and Methodologies
167(2)
Business Requirements
169(1)
Software Configuration Management and Versioning
170(1)
Applying the Secure Software Development Lifecycle
170(6)
Cloud-Specific Risks
171(1)
Quality of Service
172(1)
Threat Modeling
173(3)
Cloud Application Architecture
176(4)
Supplemental Security Devices
176(2)
Cryptography
178(1)
Sandboxing
178(1)
Application Virtualization
179(1)
Identity and Access Management (IAM) Solutions
180(3)
Federated Identity
180(2)
Identity Providers
182(1)
Single Sign-On
182(1)
Multifactor Authentication
182(1)
Exercise
183(1)
Chapter Review
183(8)
Questions
184(2)
Questions and Answers
186(5)
Chapter 6 Operations 191(62)
Support the Planning Process for the Data Center Design
191(7)
Logical Design
192(1)
Physical Design
193(4)
Environmental Design
197(1)
Implement and Build the Physical Infrastructure for the Cloud Environment
198(5)
Secure Configuration of Hardware-Specific Requirements
198(4)
Installation and Configuration of Virtualization Management Tools
202(1)
Run the Physical Infrastructure for the Cloud Environment
203(6)
Configuration of Access Control for Local Access
203(1)
Securing Network Configuration
204(3)
OS Hardening via the Application of Baselines
207(1)
Availability of Standalone Hosts
207(1)
Availability of Clustered Hosts
207(2)
Manage the Physical Infrastructure for the Cloud Environment
209(12)
Configuring Access Controls for Remote Access
209(1)
OS Baseline Compliance Monitoring and Remediation
210(1)
Patch Management
210(2)
Performance Monitoring
212(1)
Hardware Monitoring
213(1)
Backup and Restore of Host Configuration
214(1)
Implementation of Network Security Controls
214(4)
Log Capture and Analysis
218(2)
Management Plan
220(1)
Build the Logical Infrastructure for the Cloud Environment
221(2)
Secure Configuration of Virtual Hardware-Specific Requirements
221(1)
Installation of Guest Operating System Virtualization Toolsets
222(1)
Run the Logical Infrastructure for the Cloud Environment
223(3)
Secure Network Configuration
223(1)
OS Hardening via Application of Baselines
224(2)
Availability of the Guest Operating System
226(1)
Manage the Logical Infrastructure for the Cloud Environment
226(3)
Access Control for Remote Access
226(1)
OS Baseline Compliance Monitoring and Remediation
227(1)
Patch Management
227(1)
Performance Monitoring
228(1)
Backup and Restore of Guest OS Configuration
228(1)
Implementation of Network Security Controls
228(1)
Log Capture and Analysis
228(1)
Management Plan
229(1)
Ensure Compliance with Regulations and Controls
229(6)
Change Management
230(1)
Continuity Management
231(1)
Information Security Management
232(1)
Continual Service Improvement Management
232(1)
Incident Management
232(1)
Problem Management
233(1)
Release and Deployment Management
234(1)
Configuration Management
234(1)
Service Level Management
234(1)
Availability Management
235(1)
Capacity Management
235(1)
Conduct Risk Assessment for the Logical and Physical Infrastructure
235(5)
Framing Risk
235(1)
Assessing Risk
236(2)
Responding to Risk
238(2)
Monitoring Risk
240(1)
Understand the Collection, Acquisition, and Preservation of Digital Evidence
240(2)
Proper Methodologies for the Forendk Collection of Data
240(2)
Evidence Management
242(1)
Manage Communication with Relevant Parties
242(2)
Vendors
242(1)
Customers
242(1)
Partners
243(1)
Regulators
243(1)
Other Stakeholders
243(1)
Exercise
244(1)
Chapter Review
244(9)
Questions
244(3)
Questions and Answers
247(6)
Chapter 7 Legal and Compliance Domain 253(50)
Legal Requirements and Unique Risks Within the Cloud Environment
253(7)
International Legislation Conflicts
254(1)
Appraisal of Legal Risks Specific to Cloud Computing
254(1)
Legal Controls
255(1)
eDiscovery
255(4)
Forensics Requirements
259(1)
Privacy Issues and Jurisdictional Variation
260(6)
Difference Between Contractual and Regulated PII
260(1)
Country-Specific Legislation Related to PII and Data Privacy
261(2)
Differences Among Confidentiality, Integrity, Availability, and Privacy
263(3)
Audit Processes, Methodologies, and Required Adaptions for a Cloud Environment
266(19)
Internal and External Audit Controls
266(1)
Impact of Requirements Programs by the Use of Cloud
267(1)
Assurance Challenges of Virtualization and Cloud
267(1)
Types of Audit Reports
268(4)
Restrictions of Audit Scope Statements
272(1)
Gap Analysis
273(1)
Audit Plan
274(4)
Standards Requirements
278
Internal Information Security Management System (ISMS)
80(201)
Internal Information Security Controls System
281(1)
Policies
282(1)
Identification and Involvement of Relevant Stakeholders
283(1)
Specialized Compliance Requirements for Highly Regulated Industries
284(1)
Impact of Distributed IT Model
284(1)
Implications of cloud to Enterprise Risk Management
285(4)
Assess Providers Risk Management
286(1)
Difference Between Data Owner/Controller vs. Data Custodian/Processor
286(1)
Risk Mitigation
287(1)
Different Risk Frameworks
287(1)
Metrics for Risk Management
288(1)
Assessment of the Risk Environment
289(1)
Outsourcing and Cloud Contract Design
289(5)
Business Requirements
290(1)
Vendor Management
290(2)
Contract Management
292(2)
Executive Vendor Management
294(1)
Supply-Chain Management
294(1)
Exercise
295(1)
Chapter Review
295(8)
Questions
295(3)
Questions and Answers
298(5)
Appendix A Exam Review Questions 303(92)
Questions
303(19)
Quick Answers
322(1)
Questions and Comprehensive Answer Explanations
323(72)
Appendix B About the CD-ROM 395(2)
System Requirements
395(1)
Installing and Running Total Tester Premium Practice
Exam Software
395(1)
Total Tester Premium Practice Exam Software
395(1)
Secured Book PDF
396(1)
Technical Support
396(1)
Glossary 397(12)
Index 409
Daniel Carter, CISSP CCSP CISM CISA, has 20 years of experience in the IT and security worlds, working in both the higher education and healthcare sectors. He has worked at both state and federal levels and is currently a systems security officer of U.S. federal healthcare for HP Enterprise.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97812598354526e.html
Märksõnad: