Muutke küpsiste eelistusi

E-raamat: CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide

4.09/5 (105 hinnangut Goodreads-ist)
,
  • Formaat: PDF+DRM
  • Ilmumisaeg: 27-Apr-2017
  • Kirjastus: Sybex Inc.,U.S.
  • Keel: eng
  • ISBN-13: 9781119277422
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 46,31 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CCSP (ISC)2 Certified Cloud Security Professional Official Study GuideSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 27-Apr-2017
  • Kirjastus: Sybex Inc.,U.S.
  • Keel: eng
  • ISBN-13: 9781119277422
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

NOTE: The exam this book covered, (ISC)2 Certified Cloud Security Professional was updated by (ISC)2 in 2019. For coverage of the current exam, please look for the latest edition of this guide: CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide 2nd Edition (9781119603375). CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.





Review 100% of all CCSP exam objectives Practice applying essential concepts and skills Access the industry-leading online study tool set Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.
Introduction xv
Assessment Test xxiii
Chapter 1 Architectural Concepts 1(24)
Business Requirements
4(4)
Existing State
4(1)
Quantifying Benefits and Opportunity Cost
5(3)
Intended Impact
8(1)
Cloud Evolution, Vernacular, and Definitions
8(5)
New Technology, New Options
8(2)
Cloud Computing Service Models
10(1)
Cloud Deployment Models
11(2)
Cloud Computing Roles and Responsibilities
13(1)
Cloud Computing Definitions
13(3)
Foundational Concepts of Cloud Computing
16(3)
Sensitive Data
17(1)
Virtualization
17(1)
Encryption
17(1)
Auditing and Compliance
18(1)
Cloud Service Provider Contracts
18(1)
Summary
19(1)
Exam Essentials
19(1)
Written Labs
19(1)
Review Questions
20(5)
Chapter 2 Design Requirements 25(18)
Business Requirements Analysis
26(5)
Inventory of Assets
26(1)
Valuation of Assets
27(1)
Determination of Criticality
27(2)
Risk Appetite
29(2)
Boundaries of Cloud Models
31(3)
IaaS Boundaries
31(1)
PaaS Boundaries
32(1)
SaaS Boundaries
32(2)
Design Principles for Protecting Sensitive Data
34(3)
Hardening Devices
34(1)
Encryption
35(1)
Layered Defenses
36(1)
Summary
37(1)
Exam Essentials
37(1)
Written Labs
37(1)
Review Questions
38(5)
Chapter 3 Data Classification 43(24)
Data Inventory and Discovery
45(5)
Data Ownership
45(1)
The Data Life Cycle
46(3)
Data Discovery Methods
49(1)
Jurisdictional Requirements
50(1)
Data Rights Management
51(6)
Intellectual Property Protections
51(4)
DRM Tool Traits
55(2)
Data Control
57(5)
Data Retention
58(1)
Data Audit
59(2)
Data Destruction/Disposal
61(1)
Summary
62(1)
Exam Essentials
63(1)
Written Labs
63(1)
Review Questions
64(3)
Chapter 4 Cloud Data Security 67(20)
Cloud Data Life Cycle
69(5)
Create
70(1)
Store
70(1)
Use
71(1)
Share
71(1)
Archive
72(2)
Destroy
74(1)
Cloud Storage Architectures
74(1)
Volume Storage: File-Based Storage and Block Storage
74(1)
Object-Based Storage
74(1)
Databases
75(1)
Content Delivery Network (CDN)
75(1)
Cloud Data Security Foundational Strategies
75(7)
Encryption
75(2)
Masking, Obfuscation, Anonymization, and Tokenization
77(3)
Security Information and Event Management
80(1)
Egress Monitoring (DLP)
81(1)
Summary
82(1)
Exam Essentials
82(1)
Written Labs
83(1)
Review Questions
84(3)
Chapter 5 Security in the Cloud 87(28)
Shared Cloud Platform Risks and Responsibilities
88(2)
Cloud Computing Risks by Deployment and Service Model
90(8)
Private Cloud
91(1)
Community Cloud
91(1)
Public Cloud
92(5)
Hybrid Cloud
97(1)
IaaS (Infrastructure as a Service)
97(1)
PaaS (Platform as a Service)
97(1)
SaaS (Software as a Service)
98(1)
Virtualization
98(1)
Cloud Attack Surface
99(6)
Threats by Deployment Model
100(2)
Countermeasure Methodology
102(3)
Disaster Recovery (DR) and Business Continuity Management (BCM)
105(3)
Cloud-Specific BIA Concerns
105(1)
Customer/Provider Shared BC/DR Responsibilities
106(2)
Summary
108(1)
Exam Essentials
109(1)
Written Labs
109(1)
Review Questions
110(5)
Chapter 6 Responsibilities in the Cloud 115(26)
Foundations of Managed Services
118(1)
Business Requirements
119(6)
Business Requirements: The Cloud Provider Perspective
119(6)
Shared Responsibilities by Service Type
125(1)
IaaS
125(1)
PaaS
125(1)
SaaS
125(1)
Shared Administration of OS, Middleware, or Applications
126(2)
Operating System Baseline Configuration and Management
126(2)
Share Responsibilities: Data Access
128(3)
Customer Directly Administers Access
128(1)
Provider Administers Access on Behalf of the Customer
129(1)
Third-Party (CASB) Administers Access on Behalf of the Customer
129(2)
Lack of Physical Access
131(4)
Audits
131(3)
Shared Policy
134(1)
Shared Monitoring and Testing
134(1)
Summary
135(1)
Exam Essentials
135(1)
Written Labs
136(1)
Review Questions
137(4)
Chapter 7 Cloud Application Security 141(40)
Training and Awareness
143(5)
Common Cloud Application Deployment Pitfalls
146(2)
Cloud-Secure Software Development Life Cycle (SDLC)
148(2)
ISO/IEC 27034-1 Standards for Secure Application Development
150(1)
Identity and Access Management (IAM)
151(6)
Identity Repositories and Directory Services
153(1)
Single Sign-On (SSO)
153(1)
Federated Identity Management
153(1)
Federation Standards
154(1)
Multifactor Authentication
155(1)
Supplemental Security Devices
155(2)
Cloud Application Architecture
157(5)
Application Programming Interfaces
157(2)
Tenancy Separation
159(1)
Cryptography
159(3)
Sandboxing
162(1)
Application Virtualization
162(1)
Cloud Application Assurance and Validation
162(12)
Threat Modeling
163(3)
Quality of Service
166(1)
Software Security Testing
166(5)
Approved APIs
171(1)
Software Supply Chain (API) Management
171(1)
Securing Open Source Software
172(1)
Runtime Application Self-Protection (RASP)
173(1)
Secure Code Reviews
173(1)
OWASP Top 9 Coding Flaws
173(1)
Summary
174(1)
Exam Essentials
174(1)
Written Labs
175(1)
Review Questions
176(5)
Chapter 8 Operations Elements 181(32)
Physical/Logical Operations
183(15)
Facilities and Redundancy
184(10)
Virtualization Operations
194(1)
Storage Operations
195(2)
Physical and Logical Isolation
197(1)
Security Training and Awareness
198(5)
Training Program Categories
199(4)
Additional Training Insights
203(1)
Basic Operational Application Security
203(3)
Threat Modeling
204(1)
Application Testing Methods
205(1)
Summary
206(1)
Exam Essentials
206(1)
Written Labs
207(1)
Review Questions
208(5)
Chapter 9 Operations Management 213(26)
Monitoring, Capacity, and Maintenance
215(6)
Monitoring
215(2)
Maintenance
217(4)
Change and Configuration Management (CM)
221(4)
Baselines
221(1)
Deviations and Exceptions
222(1)
Roles and Process
223(2)
Business Continuity and Disaster Recovery (BC/DR)
225(8)
Primary Focus
226(1)
Continuity of Operations
227(1)
The BC/DR Plan
227(2)
The BC/DR Kit
229(1)
Relocation
230(1)
Power
231(1)
Testing
232(1)
Summary
233(1)
Exam Essentials
233(1)
Written Labs
234(1)
Review Questions
235(4)
Chapter 10 Legal and Compliance Part 1 239(40)
Legal Requirements and Unique Risks in the Cloud Environment
241(20)
Legal Concepts
241(6)
U.S. Laws
247(5)
International Laws
252(1)
Laws, Frameworks, and Standards Around the World
252(9)
The Difference Between Laws, Regulations and Standards
261(1)
Potential Personal and Data Privacy Issues in the Cloud Environment
261(4)
eDiscovery
262(1)
Forensic Requirements
263(1)
International Conflict Resolution
263(1)
Cloud Forensic Challenges
263(1)
Contractual and Regulated PII
264(1)
Direct and Indirect Identifiers
264(1)
Audit Processes, Methodologies, and Cloud Adaptations
265(6)
Virtualization
265(1)
Scope
266(1)
Gap Analysis
266(1)
Information Security Management Systems (ISMSs)
266(1)
The Right to Audit in Managed Services
267(1)
Audit Scope Statements
267(1)
Policies
268(1)
Different Types of Audit Reports
268(1)
Auditor Independence
269(1)
AICPA Reports and Standards
270(1)
Summary
271(1)
Exam Essentials
272(1)
Written Labs
273(1)
Review Questions
274(5)
Chapter 11 Legal and Compliance Part 2 279(30)
The Impact of Diverse Geographical Locations and Legal Jurisdictions
281(16)
Policies
282(5)
Implications of the Cloud for Enterprise Risk Management
287(1)
Choices Involved in Managing Risk
288(3)
Risk Management Frameworks
291(2)
Risk Management Metrics
293(1)
Contracts and Service-Level Agreements (SLAB)
294(3)
Business Requirements
297(1)
Cloud Contract Design and Management for Outsourcing
297(1)
Identifying Appropriate Supply Chain and Vendor Management Processes
298(5)
Common Criteria Assurance Framework (ISO/IEC 15408-1:2009)
299(1)
Cloud Computing Certification
299(1)
CSA Security, Trust, and Assurance Registry (STAR)
300(2)
Supply Chain Risk
302(1)
Summary
303(1)
Exam Essentials
303(1)
Written Labs
304(1)
Review Questions
305(4)
Appendix A Answers to the Review Questions 309(18)
Chapter 1: Architectural Concepts
310(1)
Chapter 2: Design Requirements
311(1)
Chapter 3: Data Classification
312(2)
Chapter 4: Cloud Data Security
314(2)
Chapter 5: Security in the Cloud
316(1)
Chapter 6: Responsibilities in the Cloud
317(2)
Chapter 7: Cloud Application Security
319(1)
Chapter 8: Operations Elements
320(1)
Chapter 9: Operations Management
321(2)
Chapter 10: Legal and Compliance Part 1
323(2)
Chapter 11: Legal and Compliance Part 2
325(2)
Appendix B Answers to the Written Labs 327(8)
Chapter 1
328(1)
Chapter 2
328(1)
Chapter 3
329(1)
Chapter 4
330(1)
Chapter 5
331(1)
Chapter 6
331(1)
Chapter 7
332(1)
Chapter 8
332(1)
Chapter 9
333(1)
Chapter 10
333(1)
Chapter 11
334(1)
Index 335
ABOUT THE AUTHORS

Brian T. O'Hara, CCSP, CISA, CISM, CRISC, CISSP, is Information Security Officer for Do it Best Corporation and an ISSA Fellow. He serves as President of the InfraGard Indiana Members Alliance, a partnership between the FBI and the private sector. Ben Malisow, CISSP, CISM, CCSP, Security+, has been involved in INFOSEC and education for more than 20 years. At Carnegie Mellon University, he crafted and delivered the CISSP prep course for CMU's CERT/SEU. Malisow was the ISSM for the FBI's most highly classified counterterror intelligence-sharing network.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97811192774222e.html
Märksõnad: