Muutke küpsiste eelistusi

Official (ISC)2 CCSP CBK Reference 4th edition [Kõva köide]

4.43/5 (9 hinnangut Goodreads-ist)
  • Formaat: Hardback, 352 pages, kõrgus x laius x paksus: 234x193x25 mm, kaal: 635 g
  • Ilmumisaeg: 17-Nov-2022
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119909015
  • ISBN-13: 9781119909019
Teised raamatud teemal:
  • Kõva köide
  • Hind: 76,97 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 90,55 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Official (ISC)2 CCSP CBK Reference 4th editionSuurem pilt
  • Formaat: Hardback, 352 pages, kõrgus x laius x paksus: 234x193x25 mm, kaal: 635 g
  • Ilmumisaeg: 17-Nov-2022
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119909015
  • ISBN-13: 9781119909019
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119909019.html
Märksõnad:

The only official body of knowledge for CCSP—the most popular cloud security credential—fully revised and updated.

Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)2 Guide to the CCSP CBK is the authoritative, vendor-neutral common body of knowledge for cloud security professionals.

This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.

Developed by (ISC)2, the world leader in professional cybersecurity certification and training, this indispensable guide:

  • Covers the six CCSP domains and over 150 detailed objectives
  • Provides guidance on real-world best practices and techniques
  • Includes illustrated examples, tables, and diagrams

The Official (ISC)2 Guide to the CCSP CBK is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.

Foreword to the Fourth Edition xix
Introduction xxi
Chapter 1 Cloud Concepts, Architecture, and Design
1(56)
Understand Cloud Computing Concepts
2(12)
Cloud Computing Definitions
2(1)
Cloud Computing Roles and Responsibilities
3(4)
Key Cloud Computing Characteristics
7(4)
Building Block Technologies
11(3)
Describe Cloud Reference Architecture
14(19)
Cloud Computing Activities
14(1)
Cloud Service Capabilities
15(2)
Cloud Service Categories
17(1)
Cloud Deployment Models
18(3)
Cloud Shared Considerations
21(6)
Impact of Related Technologies
27(6)
Understand Security Concepts Relevant to Cloud Computing
33(10)
Cryptography and Key Management
33(1)
Identity and Access Control
34(2)
Data and Media Sanitization
36(1)
Network Security
37(2)
Virtualization Security
39(2)
Common Threats
41(1)
Security Hygiene
41(2)
Understand Design Principles of Secure Cloud Computing
43(8)
Cloud Secure Data Lifecycle
43(1)
Cloud-Based Business Continuity and Disaster Recovery Plan
44(1)
Business Impact Analysis
45(1)
Functional Security Requirements
46(2)
Security Considerations for Different Cloud Categories
48(1)
Cloud Design Patterns
49(2)
DevOps Security
51(1)
Evaluate Cloud Service Providers
51(5)
Verification against Criteria
52(2)
System/Subsystem Product Certifications
54(2)
Summary
56(1)
Chapter 2 Cloud Data Security
57(46)
Describe Cloud Data Concepts
58(5)
Cloud Data Lifecycle Phases
58(3)
Data Dispersion
61(1)
Data Flows
62(1)
Design and Implement Cloud Data Storage Architectures
63(4)
Storage Types
63(3)
Threats to Storage Types
66(1)
Design and Apply Data Security Technologies and Strategies
67(11)
Encryption and Key Management
67(3)
Hashing
70(1)
Data Obfuscation
71(2)
Tokenization
73(1)
Data Loss Prevention
74(3)
Keys, Secrets, and Certificates Management
77(1)
Implement Data Discovery
78(4)
Structured Data
79(1)
Unstructured Data
80(1)
Semi-structured Data
81(1)
Data Location
82(1)
Implement Data Classification
82(5)
Data Classification Policies
83(2)
Mapping
85(1)
Labeling
86(1)
Design and Implement Information Rights Management
87(2)
Objectives
88(1)
Appropriate Tools
89(1)
Plan and Implement Data Retention, Deletion, and Archiving Policies
89(7)
Data Retention Policies
90(3)
Data Deletion Procedures and Mechanisms
93(1)
Data Archiving Procedures and Mechanisms
94(1)
Legal Hold
95(1)
Design and Implement Auditability, Traceability, and Accountability of Data Events
96(5)
Definition of Event Sources and Requirement of Event Attribution
97(2)
Logging, Storage, and Analysis of Data Events
99(1)
Chain of Custody and Nonrepudiation
100(1)
Summary
101(2)
Chapter 3 Cloud Platform and Infrastructure Security
103(36)
Comprehend Cloud Infrastructure and Platform Components
104(9)
Physical Environment
104(2)
Network and Communications
106(1)
Compute
107(1)
Virtualization
108(2)
Storage
110(1)
Management Plane
111(2)
Design a Secure Data Center
113(6)
Logical Design
114(2)
Physical Design
116(1)
Environmental Design
117(2)
Analyze Risks Associated with Cloud Infrastructure and Platforms
119(5)
Risk Assessment
119(3)
Cloud Vulnerabilities, Threats, and Attacks
122(1)
Risk Mitigation Strategies
123(1)
Plan and Implementation of Security Controls
124(7)
Physical and Environmental Protection
124(1)
System, Storage, and Communication Protection
125(2)
Identification, Authentication, and Authorization in Cloud Environments
127(1)
Audit Mechanisms
128(3)
Plan Disaster Recovery and Business Continuity
131(7)
Business Continuity/Disaster Recovery Strategy
131(1)
Business Requirements
132(2)
Creation, Implementation, and Testing of Plan
134(4)
Summary
138(1)
Chapter 4 Cloud Application Security
139(42)
Advocate Training and Awareness for Application Security
140(4)
Cloud Development Basics
140(1)
Common Pitfalls
141(1)
Common Cloud Vulnerabilities
142(2)
Describe the Secure Software Development Life Cycle Process
144(5)
NIST Secure Software Development Framework
145(1)
OWASP Software Assurance Maturity Model
145(1)
Business Requirements
145(1)
Phases and Methodologies
146(3)
Apply the Secure Software Development Life Cycle
149(9)
Cloud-Specific Risks
149(4)
Threat Modeling
153(3)
Avoid Common Vulnerabilities during Development
156(1)
Secure Coding
156(1)
Software Configuration Management and Versioning
157(1)
Apply Cloud Software Assurance and Validation
158(7)
Functional and Non-functional Testing
159(1)
Security Testing Methodologies
160(4)
Quality Assurance
164(1)
Abuse Case Testing
164(1)
Use Verified Secure Software
165(3)
Securing Application Programming Interfaces
165(1)
Supply-Chain Management
166(1)
Third-Party Software Management
166(1)
Validated Open-Source Software
167(1)
Comprehend the Specifics of Cloud Application Architecture
168(6)
Supplemental Security Components
169(2)
Cryptography
171(1)
Sandboxing
172(1)
Application Virtualization and Orchestration
173(1)
Design Appropriate Identity and Access Management Solutions
174(5)
Federated Identity
175(1)
Identity Providers
175(1)
Single Sign-on
176(1)
Multifactor Authentication
176(2)
Cloud Access Security Broker
178(1)
Summary
179(2)
Chapter 5 Cloud Security Operations
181(74)
Build and Implement Physical and Logical Infrastructure for Cloud Environment
182(6)
Hardware-Specific Security Configuration Requirements
182(3)
Installation and Configuration of Virtualization Management Tools
185(1)
Virtual Hardware-Specific Security Configuration Requirements
186(2)
Installation of Guest Operating System Virtualization Toolsets
188(1)
Operate Physical and Logical Infrastructure for Cloud Environment
188(12)
Configure Access Control for Local and Remote Access
188(2)
Secure Network Configuration
190(5)
Operating System Hardening through the Application of Baselines
195(1)
Availability of Stand-Alone Hosts
196(1)
Availability of Clustered Hosts
197(2)
Availability of Guest Operating Systems
199(1)
Manage Physical and Logical Infrastructure for Cloud Environment
200(12)
Access Controls for Remote Access
201(1)
Operating System Baseline Compliance Monitoring and Remediation
202(1)
Patch Management
203(2)
Performance and Capacity Monitoring
205(1)
Hardware Monitoring
206(1)
Configuration of Host and Guest Operating System Backup and Restore Functions
207(1)
Network Security Controls
208(4)
Management Plane
212(1)
Implement Operational Controls and Standards
212(16)
Change Management
213(1)
Continuity Management
214(2)
Information Security Management
216(1)
Continual Service Improvement Management
217(1)
Incident Management
218(3)
Problem Management
221(1)
Release Management
221(1)
Deployment Management
222(2)
Configuration Management
224(1)
Service Level Management
225(1)
Availability Management
226(1)
Capacity Management
227(1)
Support Digital Forensics
228(6)
Forensic Data Collection Methodologies
228(2)
Evidence Management
230(1)
Collect, Acquire, and Preserve Digital Evidence
231(3)
Manage Communication with Relevant Parties
234(5)
Vendors
235(1)
Customers
236(2)
Partners
238(1)
Regulators
238(1)
Other Stakeholders
239(1)
Manage Security Operations
239(14)
Security Operations Center
240(4)
Monitoring of Security Controls
244(1)
Log Capture and Analysis
245(3)
Incident Management
248(5)
Summary
253(2)
Chapter 6 Legal, Risk, and Compliance
255(62)
Articulating Legal Requirements and Unique Risks within the Cloud Environment
256(11)
Conflicting International Legislation
256(2)
Evaluation of Legal Risks Specific to Cloud Computing
258(1)
Legal Frameworks and Guidelines
258(7)
Ediscovery
265(2)
Forensics Requirements
267(1)
Understand Privacy Issues
267(14)
Difference between Contractual and Regulated Private Data
268(4)
Country-Specific Legislation Related to Private Data
272(5)
Jurisdictional Differences in Data Privacy
277(1)
Standard Privacy Requirements
278(2)
Privacy Impact Assessments
280(1)
Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
281(18)
Internal and External Audit Controls
282(1)
Impact of Audit Requirements
283(1)
Identify Assurance Challenges of Virtualization and Cloud
284(1)
Types of Audit Reports
285(3)
Restrictions of Audit Scope Statements
288(1)
Gap Analysis
289(1)
Audit Planning
290(1)
Internal Information Security Management System
291(1)
Internal Information Security Controls System
292(1)
Policies
293(3)
Identification and Involvement of Relevant Stakeholders
296(1)
Specialized Compliance Requirements for Highly Regulated Industries
297(1)
Impact of Distributed Information Technology Model
298(1)
Understand Implications of Cloud to Enterprise Risk Management
299(10)
Assess Providers Risk Management Programs
300(1)
Differences between Data Owner/Controller vs. Data Custodian/Processor
301(1)
Regulatory Transparency Requirements
302(1)
Risk Treatment
303(1)
Risk Frameworks
304(3)
Metrics for Risk Management
307(1)
Assessment of Risk Environment
307(2)
Understand Outsourcing and Cloud Contract Design
309(7)
Business Requirements
309(2)
Vendor Management
311(1)
Contract Management
312(2)
Supply Chain Management
314(2)
Summary
316(1)
Index 317