Official (ISC)2 Guide To The CCSP CBK
User Manual:
Open the PDF directly: View PDF
Page Count: 563 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- The Official (ISC)2® Guide to the CCSPSM CBK®
- Foreword
- Introduction
- Domain 1: Architectural Concepts and Design Requirements Domain
- Introduction
- Cloud Computing Definitions
- Cloud Computing Roles
- Key Cloud Computing Characteristics
- Cloud Transition Scenario
- Building Blocks
- Cloud Computing Activities
- Cloud Service Categories
- Cloud Deployment Models
- Cloud Cross-Cutting Aspects
- Network Security and Perimeter
- Cryptography
- IAM and Access Control
- Data and Media Sanitization
- Virtualization Security
- Common Threats
- Security Considerations for Different Cloud Categories
- Open Web Application Security Project (OWASP) Top Ten Security Threats
- Cloud Secure Data Lifecycle
- Information/Data Governance Types
- Business Continuity/Disaster Recovery Planning
- Cost-Benefit Analysis
- Certification Against Criteria
- System/Subsystem Product Certification
- Summary
- Review Questions
- Notes
- Domain 2: Cloud Data Security Domain
- Introduction
- The Cloud Data Lifecycle Phases
- Location and Access of Data
- Functions, Actors, and Controls of the Data
- Cloud Services, Products, and Solutions
- Data Storage
- Relevant Data Security Technologies
- Application of Security Strategy Technologies
- Emerging Technologies
- Data Discovery
- Data Classification
- Data Privacy Acts
- Typical Meanings for Common Privacy Terms
- Privacy Roles for Customers and Service Providers
- Responsibility Depending on the Type of Cloud Services
- Implementation of Data Discovery
- Classification of Discovered Sensitive Data
- Mapping and Definition of Controls
- Privacy Level Agreement (PLA)
- PLAs vs. Essential P&DP Requirements Activity
- Application of Defined Controls for Personally Identifiable Information (PII)
- Data Rights Management Objectives
- Data-Protection Policies
- Events
- Supporting Continuous Operations
- Chain of Custody and Non-Repudiation
- Summary
- Review Questions
- Notes
- Domain 3: Cloud Platform and Infrastructure Security Domain
- Introduction
- Network and Communications in the Cloud
- The Compute Parameters of a Cloud Server
- Storage Issues in the Cloud
- Management of Cloud Computing Risks
- Countermeasure Strategies Across the Cloud
- Physical and Environmental Protections
- System and Communication Protections
- Virtualization Systems Controls
- Managing Identification, Authentication, and Authorization in the Cloud Infrastructure
- Risk Audit Mechanisms
- Understanding the Cloud Environment Related to BCDR
- Understanding the Business Requirements Related to BCDR
- Understanding the BCDR Risks
- BCDR Strategies
- Creating the BCDR Plan
- Summary
- Review Questions
- Notes
- Domain 4: Cloud Application Security
- Introduction
- Determining Data Sensitivity and Importance
- Understanding the Application Programming Interfaces (APIs)
- Common Pitfalls of Cloud Security Application Deployment
- Awareness of Encryption Dependencies
- Understanding the Software Development Lifecycle (SDLC) Process for a Cloud Environment
- Assessing Common Vulnerabilities
- Cloud-Specific Risks
- Threat Modeling
- Identity and Access Management (IAM)
- Federated Identity Management
- Multi-Factor Authentication
- Supplemental Security Devices
- Cryptography
- Tokenization
- Data Masking
- Sandboxing
- Application Virtualization
- Cloud-Based Functional Data
- Cloud-Secure Development Lifecycle
- Application Security Testing
- Summary
- Review Questions
- Notes
- Domain 5: Operations Domain
- Introduction
- Modern Datacenters and Cloud Service Offerings
- Factors That Impact Datacenter Design
- Enterprise Operations
- Secure Configuration of Hardware: Specific Requirements
- Installation and Configuration of Virtualization Management Tools for the Host
- Securing the Network Configuration
- Identifying and Understanding Server Threats
- Using Stand-Alone Hosts
- Using Clustered Hosts
- Accounting for Dynamic Operation
- Using Storage Clusters
- Using Maintenance Mode
- Providing High Availability on the Cloud
- The Physical Infrastructure for Cloud Environments
- Configuring Access Control for Remote Access
- Performing Patch Management
- Performance Monitoring
- Backing Up and Restoring the Host Configuration
- Implementing Network Security Controls: Defense in Depth
- Developing a Management Plan
- Building a Logical Infrastructure for Cloud Environments
- Running a Logical Infrastructure for Cloud Environments
- Managing the Logical Infrastructure for Cloud Environments
- Implementation of Network Security Controls
- Using an IT Service Management (ITSM) Solution
- Considerations for Shadow IT
- Operations Management
- Information Security Management
- Configuration Management
- Change Management
- Incident Management
- Problem Management
- Release and Deployment Management
- Service Level Management
- Availability Management
- Capacity Management
- Business Continuity Management
- Continual Service Improvement (CSI) Management
- How Management Processes Relate to Each Other
- Incorporating Management Processes
- Managing Risk in Logical and Physical Infrastructures
- The Risk-Management Process Overview
- Understanding the Collection and Preservation of Digital Evidence
- Managing Communications with Relevant Parties
- Wrap Up: Data Breach Example
- Summary
- Review Questions
- Notes
- Domain 6: Legal and Compliance Domain
- Introduction
- International Legislation Conflicts
- Legislative Concepts
- Frameworks and Guidelines Relevant to Cloud Computing
- Common Legal Requirements
- Legal Controls and Cloud Providers
- eDiscovery
- Cloud Forensics and ISO/IEC 27050-1
- Protecting Personal Information in the Cloud
- Auditing in the Cloud
- Standard Privacy Requirements (ISO/IEC 27018)
- Generally Accepted Privacy Principles (GAPP)
- Internal Information Security Management System (ISMS)
- Implementing Policies
- Identifying and Involving the Relevant Stakeholders
- Impact of Distributed IT Models
- Understanding the Implications of the Cloud to Enterprise Risk Management
- Risk Mitigation
- Understanding Outsourcing and Contract Design
- Business Requirements
- Vendor Management
- Cloud Computing Certification: CCSL and CCSM
- Contract Management
- Supply Chain Management
- Summary
- Review Questions
- Notes
- Appendix A: Answers to Review Questions
- Appendix B: Glossary
- Appendix C: Helpful Resources and Links
- Index
- Wiley End User License Agreement