+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide. Edition No. 3. Sybex Study Guide

  • Book

  • 416 Pages
  • October 2022
  • John Wiley and Sons Ltd
  • ID: 5836734
The only official study guide for the new CCSP exam objectives effective from 2022-2025

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide, 3rd Edition is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. In this completely rewritten 3rd Edition, experienced cloud security professionals Mike Chapple and David Seidl use their extensive training and hands on skills to help you prepare for the CCSP exam. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Cloud Concepts, Architecture and Design, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Cloud Security Operations, and Legal, Risk, and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP credential from (ISC)2 and the Cloud Security Alliance is designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond. - Review 100% of all CCSP exam objectives - Practice applying essential concepts and skills - Access the industry-leading online study tool set - Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification and apply your skills in a real-world setting.

Table of Contents


Introduction xxiii

Assessment Test xxxii

Chapter 1 Architectural Concepts 1

Cloud Characteristics 3

Business Requirements 5

Understanding the Existing State 6

Cost/Benefit Analysis 7

Intended Impact 10

Cloud Computing Service Categories 11

Software as a Service 11

Infrastructure as a Service 12

Platform as a Service 12

Cloud Deployment Models 13

Private Cloud 13

Public Cloud 13

Hybrid Cloud 13

Multi- Cloud 13

Community Cloud 13

Multitenancy 14

Cloud Computing Roles and Responsibilities 15

Cloud Computing Reference Architecture 16

Virtualization 18

Hypervisors 18

Virtualization Security 19

Cloud Shared Considerations 20

Security and Privacy Considerations 20

Operational Considerations 21

Emerging Technologies 22

Machine Learning and Artificial Intelligence 22

Blockchain 23

Internet of Things 24

Containers 24

Quantum Computing 25

Edge and Fog Computing 26

Confidential Computing 26

DevOps and DevSecOps 27

Summary 28

Exam Essentials 28

Review Questions 30

Chapter 2 Data Classification 35

Data Inventory and Discovery 37

Data Ownership 37

Data Flows 42

Data Discovery Methods 43

Information Rights Management 46

Certificates and IRM 47

IRM in the Cloud 47

IRM Tool Traits 47

Data Control 49

Data Retention 50

Data Audit and Audit Mechanisms 53

Data Destruction/Disposal 55

Summary 57

Exam Essentials 57

Review Questions 59

Chapter 3 Cloud Data Security 63

Cloud Data Lifecycle 65

Create 66

Store 66

Use 67

Share 67

Archive 69

Destroy 70

Cloud Storage Architectures 71

Storage Types 71

Volume Storage: File- Based Storage and Block Storage 72

Object- Based Storage 72

Databases 73

Threats to Cloud Storage 73

Designing and Applying Security Strategies for Storage 74

Encryption 74

Certificate Management 77

Hashing 77

Masking, Obfuscation, Anonymization, and Tokenization 78

Data Loss Prevention 81

Log Capture and Analysis 82

Summary 85

Exam Essentials 85

Review Questions 86

Chapter 4 Security in the Cloud 91

Chapter 5 Shared Cloud Platform Risks and Responsibilities 92

Cloud Computing Risks by Deployment Model 94

Private Cloud 95

Community Cloud 95

Public Cloud 97

Hybrid Cloud 101

Cloud Computing Risks by Service Model 102

Infrastructure as a Service (IaaS) 102

Platform as a Service (PaaS) 102

Software as a Service (SaaS) 103

Virtualization 103

Threats 105

Risk Mitigation Strategies 107

Disaster Recovery (DR) and Business Continuity (BC) 110

Cloud- Specific BIA Concerns 110

Customer/Provider Shared BC/DR Responsibilities 111

Cloud Design Patterns 114

Summary 115

Exam Essentials 115

Review Questions 116

Cloud Platform, Infrastructure, and Operational Security 121

Foundations of Managed Services 123

Cloud Provider Responsibilities 124

Shared Responsibilities by Service Type 125

IaaS 125

PaaS 126

SaaS 126

Securing Communications and Infrastructure 126

Firewalls 127

Intrusion Detection/Intrusion Prevention Systems 128

Honeypots 128

Vulnerability Assessment Tools 128

Bastion Hosts 129

Identity Assurance in Cloud and Virtual Environments 130

Securing Hardware and Compute 130

Securing Software 132

Third- Party Software Management 133

Validating Open- Source Software 134

OS Hardening, Monitoring, and Remediation 134

Managing Virtual Systems 135

Assessing Vulnerabilities 137

Securing the Management Plane 138

Auditing Your Environment and Provider 141

Adapting Processes for the Cloud 142

Planning for Cloud Audits 143

Summary 144

Exam Essentials 145

Review Questions 147

Chapter 6 Cloud Application Security 151

Developing Software for the Cloud 154

Common Cloud Application Deployment Pitfalls 155

Cloud Application Architecture 157

Cryptography 157

Sandboxing 158

Application Virtualization and Orchestration 158

Application Programming Interfaces 159

Multitenancy 162

Supplemental Security Components 162

Cloud- Secure Software Development Lifecycle (SDLC) 164

Software Development Phases 165

Software Development Models 166

Cloud Application Assurance and Validation 172

Threat Modeling 172

Common Threats to Applications 174

Quality Assurance and Testing Techniques 175

Supply Chain Management and Licensing 177

Identity and Access Management 177

Cloud Identity and Access Control 178

Single Sign- On 179

Identity Providers 180

Federated Identity Management 180

Multifactor Authentication 181

Secrets Management 182

Common Threats to Identity and Access Management in the Cloud 183

Zero Trust 183

Summary 183

Exam Essentials 184

Review Questions 186

Chapter 7 Operations Elements 191

Designing a Secure Data Center 193

Build vs. Buy 193

Location 194

Facilities and Redundancy 196

Data Center Tiers 200

Logical Design 201

Virtualization Operations 202

Storage Operations 205

Managing Security Operations 207

Security Operations Center (SOC) 208

Continuous Monitoring 208

Incident Management 209

Summary 209

Exam Essentials 210

Review Questions 211

Chapter 8 Operations Management 215

Monitoring, Capacity, and Maintenance 217

Monitoring 217

Physical and Environmental Protection 218

Maintenance 219

Change and Configuration Management 224

Baselines 224

Roles and Process 226

Release and Deployment Management 228

Problem and Incident Management 229

IT Service Management and Continual Service Improvement 229

Business Continuity and Disaster Recovery 231

Prioritizing Safety 231

Continuity of Operations 232

BC/DR Planning 232

The BC/DR Toolkit 234

Relocation 235

Power 237

Testing 238

Summary 239

Exam Essentials 239

Review Questions 241

Chapter 9 Legal and Compliance Issues 245

Legal Requirements and Unique Risks in the Cloud Environment 247

Constitutional Law 247

Legislation 249

Administrative Law 249

Case Law 250

Common Law 250

Contract Law 250

Analyzing a Law 251

Determining Jurisdiction 251

Scope and Application 252

Legal Liability 253

Torts and Negligence 254

U.S. Privacy and Security Laws 255

Health Insurance Portability and Accountability Act 255

The Health Information Technology for Economic and Clinical Health Act 258

Gramm-Leach-Bliley Act 259

Sarbanes-Oxley Act 261

State Data Breach Notification Laws 261

International Laws 263

European Union General Data Protection Regulation 263

Adequacy Decisions 267

U.S.- EU Safe Harbor and Privacy Shield 267

Laws, Regulations, and Standards 269

Payment Card Industry Data Security Standard 270

Critical Infrastructure Protection Program 270

Conflicting International Legislation 270

Information Security Management Systems 272

Iso/iec 27017:2015 272

Privacy in the Cloud 273

Generally Accepted Privacy Principles 273

Iso 27018 279

Direct and Indirect Identifiers 279

Privacy Impact Assessments 280

Cloud Forensics 281

Forensic Requirements 281

Cloud Forensic Challenges 281

Collection and Acquisition 282

Evidence Preservation and Management 283

e-discovery 283

Audit Processes, Methodologies, and Cloud Adaptations 284

Virtualization 284

Scope 284

Gap Analysis 285

Restrictions of Audit Scope Statements 285

Policies 286

Audit Reports 286

Summary 288

Exam Essentials 288

Review Questions 290

Chapter 10 Cloud Vendor Management 295

The Impact of Diverse Geographical Locations and Legal Jurisdictions 297

Security Policy Framework 298

Policies 298

Standards 300

Procedures 302

Guidelines 303

Exceptions and Compensating Controls 304

Developing Policies 305

Enterprise Risk Management 306

Risk Identification 308

Risk Calculation 308

Risk Assessment 309

Risk Treatment and Response 313

Risk Mitigation 313

Risk Avoidance 314

Risk Transference 314

Risk Acceptance 315

Risk Analysis 316

Risk Reporting 316

Enterprise Risk Management 318

Assessing Provider Risk Management Practices 318

Risk Management Frameworks 319

Cloud Contract Design 320

Business Requirements 321

Vendor Management 321

Data Protection 323

Negotiating Contracts 324

Common Contract Provisions 324

Contracting Documents 326

Government Cloud Standards 327

Common Criteria 327

FedRAMP 327

Fips 140- 2 327

Manage Communication with Relevant Parties 328

Summary 328

Exam Essentials 329

Review Questions 330

Appendix Answers to the Review Questions 335

Chapter 1: Architectural Concepts 336

Chapter 2: Data Classification 337

Chapter 3: Cloud Data Security 339

Chapter 4: Security in the Cloud 341

Chapter 5: Cloud Platform, Infrastructure, and Operational Security 343

Chapter 6: Cloud Application Security 345

Chapter 7: Operations Elements 347

Chapter 8: Operations Management 349

Chapter 9: Legal and Compliance Issues 350

Chapter 10: Cloud Vendor Management 352

Index 355

Authors

Mike Chapple University of Notre Dame. David Seidl