+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide. Edition No. 2

  • Book

  • 384 Pages
  • December 2019
  • John Wiley and Sons Ltd
  • ID: 5837920
The only official study guide for the new CCSP exam

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.

  • Review 100% of all CCSP exam objectives
  • Practice applying essential concepts and skills
  • Access the industry-leading online study tool set
  • Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.

Table of Contents

Introduction xxi

Assessment Test xxviii

Chapter 1 Architectural Concepts 1

Cloud Characteristics 2

Business Requirements 4

Existing State 5

Quantifying Benefits and Opportunity Cost 6

Intended Impact 8

Cloud Evolution, Vernacular, and Models 9

New Technology, New Options 9

Cloud Computing Service Models 10

Cloud Deployment Models 12

Cloud Computing Roles and Responsibilities 13

Cloud Computing Definitions 14

Foundational Concepts of Cloud Computing 16

Sensitive Data 16

Virtualization 16

Encryption 16

Auditing and Compliance 17

Cloud Service Provider Contracts 17

Related and Emerging Technologies 18

Summary 19

Exam Essentials 19

Written Labs 20

Review Questions 21

Chapter 2 Design Requirements 25

Business Requirements Analysis 26

Inventory of Assets 26

Valuation of Assets 27

Determination of Criticality 27

Risk Appetite 29

Security Considerations for Different Cloud Categories 31

IaaS Considerations 32

PaaS Considerations 32

SaaS Considerations 32

General Considerations 33

Design Principles for Protecting Sensitive Data 33

Hardening Devices 33

Encryption 35

Layered Defenses 35

Summary 36

Exam Essentials 37

Written Labs 37

Review Questions 38

Chapter 3 Data Classification 43

Data Inventory and Discovery 45

Data Ownership 45

The Data Lifecycle 46

Data Discovery Methods 50

Jurisdictional Requirements 51

Information Rights Management (IRM) 53

Intellectual Property Protections 53

IRM Tool Traits 57

Data Control 59

Data Retention 60

Data Audit 61

Data Destruction/Disposal 63

Summary 65

Exam Essentials 65

Written Labs 66

Review Questions 67

Chapter 4 Cloud Data Security 71

Cloud Data Lifecycle 73

Create 74

Store 75

Use 75

Share 75

Archive 76

Destroy 77

Cloud Storage Architectures 78

Volume Storage: File-Based Storage and Block Storage 78

Object-Based Storage 78

Databases 79

Content Delivery Network (CDN) 79

Cloud Data Security Foundational Strategies 79

Encryption 79

Masking, Obfuscation, Anonymization, and Tokenization 81

Security Information and Event Management 84

Egress Monitoring (DLP) 85

Summary 86

Exam Essentials 86

Written Labs 87

Review Questions 88

Chapter 5 Security in the Cloud 93

Shared Cloud Platform Risks and Responsibilities 95

Cloud Computing Risks by Deployment Model 97

Private Cloud 98

Community Cloud 98

Public Cloud 100

Hybrid Cloud 104

Cloud Computing Risks by Service Model 104

Infrastructure as a Service (IaaS) 104

Platform as a Service (PaaS) 105

Software as a Service (SaaS) 106

Virtualization 106

Threats 107

Countermeasure Methodology 109

Disaster Recovery (DR) and Business Continuity (BC) 112

Cloud-Specific BIA Concerns 112

Customer/Provider Shared BC/DR Responsibilities 113

Summary 116

Exam Essentials 116

Written Labs 117

Review Questions 118

Chapter 6 Responsibilities in the Cloud 123

Foundations of Managed Services 126

Business Requirements 127

Business Requirements: The Cloud Provider Perspective 127

Shared Responsibilities by Service Type 133

IaaS 133

PaaS 133

SaaS 133

Shared Administration of OS, Middleware, or Applications 134

Operating System Baseline Configuration and Management 134

Shared Responsibilities: Data Access 136

Customer Directly Administers Access 137

Provider Administers Access on Behalf of the Customer 137

Third-Party (CASB) Administers Access on Behalf of the Customer 137

Lack of Physical Access 137

Audits 138

Shared Policy 142

Shared Monitoring and Testing 142

Summary 143

Exam Essentials 143

Written Labs 144

Review Questions 145

Chapter 7 Cloud Application Security 149

Training and Awareness 151

Common Cloud Application Deployment Pitfalls 154

Cloud-Secure Software Development Lifecycle (SDLC) 156

Configuration Management for the SDLC 157

ISO/IEC 27034-1 Standards for Secure Application Development 158

Identity and Access Management (IAM) 159

Identity Repositories and Directory Services 160

Single Sign-On (SSO) 161

Federated Identity Management 161

Federation Standards 162

Multifactor Authentication 162

Supplemental Security Components 163

Cloud Application Architecture 164

Application Programming Interfaces 164

Tenancy Separation 165

Cryptography 165

Sandboxing 166

Application Virtualization 167

Cloud Application Assurance and Validation 167

Threat Modeling 167

Quality of Service 169

Software Security Testing 170

Approved APIs 172

Software Supply Chain (API) Management 172

Securing Open-Source Software 172

Application Orchestration 173

The Secure Network Environment 174

Summary 175

Exam Essentials 175

Written Labs 176

Review Questions 177

Chapter 8 Operations Elements 181

Physical/Logical Operations 183

Facilities and Redundancy 184

Virtualization Operations 194

Storage Operations 196

Physical and Logical Isolation 199

Application Testing Methods 200

Security Operations Center 201

Continuous Monitoring 201

Incident Management 202

Summary 203

Exam Essentials 204

Written Labs 204

Review Questions 205

Chapter 9 Operations Management 209

Monitoring, Capacity, and Maintenance 211

Monitoring 211

Maintenance 213

Change and Configuration Management (CM) 217

Baselines 218

Deviations and Exceptions 218

Roles and Process 219

Release Management 221

IT Service Management and Continual Service Improvement 222

Business Continuity and Disaster Recovery (BC/DR) 223

Primary Focus 224

Continuity of Operations 225

The BC/DR Plan 225

The BC/DR Kit 227

Relocation 228

Power 229

Testing 230

Summary 231

Exam Essentials 231

Written Labs 232

Review Questions 233

Chapter 10 Legal and Compliance Part 1 237

Legal Requirements and Unique Risks in the Cloud Environment 239

Legal Concepts 239

US Laws 242

International Laws 246

Laws, Frameworks, and Standards Around the World 246

Information Security Management Systems (ISMSs) 252

The Difference between Laws, Regulations, and Standards 254

Potential Personal and Data Privacy Issues in the Cloud Environment 254

eDiscovery 255

Forensic Requirements 256

Conflicting International Legislation 256

Cloud Forensic Challenges 257

Direct and Indirect Identifiers 258

Forensic Data Collection Methodologies 258

Audit Processes, Methodologies, and Cloud Adaptations 259

Virtualization 259

Scope 259

Gap Analysis 260

Restrictions of Audit Scope Statements 260

Policies 261

Different Types of Audit Reports 261

Auditor Independence 262

AICPA Reports and Standards 262

Summary 263

Exam Essentials 264

Written Labs 264

Review Questions 265

Chapter 11 Legal and Compliance Part 2 269

The Impact of Diverse Geographical Locations and Legal Jurisdictions 271

Policies 272

Implications of the Cloud for Enterprise Risk Management 276

Choices Involved in Managing Risk 276

Risk Management Frameworks 279

Risk Management Metrics 281

Contracts and Service-Level Agreements (SLAs) 281

Business Requirements 284

Cloud Contract Design and Management for Outsourcing 284

Identifying Appropriate Supply Chain and Vendor Management Processes 285

Common Criteria Assurance Framework (ISO/IEC 15408-1:2009) 285

CSA Security, Trust, and Assurance Registry (STAR) 286

Supply Chain Risk 287

Manage Communication with Relevant Parties 288

Summary 289

Exam Essentials 289

Written Labs 289

Review Questions 290

Appendix A Answers to Written Labs 295

Chapter 1: Architectural Concepts 296

Chapter 2: Design Requirements 296

Chapter 3: Data Classification 297

Chapter 4: Cloud Data Security 298

Chapter 5: Security in the Cloud 299

Chapter 6: Responsibilities in the Cloud 299

Chapter 7: Cloud Application Security 300

Chapter 8: Operations Elements 300

Chapter 9: Operations Management 301

Chapter 10: Legal and Compliance Part 1 302

Chapter 11: Legal and Compliance Part 2 302

Appendix B Answers to Review Questions 303

Chapter 1: Architectural Concepts 304

Chapter 2: Design Requirements 305

Chapter 3: Data Classification 307

Chapter 4: Cloud Data Security 308

Chapter 5: Security in the Cloud 310

Chapter 6: Responsibilities in the Cloud 311

Chapter 7: Cloud Application Security 313

Chapter 8: Operations Elements 314

Chapter 9: Operations Management 316

Chapter 10: Legal and Compliance Part 1 317

Chapter 11: Legal and Compliance Part 2 319

Index 321

Authors

Ben Malisow