Atjaunināt sīkdatņu piekrišanu

E-grāmata: (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

4.02/5 (142 ratings by Goodreads)
  • Formāts: EPUB+DRM
  • Izdošanas datums: 09-Dec-2019
  • Izdevniecība: Sybex Inc.,U.S.
  • Valoda: eng
  • ISBN-13: 9781119603368
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 44,61 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
  • Bibliotēkām
(ISC)2 CCSP Certified Cloud Security Professional Official Study GuidePalielināt
  • Formāts: EPUB+DRM
  • Izdošanas datums: 09-Dec-2019
  • Izdevniecība: Sybex Inc.,U.S.
  • Valoda: eng
  • ISBN-13: 9781119603368
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

The only official study guide for the new CCSP exam

CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.

  • Review 100% of all CCSP exam objectives
  • Practice applying essential concepts and skills
  • Access the industry-leading online study tool set
  • Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.

Introduction xxi
Assessment Test xxviii
Chapter 1 Architectural Concepts
1(24)
Cloud Characteristics
2(2)
Business Requirements
4(5)
Existing State
5(1)
Quantifying Benefits and Opportunity Cost
6(2)
Intended Impact
8(1)
Cloud Evolution, Vernacular, and Models
9(4)
New Technology, New Options
9(1)
Cloud Computing Service Models
10(2)
Cloud Deployment Models
12(1)
Cloud Computing Roles and Responsibilities
13(1)
Cloud Computing Definitions
14(2)
Foundational Concepts of Cloud Computing
16(2)
Sensitive Data
16(1)
Virtualization
16(1)
Encryption
16(1)
Auditing and Compliance
17(1)
Cloud Service Provider Contracts
17(1)
Related and Emerging Technologies
18(1)
Summary
19(1)
Exam Essentials
19(1)
Written Labs
20(1)
Review Questions
21(4)
Chapter 2 Design Requirements
25(18)
Business Requirements Analysis
26(5)
Inventory of Assets
26(1)
Valuation of Assets
27(1)
Determination of Criticality
27(2)
Risk Appetite
29(2)
Security Considerations for Different Cloud Categories
31(2)
IaaS Considerations
32(1)
PaaS Considerations
32(1)
SaaS Considerations
32(1)
General Considerations
33(1)
Design Principles for Protecting Sensitive Data
33(3)
Hardening Devices
33(2)
Encryption
35(1)
Layered Defenses
35(1)
Summary
36(1)
Exam Essentials
37(1)
Written Labs
37(1)
Review Questions
38(5)
Chapter 3 Data Classification
43(28)
Data Inventory and Discovery
45(6)
Data Ownership
45(1)
The Data Lifecycle
46(4)
Data Discovery Methods
50(1)
Jurisdictional Requirements
51(2)
Information Rights Management (IRM)
53(6)
Intellectual Property Protections
53(4)
IRM Tool Traits
57(2)
Data Control
59(6)
Data Retention
60(1)
Data Audit
61(2)
Data Destruction/Disposal
63(2)
Summary
65(1)
Exam Essentials
65(1)
Written Labs
66(1)
Review Questions
67(4)
Chapter 4 Cloud Data Security
71(22)
Cloud Data Lifecycle
73(5)
Create
74(1)
Store
75(1)
Use
75(1)
Share
75(1)
Archive
76(1)
Destroy
77(1)
Cloud Storage Architectures
78(1)
Volume Storage: File-Based Storage and Block Storage
78(1)
Object-Based Storage
78(1)
Databases
79(1)
Content Delivery Network (CDN)
79(1)
Cloud Data Security Foundational Strategies
79(7)
Encryption
79(2)
Masking, Obfuscation, Anonymization, and Tokenization
81(3)
Security Information and Event Management
84(1)
Egress Monitoring (DLP)
85(1)
Summary
86(1)
Exam Essentials
86(1)
Written Labs
87(1)
Review Questions
88(5)
Chapter 5 Security in the Cloud
93(30)
Shared Cloud Platform Risks and Responsibilities
95(2)
Cloud Computing Risks by Deployment Model
97(7)
Private Cloud
98(1)
Community Cloud
98(2)
Public Cloud
100(4)
Hybrid Cloud
104(1)
Cloud Computing Risks by Service Model
104(2)
Infrastructure as a Service (IaaS)
104(1)
Platform as a Service (PaaS)
105(1)
Software as a Service (SaaS)
106(1)
Virtualization
106(6)
Threats
107(2)
Countermeasure Methodology
109(3)
Disaster Recovery (DR) and Business Continuity (BC)
112(4)
Cloud-Specific BIA Concerns
112(1)
Customer/Provider Shared BC/DR Responsibilities
113(3)
Summary
116(1)
Exam Essentials
116(1)
Written Labs
117(1)
Review Questions
118(5)
Chapter 6 Responsibilities in the Cloud
123(26)
Foundations of Managed Services
126(1)
Business Requirements
127(6)
Business Requirements: The Cloud Provider Perspective
127(6)
Shared Responsibilities by Service Type
133(1)
IaaS
133(1)
PaaS
133(1)
SaaS
133(1)
Shared Administration of OS, Middleware, or Applications
134(2)
Operating System Baseline Configuration and Management
134(2)
Shared Responsibilities: Data Access
136(1)
Customer Directly Administers Access
137(1)
Provider Administers Access on Behalf of the Customer
137(1)
Third-Party (CASB) Administers Access on Behalf of the Customer
137(1)
Lack of Physical Access
137(6)
Audits
138(4)
Shared Policy
142(1)
Shared Monitoring and Testing
142(1)
Summary
143(1)
Exam Essentials
143(1)
Written Labs
144(1)
Review Questions
145(4)
Chapter 7 Cloud Application Security
149(32)
Training and Awareness
151(5)
Common Cloud Application Deployment Pitfalls
154(2)
Cloud-Secure Software Development Lifecycle (SDLC)
156(2)
Configuration Management for the SDLC
157(1)
ISO/IEC 27034-1 Standards for Secure Application Development
158(1)
Identity and Access Management (IAM)
159(5)
Identity Repositories and Directory Services
160(1)
Single Sign-On (SSO)
161(1)
Federated Identity Management
161(1)
Federation Standards
162(1)
Multifactor Authentication
162(1)
Supplemental Security Components
163(1)
Cloud Application Architecture
164(3)
Application Programming Interfaces
164(1)
Tenancy Separation
165(1)
Cryptography
165(1)
Sandboxing
166(1)
Application Virtualization
167(1)
Cloud Application Assurance and Validation
167(8)
Threat Modeling
167(2)
Quality of Service
169(1)
Software Security Testing
170(2)
Approved APIs
172(1)
Software Supply Chain (API) Management
172(1)
Securing Open-Source Software
172(1)
Application Orchestration
173(1)
The Secure Network Environment
174(1)
Summary
175(1)
Exam Essentials
175(1)
Written Labs
176(1)
Review Questions
177(4)
Chapter 8 Operations Elements
181(28)
Physical/Logical Operations
183(18)
Facilities and Redundancy
184(10)
Virtualization Operations
194(2)
Storage Operations
196(3)
Physical and Logical Isolation
199(1)
Application Testing Methods
200(1)
Security Operations Center
201(2)
Continuous Monitoring
201(1)
Incident Management
202(1)
Summary
203(1)
Exam Essentials
204(1)
Written Labs
204(1)
Review Questions
205(4)
Chapter 9 Operations Management
209(28)
Monitoring, Capacity, and Maintenance
211(6)
Monitoring
211(2)
Maintenance
213(4)
Change and Configuration Management (CM)
217(5)
Baselines
218(1)
Deviations and Exceptions
218(1)
Roles and Process
219(2)
Release Management
221(1)
IT Service Management and Continual Service Improvement
222(1)
Business Continuity and Disaster Recovery (BC/DR)
223(8)
Primary Focus
224(1)
Continuity of Operations
225(1)
The BC/DR Plan
225(2)
The BC/DR Kit
227(1)
Relocation
228(1)
Power
229(1)
Testing
230(1)
Summary
231(1)
Exam Essentials
231(1)
Written Labs
232(1)
Review Questions
233(4)
Chapter 10 Legal and Compliance Part 1
237(32)
Legal Requirements and Unique Risks in the Cloud Environment
239(15)
Legal Concepts
239(3)
US Laws
242(4)
International Laws
246(1)
Laws, Frameworks, and Standards Around the World
246(6)
Information Security Management Systems (ISMSs)
252(2)
The Difference between Laws, Regulations, and Standards
254(1)
Potential Personal and Data Privacy Issues in the Cloud Environment
254(5)
eDiscovery
255(1)
Forensic Requirements
256(1)
Conflicting International Legislation
256(1)
Cloud Forensic Challenges
257(1)
Direct and Indirect Identifiers
258(1)
Forensic Data Collection Methodologies
258(1)
Audit Processes, Methodologies, and Cloud Adaptations
259(4)
Virtualization
259(1)
Scope
259(1)
Gap Analysis
260(1)
Restrictions of Audit Scope Statements
260(1)
Policies
261(1)
Different Types of Audit Reports
261(1)
Auditor Independence
262(1)
AICPA Reports and Standards
262(1)
Summary
263(1)
Exam Essentials
264(1)
Written Labs
264(1)
Review Questions
265(4)
Chapter 11 Legal and Compliance Part 2
269(26)
The Impact of Diverse Geographical Locations and Legal Jurisdictions
271(13)
Policies
272(4)
Implications of the Cloud for Enterprise Risk Management
276(1)
Choices Involved in Managing Risk
276(3)
Risk Management Frameworks
279(2)
Risk Management Metrics
281(1)
Contracts and Service-Level Agreements (SLAs)
281(3)
Business Requirements
284(1)
Cloud Contract Design and Management for Outsourcing
284(1)
Identifying Appropriate Supply Chain and Vendor Management Processes
285(4)
Common Criteria Assurance Framework (ISO/IEC 15408-1:2009)
285(1)
CSA Security, Trust, and Assurance Registry (STAR)
286(1)
Supply Chain Risk
287(1)
Manage Communication with Relevant Parties
288(1)
Summary
289(1)
Exam Essentials
289(1)
Written Labs
289(1)
Review Questions
290(5)
Appendix A Answers to Written Labs
295(8)
Chapter 1 Architectural Concepts
296(1)
Chapter 2 Design Requirements
296(1)
Chapter 3 Data Classification
297(1)
Chapter 4 Cloud Data Security
298(1)
Chapter 5 Security in the Cloud
299(1)
Chapter 6 Responsibilities in the Cloud
299(1)
Chapter 7 Cloud Application Security
300(1)
Chapter 8 Operations Elements
300(1)
Chapter 9 Operations Management
301(1)
Chapter 10 Legal and Compliance Part 1
302(1)
Chapter 11 Legal and Compliance Part 2
302(1)
Appendix B Answers to Review Questions
303(18)
Chapter 1 Architectural Concepts
304(1)
Chapter 2 Design Requirements
305(2)
Chapter 3 Data Classification
307(1)
Chapter 4 Cloud Data Security
308(2)
Chapter 5 Security in the Cloud
310(1)
Chapter 6 Responsibilities in the Cloud
311(2)
Chapter 7 Cloud Application Security
313(1)
Chapter 8 Operations Elements
314(2)
Chapter 9 Operations Management
316(1)
Chapter 10 Legal and Compliance Part 1
317(2)
Chapter 11 Legal and Compliance Part 2
319(2)
Index 321
ABOUT THE AUTHOR

Ben Malisow, CCSP, CISSP, SSCP, CISM, Security+, has worked with INFOSEC and education for more than 20 years. He has taught computer classes to students from grade 6 through university level and crafted and delivered the CISSP prep course (among others) for Carnegie-Mellon University's CERT/SEU. In addition, Malisow built and ran DARPA's internal INFOSEC training program, was the ISSM for the FBI's most-classified counterterror intelligence-sharing network and was a security architect for TSA. He also teaches exam prep courses for (ISC)2. You can find more of his writings at his blog: securityzed.com.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97811196033686e.html
Keywords: