Atjaunināt sīkdatņu piekrišanu

ISC2 CCSP Certified Cloud Security Professional Official Study Guide 3rd edition [Mīkstie vāki]

4.08/5 (36 ratings by Goodreads)
(University of Notre Dame),
  • Formāts: Paperback / softback, 416 pages, height x width x depth: 229x183x23 mm, weight: 567 g
  • Sērija : Sybex Study Guide
  • Izdošanas datums: 06-Oct-2022
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119909376
  • ISBN-13: 9781119909378
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 57,56 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Standarta cena: 67,72 €
  • Ietaupiet 15%
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
ISC2 CCSP Certified Cloud Security Professional Official Study Guide 3rd editionPalielināt
  • Formāts: Paperback / softback, 416 pages, height x width x depth: 229x183x23 mm, weight: 567 g
  • Sērija : Sybex Study Guide
  • Izdošanas datums: 06-Oct-2022
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119909376
  • ISBN-13: 9781119909378
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781119909378.html
Keywords:

The only official study guide for the new CCSP exam objectives effective from 2022-2025

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide, 3rd Edition is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. In this completely rewritten 3rd Edition, experienced cloud security professionals Mike Chapple and David Seidl use their extensive training and hands on skills to help you prepare for the CCSP exam. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Cloud Concepts, Architecture and Design, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Cloud Security Operations, and Legal, Risk, and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP credential from (ISC)2 and the Cloud Security Alliance is designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.

  • Review 100% of all CCSP exam objectives
  • Practice applying essential concepts and skills
  • Access the industry-leading online study tool set
  • Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification and apply your skills in a real-world setting.

Introduction xxiii
Assessment Test xxxii
Chapter 1 Architectural Concepts
1(34)
Cloud Characteristics
3(2)
Business Requirements
5(1)
Understanding the Existing State
6(1)
Cost/Benefit Analysis
7(3)
Intended Impact
10(1)
Cloud Computing Service Categories
11(1)
Software as a Service
11(1)
Infrastructure as a Service
12(1)
Platform as a Service
12(1)
Cloud Deployment Models
13(1)
Private Cloud
13(1)
Public Cloud
13(1)
Hybrid Cloud
13(1)
Multi-Cloud
13(1)
Community Cloud
13(1)
Multitenancy
14(1)
Cloud Computing Roles and Responsibilities
15(1)
Cloud Computing Reference Architecture
16(2)
Virtualization
18(1)
Hypervisors
18(1)
Virtualization Security
19(1)
Cloud Shared Considerations
20(1)
Security and Privacy Considerations
20(1)
Operational Considerations
21(1)
Emerging Technologies
22(1)
Machine Learning and Artificial Intelligence
22(1)
Blockchain
23(1)
Internet of Things
24(1)
Containers
24(1)
Quantum Computing
25(1)
Edge and Fog Computing
26(1)
Confidential Computing
26(1)
DevOps and DevSecOps
27(1)
Summary
28(1)
Exam Essentials
28(2)
Review Questions
30(5)
Chapter 2 Data Classification
35(28)
Data Inventory and Discovery
37(1)
Data Ownership
37(5)
Data Flows
42(1)
Data Discovery Methods
43(3)
Information Rights Management
46(1)
Certificates and IRM
47(1)
IRM in the Cloud
47(1)
IRM Tool Traits
47(2)
Data Control
49(1)
Data Retention
50(3)
Data Audit and Audit Mechanisms
53(2)
Data Destruction/Disposal
55(2)
Summary
57(1)
Exam Essentials
57(2)
Review Questions
59(4)
Chapter 3 Cloud Data Security
63(28)
Cloud Data Lifecycle
65(1)
Create
66(1)
Store
66(1)
Use
67(1)
Share
67(2)
Archive
69(1)
Destroy
70(1)
Cloud Storage Architectures
71(1)
Storage Types
71(1)
Volume Storage: File-Based Storage and Block Storage
72(1)
Object-Based Storage
72(1)
Databases
73(1)
Threats to Cloud Storage
73(1)
Designing and Applying Security Strategies for Storage
74(1)
Encryption
74(3)
Certificate Management
77(1)
Hashing
77(1)
Masking, Obfuscation, Anonymization, and Tokenization
78(3)
Data Loss Prevention
81(1)
Log Capture and Analysis
82(3)
Summary
85(1)
Exam Essentials
85(1)
Review Questions
86(5)
Chapter 4 Security in the Cloud
91(30)
Shared Cloud Platform Risks and Responsibilities
92(2)
Cloud Computing Risks by Deployment Model
94(1)
Private Cloud
95(1)
Community Cloud
95(2)
Public Cloud
97(4)
Hybrid Cloud
101(1)
Cloud Computing Risks by Service Model
102(1)
Infrastructure as a Service (IaaS)
102(1)
Platform as a Service (PaaS)
102(1)
Software as a Service (SaaS)
103(1)
Virtualization
103(2)
Threats
105(2)
Risk Mitigation Strategies
107(3)
Disaster Recovery (DR) and Business Continuity (BC)
110(1)
Cloud-Specific BIA Concerns
110(1)
Customer/Provider Shared BC/DR Responsibilities
111(3)
Cloud Design Patterns
114(1)
Summary
115(1)
Exam Essentials
115(1)
Review Questions
116(5)
Chapter 5 Cloud Platform, Infrastructure, and Operational Security
121(30)
Foundations of Managed Services
123(1)
Cloud Provider Responsibilities
124(1)
Shared Responsibilities by Service Type
125(1)
IaaS
125(1)
PaaS
126(1)
SaaS
126(1)
Securing Communications and Infrastructure
126(1)
Firewalls
127(1)
Intrusion Detection/Intrusion Prevention Systems
128(1)
Honey pots
128(1)
Vulnerability Assessment Tools
128(1)
Bastion Hosts
129(1)
Identity Assurance in Cloud and Virtual Environments
130(1)
Securing Hardware and Compute
130(2)
Securing Software
132(1)
Third-Party Software Management
133(1)
Validating Open-Source Software
134(1)
OS Hardening, Monitoring, and Remediation
134(1)
Managing Virtual Systems
135(2)
Assessing Vulnerabilities
137(1)
Securing the Management Plane
138(3)
Auditing Your Environment and Provider
141(1)
Adapting Processes for the Cloud
142(1)
Planning for Cloud Audits
143(1)
Summary
144(1)
Exam Essentials
145(2)
Review Questions
147(4)
Chapter 6 Cloud Application Security
151(40)
Developing Software for the Cloud
154(1)
Common Cloud Application Deployment Pitfalls
155(2)
Cloud Application Architecture
157(1)
Cryptography
157(1)
Sandboxing
158(1)
Application Virtualization and Orchestration
158(1)
Application Programming Interfaces
159(3)
Multitenancy
162(1)
Supplemental Security Components
162(2)
Cloud-Secure Software Development Lifecycle (SDLC)
164(1)
Software Development Phases
165(1)
Software Development Models
166(6)
Cloud Application Assurance and Validation
172(1)
Threat Modeling
172(2)
Common Threats to Applications
174(1)
Quality Assurance and Testing Techniques
175(2)
Supply Chain Management and Licensing
177(1)
Identity and Access Management
177(1)
Cloud Identity and Access Control
178(1)
Single Sign-On
179(1)
Identity Providers
180(1)
Federated Identity Management
180(1)
Multifactor Authentication
181(1)
Secrets Management
182(1)
Common Threats to Identity and Access Management in the Cloud
183(1)
Zero Trust
183(1)
Summary
183(1)
Exam Essentials
184(2)
Review Questions
186(5)
Chapter 7 Operations Elements
191(24)
Designing a Secure Data Center
193(1)
Build vs. Buy
193(1)
Location
194(2)
Facilities and Redundancy
196(4)
Data Center Tiers
200(1)
Logical Design
201(1)
Virtualization Operations
202(3)
Storage Operations
205(2)
Managing Security Operations
207(1)
Security Operations Center (SOC)
208(1)
Continuous Monitoring
208(1)
Incident Management
209(1)
Summary
209(1)
Exam Essentials
210(1)
Review Questions
211(4)
Chapter 8 Operations Management
215(30)
Monitoring, Capacity, and Maintenance
217(1)
Monitoring
217(1)
Physical and Environmental Protection
218(1)
Maintenance
219(5)
Change and Configuration Management
224(1)
Baselines
224(2)
Roles and Process
226(2)
Release and Deployment Management
228(1)
Problem and Incident Management
229(1)
IT Service Management and Continual Service Improvement
229(2)
Business Continuity and Disaster Recovery
231(1)
Prioritizing Safety
231(1)
Continuity of Operations
232(1)
BC/DR Planning
232(2)
The BC/DR Toolkit
234(1)
Relocation
235(2)
Power
237(1)
Testing
238(1)
Summary
239(1)
Exam Essentials
239(2)
Review Questions
241(4)
Chapter 9 Legal and Compliance Issues
245(50)
Legal Requirements and Unique Risks in the Cloud Environment
247(1)
Constitutional Law
247(2)
Legislation
249(1)
Administrative Law
249(1)
Case Law
250(1)
Common Law
250(1)
Contract Law
250(1)
Analyzing a Law
251(1)
Determining Jurisdiction
251(1)
Scope and Application
252(1)
Legal Liability
253(1)
Torts and Negligence
254(1)
U.S. Privacy and Security Laws
255(1)
Health Insurance Portability and Accountability Act
255(3)
The Health Information Technology for Economic and Clinical Health Act
258(1)
Gramm--Leach--Bliley Act
259(2)
Sarbanes--Oxley Act
261(1)
State Data Breach Notification Laws
261(2)
International Laws
263(1)
European Union General Data Protection Regulation
263(4)
Adequacy Decisions
267(1)
U.S.-EU Safe Harbor and Privacy Shield
267(2)
Laws, Regulations, and Standards
269(1)
Payment Card Industry Data Security Standard
270(1)
Critical Infrastructure Protection Program
270(1)
Conflicting International Legislation
270(2)
Information Security Management Systems
272(1)
ISG7IEC 27017:2015
272(1)
Privacy in the Cloud
273(1)
Generally Accepted Privacy Principles
273(6)
ISO 27018
279(1)
Direct and Indirect Identifiers
279(1)
Privacy Impact Assessments
280(1)
Cloud Forensics
281(1)
Forensic Requirements
281(1)
Cloud Forensic Challenges
281(1)
Collection and Acquisition
282(1)
Evidence Preservation and Management
283(1)
e-discovery
283(1)
Audit Processes, Methodologies, and Cloud Adaptations
284(1)
Virtualization
284(1)
Scope
284(1)
Gap Analysis
285(1)
Restrictions of Audit Scope Statements
285(1)
Policies
286(1)
Audit Reports
286(2)
Summary
288(1)
Exam Essentials
288(2)
Review Questions
290(5)
Chapter 10 Cloud Vendor Management
295(40)
The Impact of Diverse Geographical Locations and Legal Jurisdictions
297(1)
Security Policy Framework
298(1)
Policies
298(2)
Standards
300(2)
Procedures
302(1)
Guidelines
303(1)
Exceptions and Compensating Controls
304(1)
Developing Policies
305(1)
Enterprise Risk Management
306(2)
Risk Identification
308(1)
Risk Calculation
308(1)
Risk Assessment
309(4)
Risk Treatment and Response
313(1)
Risk Mitigation
313(1)
Risk Avoidance
314(1)
Risk Transference
314(1)
Risk Acceptance
315(1)
Risk Analysis
316(1)
Risk Reporting
316(2)
Enterprise Risk Management
318(1)
Assessing Provider Risk Management Practices
318(1)
Risk Management Frameworks
319(1)
Cloud Contract Design
320(1)
Business Requirements
321(1)
Vendor Management
321(2)
Data Protection
323(1)
Negotiating Contracts
324(1)
Common Contract Provisions
324(2)
Contracting Documents
326(1)
Government Cloud Standards
327(1)
Common Criteria
327(1)
FedRAMP
327(1)
FIPS140-2
327(1)
Manage Communication with Relevant Parties
328(1)
Summary
328(1)
Exam Essentials
329(1)
Review Questions
330(5)
Appendix Answers to the Review Questions
335(20)
Chapter 1 Architectural Concepts
336(1)
Chapter 2 Data Classification
337(2)
Chapter 3 Cloud Data Security
339(2)
Chapter 4 Security in the Cloud
341(2)
Chapter 5 Cloud Platform, Infrastructure, and Operational Security
343(2)
Chapter 6 Cloud Application Security
345(2)
Chapter 7 Operations Elements
347(2)
Chapter 8 Operations Management
349(1)
Chapter 9 Legal and Compliance Issues
350(2)
Chapter 10 Cloud Vendor Management
352(3)
Index 355
About the Authors

Mike Chapple, PhD, CCSP, CISSP, is a bestselling author and Teaching Professor of Information Technology, Analytics, and Operations at Notre Dames Mendoza College of Business. He is also the Academic Director of the Universitys Master of Science in Business Analytics program and holds multiple technical certifications, including the CIPP/US, CySA+, CISM, PenTest+, and Security+.

David Seidl, CISSP, is Vice President for Information Technology and Chief Information Officer at Miami University. He holds multiple technical certifications including GPEN, GCIH, PenTest+, and CySA+ and has written books on security certification and cyberwarfare.