Globally recognized and backed by the Cloud Security Alliance (CSA) and the (ISC)2 the CCSP credential is the ideal way to match marketability and credibility to your cloud security skill set. The Official (ISC)2 Guide to the CCSPSM CBK Second Edition is your ticket for expert insight through the 6 CCSP domains. You will find step-by-step guidance through real-life scenarios, illustrated examples, tables, best practices, and more. This Second Edition features clearer diagrams as well as refined explanations based on extensive expert feedback. Sample questions help you reinforce what you have learned and prepare smarter. Numerous illustrated examples and tables are included to demonstrate concepts, frameworks and real-life scenarios. The book offers step-by-step guidance through each of CCSP s domains, including best practices and techniques used by the world's most experienced practitioners. Developed by (ISC) , endorsed by the Cloud Security Alliance (CSA) and compiled and reviewed by cloud security experts across the world, this book brings together a global, thorough perspective. The Official (ISC) Guide to the CCSP CBK should be utilized as your fundamental study tool in preparation for the CCSP exam and provides a comprehensive reference that will serve you for years to come.
Autorentext
With over 20 years of experience as both an educator and IT professional, Adam Gordon?holds numerous Professional IT Certifications including CISSP, CISA, CRISC, CHFI, CEH, SCNA, VCP, and VCI. He is the author of several books and has achieved many awards, including EC-Council Instructor of Excellence for 2006-07 and Top Technical Instructor Worldwide, 2002-2003. Adam holds his Bachelor's Degree in International Relations and his Master's Degree in International Political Affairs from Florida International University. Adam has held a number of positions during his professional career including CISO, CTO, Consultant, and Solutions Architect. He has worked on many large implementations involving multiple customer program teams for delivery. Adam has been invited to lead projects for companies such as Microsoft, Citrix, Lloyds Bank TSB, Campus Management, US Southern Command (SOUTHCOM), Amadeus, World Fuel Services, and Seaboard Marine.
Inhalt
Foreword xvii
Introduction xix
DOMAIN 1: ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS 1
Introduction 3
Drivers for Cloud Computing 4
Security, Risks, and Benefi ts 5
Cloud Computing Defi nitions 7
Cloud Computing Roles 12
Key Cloud Computing Characteristics 12
Cloud Transition Scenario 14
Building Blocks 16
Cloud Computing Functions 16
Cloud Service Categories 18
IaaS 18
PaaS 19
SaaS 21
Cloud Deployment Models 23
The Public Cloud Model 23
The Private Cloud Model 23
The Hybrid Cloud Model 24
The Community Cloud Model 25
Cloud Cross?-Cutting Aspects 25
Architecture Overview 25
Key Principles of an Enterprise Architecture 27
The NIST Cloud Technology Roadmap 28
Network Security and Perimeter 32
Cryptography 33
Encryption 33
Key Management 35
IAM and Access Control 37
Provisioning and Deprovisioning 37
Centralized Directory Services 38
Privileged User Management 38
Authorization and Access Management 39
Data and Media Sanitization 40
Vendor Lock?-In 40
Cryptographic Erasure 41
Data Overwriting 41
Virtualization Security 42
The Hypervisor 42
Security Types 43
Common Threats 43
Data Breaches 43
Data Loss 44
Account or Service Traffic Hijacking 45
Insecure Interfaces and APIs 45
Denial of Service 46
Malicious Insiders 46
Abuse of Cloud Services 46
Insufficient Due Diligence 47
Shared Technology Vulnerabilities 47
Security Considerations for Different Cloud Categories 48
IaaS Security 48
PaaS Security 50
SaaS Security 52
Open Web Application Security Project Top Ten Security Threats 54
Cloud Secure Data Lifecycle 55
Information and Data Governance Types 56
Business Continuity and Disaster Recovery Planning 57
Business Continuity Elements 57
Critical Success Factors 58
Important SLA Components 59
Cost?-Benefit Analysis 60
Certification Against Criteria 62
System and Subsystem Product Certification 69
Summary 72
Review Questions 73
Notes 77
DOMAIN 2: CLOUD DATA SECURITY 79
Introduction 81
The Cloud Data Lifecycle Phases 82
Location and Access of Data 83
Location 83
Access 84
Functions, Actors, and Controls of the Data 84
Key Data Functions 85
Controls 85
Process Overview 86
Tying It Together 86
Cloud Services, Products, and Solutions 87
Data Storage 87
IaaS 87
PaaS 88
SaaS 89
Threats to Storage Types 90
Technologies Available to Address Threats 91
Relevant Data Security Technologies 91
Data Dispersion in Cloud Storage 92
DLP 92
Encryption 95
Masking, Obfuscation, Anonymization, and Tokenization 102
Application of Security Strategy Technologies 105
Emerging Technologies 106
Bit Splitting 106
Homomorphic Encryption 107
Data Discovery 108
Data Discovery Approaches 108
Different Data Discovery Techniques 109
Data Discovery Issues 110
Challenges with Data Discovery in the Cloud 111
Data Classifi cation 112
Data Classifi cation Categories 112
Challenges with Cloud Data 113
Data Privacy Acts 113
Global P&DP Laws in the United States 114
Global P&DP Laws in the European Union 115
Global ...