The Official (ISC)2 Guide to the CCSP CBK - Adam Gordon

- DE
- FR

E-Book (pdf) The Official (ISC)2 Guide to the CCSP CBK von Adam Gordon

The Official (ISC)2 Guide to the CCSP CBK Adam Gordon E-Books Englisch

Globally recognized and backed by the Cloud Security Alliance (CSA) and the (ISC)¯2 the CCSP credential is the ideal way to match marketability and credibility to your cloud security skill set. The Official (ISC)² Guide to the CCSP¯SM CBK Second Edition is your ticket for expert insight through the 6 CCSP domains. You will find step-by-step guidance through real-life scenarios, illustrated examples, tables, best practices, and more. This Second Edition features clearer diagrams as well as refined explanations based on extensive expert feedback. Sample questions help you reinforce what you have learned and prepare smarter. Numerous illustrated examples and tables are included to demonstrate concepts, frameworks and real-life scenarios. The book offers step-by-step guidance through each of CCSP's domains, including best practices and techniques used by the world's most experienced practitioners. Developed by (ISC)², endorsed by the Cloud Security Alliance® (CSA) and compiled and reviewed by cloud security experts across the world, this book brings together a global, thorough perspective. The Official (ISC)² Guide to the CCSP CBK should be utilized as your fundamental study tool in preparation for the CCSP exam and provides a comprehensive reference that will serve you for years to come.

Autorentext
With over 20 years of experience as both an educator and IT professional, Adam Gordon?holds numerous Professional IT Certifications including CISSP, CISA, CRISC, CHFI, CEH, SCNA, VCP, and VCI. He is the author of several books and has achieved many awards, including EC-Council Instructor of Excellence for 2006-07 and Top Technical Instructor Worldwide, 2002-2003. Adam holds his Bachelor's Degree in International Relations and his Master's Degree in International Political Affairs from Florida International University. Adam has held a number of positions during his professional career including CISO, CTO, Consultant, and Solutions Architect. He has worked on many large implementations involving multiple customer program teams for delivery. Adam has been invited to lead projects for companies such as Microsoft, Citrix, Lloyds Bank TSB, Campus Management, US Southern Command (SOUTHCOM), Amadeus, World Fuel Services, and Seaboard Marine.

Klappentext

Produced by (ISC)², the trusted source of industry expertise for cyber, information, software and infrastructure security
The definitive "common" body of knowledge used by candidates for the Certified Cloud Security Professional (CCSP) credential

"Securing and optimizing cloud computing environments requires a unique set of skills. Use the Official (ISC)² Guide to the CCSP CBK as your go-to resource for acquiring the knowledge you'll need to implement strong information security programs in cloud computing."

David Shearer, Chief Executive Officer, (ISC)²

As powerful as cloud computing is for the organization, understanding its information security risks and mitigation strategies is critical. Securing 'the cloud' requires modified approaches and tools legacy practices are inadequate. Clearly, it is essential for organizations to utilize information technology professionals who understand how cloud services can be securely implemented and managed within their organization's IT strategy and governance requirements.

The new Official (ISC)^2® Guide to the CCSP^SM CBK^® Second Edition is a comprehensive resource providing an in-depth look at the six domains of the CCSP Common Body of Knowledge (CBK). This edition provides a current, detailed guide that is considered one of the best tools for candidates striving to become a CCSP. This second edition features clearer diagrams as well as refined explanations based on extensive expert feedback.

Numerous illustrated examples and tables are included to demonstrate concepts, frameworks and real-life scenarios. The book offers step-by-step guidance through each of CCSP's domains, including best practices and techniques used by the world's most experienced practitioners. Developed by (ISC)², endorsed by the Cloud Security Alliance^® (CSA), and compiled and reviewed by cloud security experts across the world, this book brings together a global, thorough perspective. The Official (ISC)² Guide to the CCSP CBK Second Edition should be utilized as your fundamental study tool in preparation for the CCSP exam and provides a comprehensive reference that will serve you for years to come.

Inhalt

Foreword xvii

Introduction xix

DOMAIN 1: ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS 1

Introduction 3

Drivers for Cloud Computing 4

Security, Risks, and Benefi ts 5

Cloud Computing Defi nitions 7

Cloud Computing Roles 12

Key Cloud Computing Characteristics 12

Cloud Transition Scenario 14

Building Blocks 16

Cloud Computing Functions 16

Cloud Service Categories 18

IaaS 18

PaaS 19

SaaS 21

Cloud Deployment Models 23

The Public Cloud Model 23

The Private Cloud Model 23

The Hybrid Cloud Model 24

The Community Cloud Model 25

Cloud Cross?-Cutting Aspects 25

Architecture Overview 25

Key Principles of an Enterprise Architecture 27

The NIST Cloud Technology Roadmap 28

Network Security and Perimeter 32

Cryptography 33

Encryption 33

Key Management 35

IAM and Access Control 37

Provisioning and Deprovisioning 37

Centralized Directory Services 38

Privileged User Management 38

Authorization and Access Management 39

Data and Media Sanitization 40

Vendor Lock?-In 40

Cryptographic Erasure 41

Data Overwriting 41

Virtualization Security 42

The Hypervisor 42

Security Types 43

Common Threats 43

Data Breaches 43

Data Loss 44

Account or Service Traffic Hijacking 45

Insecure Interfaces and APIs 45

Denial of Service 46

Malicious Insiders 46

Abuse of Cloud Services 46

Insufficient Due Diligence 47

Shared Technology Vulnerabilities 47

Security Considerations for Different Cloud Categories 48

IaaS Security 48

PaaS Security 50

SaaS Security 52

Open Web Application Security Project Top Ten Security Threats 54

Cloud Secure Data Lifecycle 55

Information and Data Governance Types 56

Business Continuity and Disaster Recovery Planning 57

Business Continuity Elements 57

Critical Success Factors 58

Important SLA Components 59

Cost?-Benefit Analysis 60

Certification Against Criteria 62

System and Subsystem Product Certification 69

Summary 72

Review Questions 73

Notes 77

DOMAIN 2: CLOUD DATA SECURITY 79

Introduction 81

The Cloud Data Lifecycle Phases 82

Location and Access of Data 83

Location 83

Access 84

Functions, Actors, and Controls of the Data 84

Key Data Functions 85

Controls 85

Process Overview 86

Tying It Together 86

Cloud Services, Products, and Solutions 87

Data Storage 87

IaaS 87

PaaS 88

SaaS 89

Threats to Storage Types 90

Technologies Available to Address Threats 91

Relevant Data Security Technologies 91

Data Dispersion in Cloud Storage 92

DLP 92

Encryption 95

Masking, Obfuscation, Anonymization, and Tokenization 102

Application of Security Strategy Technologies 105

Emerging Technologies 106

Bit Splitting 106

Homomorphic Encryption 107

Data Discovery 108

…

Titel

The Official (ISC)2 Guide to the CCSP CBK

Autor

Adam Gordon

EAN

9781119276739

ISBN

978-1-119-27673-9

Format

E-Book (pdf)

Hersteller

Sybex

Herausgeber

Sybex

Genre

IT & Internet

Veröffentlichung

25.04.2016

Digitaler Kopierschutz

Adobe-DRM

Dateigrösse

7.64 MB

Anzahl Seiten

547

Jahr

2016

Untertitel

Englisch

Auflage

2. Aufl.