Atnaujinkite slapukų nuostatas

El. knyga: Official (ISC)2 CCSP CBK Reference, 3rd Edition 3rd Edition [Wiley Online]

, ,
  • Formatas: 320 pages
  • Išleidimo metai: 23-Aug-2021
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119603390
  • ISBN-13: 9781119603399
Kitos knygos pagal šią temą:
  • Wiley Online
  • Kaina: 84,58 €*
  • * this price gives unlimited concurrent access for unlimited time
Official (ISC)2 CCSP CBK Reference, 3rd Edition 3rd EditionDidesnis paveikslėlis
  • Formatas: 320 pages
  • Išleidimo metai: 23-Aug-2021
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119603390
  • ISBN-13: 9781119603399
Kitos knygos pagal šią temą:
Wiley Online E-booksMore info about Wiley Online
Partnerių interneto svetainė: https://onlinelibrary.wiley.com/doi/book/10.1002/9781119603399

The only official body of knowledge for CCSP—the most popular cloud security credential—fully revised and updated.

Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)2 Guide to the CCSP CBK is the authoritative, vendor-neutral common body of knowledge for cloud security professionals. 

This comprehensive resource provides step-by-step guidance throughout each of the six CCSP domains: Cloud Concepts, Architecture, and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk, and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.

Developed by (ISC)2, the world leader in professional cybersecurity certification and training, this indispensable guide:

  • Covers the six CCSP domains and over 150 detailed objectives
  • Provides guidance on real-world best practices and techniques
  • Includes illustrated examples, tables, diagrams and sample questions

The Official (ISC)2 Guide to the CCSP CBK is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.

Acknowledgments v
About the Authors vii
About the Technical Editor ix
Foreword to the Third Edition xxi
Introduction xxiii
Domain 1 Cloud Concepts, Architecture, And Design 1(42)
Understand Cloud Computing Concepts
1(11)
Cloud Computing Definitions
1(3)
Cloud Computing Roles
4(1)
Key Cloud Computing Characteristics
5(4)
Building Block Technologies
9(3)
Describe Cloud Reference Architecture
12(15)
Cloud Computing Activities
12(1)
Cloud Service Capabilities
13(1)
Cloud Service Categories
14(1)
Cloud Deployment Models
15(2)
Cloud Shared Considerations
17(6)
Impact of Related Technologies
23(4)
Understand Security Concepts Relevant to Cloud Computing
27(6)
Cryptography and Key Management
27(1)
Access Control
28(1)
Data and Media Sanitization
29(1)
Network Security
30(1)
Virtualization Security
31(1)
Common Threats
32(1)
Understand Design Principles of Secure Cloud Computing
33(5)
Cloud Secure Data Lifecycle
33(1)
Cloud-Based Disaster Recovery and Business Continuity Planning
33(1)
Cost-Benefit Analysis
34(1)
Functional Security Requirements
35(1)
Security Considerations for Different Cloud Categories
36(2)
Evaluate Cloud Service Providers
38(5)
Verification against Criteria
39(1)
System/Subsystem Product Certifications
40(1)
Summary
41(2)
Domain 2 Cloud Data Security 43(44)
Describe Cloud Data Concepts
43(5)
Cloud Data Lifecycle Phases
44(3)
Data Dispersion
47(1)
Design and Implement Cloud Data Storage Architectures
48(4)
Storage Types
48(2)
Threats to Storage Types
50(2)
Design and Apply Data Security Technologies and Strategies
52(10)
Encryption and Key Management
52(3)
Hashing
55(1)
Masking
56(1)
Tokenization
56(1)
Data Loss Prevention
57(3)
Data Obfuscation
60(1)
Data De-identification
61(1)
Implement Data Discovery
62(4)
Structured Data
64(1)
Unstructured Data
65(1)
Implement Data Classification
66(5)
Mapping
68(1)
Labeling
68(1)
Sensitive Data
69(2)
Design and Implement Information Rights Management
71(3)
Objectives
72(1)
Appropriate Tools
73(1)
Plan and Implement Data Retention, Deletion, and Archiving Policies
74(7)
Data Retention Policies
74(3)
Data Deletion Procedures and Mechanisms
77(2)
Data Archiving Procedures and Mechanisms
79(1)
Legal Hold
80(1)
Design and Implement Auditability, Traceability, and Accountability of Data Events
81(4)
Definition of Event Sources and Requirement of Identity Attribution
81(1)
Logging, Storage, and Analysis of Data Events
82(2)
Chain of Custody and Nonrepudiation
84(1)
Summary
85(2)
Domain 3 Cloud Platform And Infrastructure Security 87(30)
Comprehend Cloud Infrastructure Components
88(7)
Physical Environment
88(1)
Network and Communications
89(1)
Compute
90(1)
Virtualization
91(2)
Storage
93(1)
Management Plane
93(2)
Design a Secure Data Center
95(4)
Logical Design
95(2)
Physical Design
97(1)
Environmental Design
98(1)
Analyze Risks Associated with Cloud Infrastructure
99(3)
Risk Assessment and Analysis
100(1)
Cloud Vulnerabilities, Threats, and Attacks
101(1)
Virtualization Risks
101(1)
Countermeasure Strategies
102(1)
Design and Plan Security Controls
102(5)
Physical and Environmental Protection
103(1)
System and Communication Protection
103(1)
Virtualization Systems Protection
104(1)
Identification, Authentication, and Authorization in Cloud Infrastructure
105(1)
Audit Mechanisms
106(1)
Plan Disaster Recovery and Business Continuity
107(9)
Risks Related to the Cloud Environment
108(1)
Business Requirements
109(2)
Business Continuity/Disaster Recovery Strategy
111(1)
Creation, Implementation, and Testing of Plan
112(4)
Summary
116(1)
Domain 4 Cloud Application Security 117(28)
Advocate Training and Awareness for Application Security
117(3)
Cloud Development Basics
118(1)
Common Pitfalls
118(1)
Common Cloud Vulnerabilities
119(1)
Describe the Secure Software Development Lifecycle Process
120(3)
NIST Secure Software Development Framework
120(1)
OWASP Software Assurance Security Model
121(1)
Business Requirements
121(1)
Phases and Methodologies
122(1)
Apply the Secure Software Development Lifecycle
123(6)
Avoid Common Vulnerabilities During Development
123(1)
Cloud-Specific Risks
124(3)
Quality Assurance
127(1)
Threat Modeling
127(1)
Software Configuration Management and Versioning
128(1)
Apply Cloud Software Assurance and Validation
129(3)
Functional Testing
130(1)
Security Testing Methodologies
131(1)
Use Verified Secure Software
132(3)
Approved Application Programming Interfaces
132(1)
Supply-Chain Management
133(1)
Third-Party Software Management
134(1)
Validated Open Source Software
134(1)
Comprehend the Specifics of Cloud Application Architecture
135(5)
Supplemental Security Components
136(2)
Cryptography
138(1)
Sandboxing
139(1)
Application Virtualization and Orchestration
139(1)
Design Appropriate Identity and Access Management Solutions
140(3)
Federated Identity
140(1)
Identity Providers
141(1)
Single Sign-On
141(1)
Multifactor Authentication
142(1)
Cloud Access Security Broker
142(1)
Summary
143(2)
Domain 5 Cloud Security Operations 145(82)
Implement and Build Physical and Logical Infrastructure for Cloud Environment
145(7)
Hardware-Specific Security Configuration Requirements
146(3)
Installation and Configuration of Virtualization Management Tools
149(1)
Virtual Hardware-Specific Security Configuration Requirements
150(2)
Installation of Guest Operating System Virtualization Toolsets
152(1)
Operate Physical and Logical Infrastructure for Cloud Environment
152(14)
Configure Access Control for Local and Remote Access
153(2)
Secure Network Configuration
155(5)
Operating System Hardening through the Application of Baselines
160(2)
Availability of Stand-Alone Hosts
162(1)
Availability of Clustered Hosts
162(3)
Availability of Guest Operating Systems
165(1)
Manage Physical and Logical Infrastructure for Cloud Environment
166(14)
Access Controls for Remote Access
166(2)
Operating System Baseline Compliance Monitoring and Remediation
168(1)
Patch Management
169(3)
Performance and Capacity Monitoring
172(1)
Hardware Monitoring
173(1)
Configuration of Host and Guest Operating System Backup and Restore Functions
174(1)
Network Security Controls
175(4)
Management Plane
179(1)
Implement Operational Controls and Standards
180(17)
Change Management
180(2)
Continuity Management
182(2)
Information Security Management
184(1)
Continual Service Improvement Management
185(1)
Incident Management
186(3)
Problem Management
189(1)
Release Management
190(1)
Deployment Management
191(1)
Configuration Management
192(2)
Service Level Management
194(1)
Availability Management
195(1)
Capacity Management
196(1)
Support Digital Forensics
197(7)
Forensic Data Collection Methodologies
197(3)
Evidence Management
200(1)
Collect, Acquire, and Preserve Digital Evidence
201(3)
Manage Communication with Relevant Parties
204(6)
Vendors
205(1)
Customers
206(1)
Shared Responsibility Model
206(2)
Partners
208(1)
Regulators
208(1)
Other Stakeholders
209(1)
Manage Security Operations
210(16)
Security Operations Center
210(5)
Monitoring of Security Controls
215(2)
Log Capture and Analysis
217(3)
Incident Management
220(6)
Summary
226(1)
Domain 6 Legal, Risk, And Compliance 227(56)
Articulating Legal Requirements and Unique Risks Within the Cloud Environment
227(11)
Conflicting International Legislation
228(1)
Evaluation of Legal Risks Specific to Cloud Computing
229(1)
Legal Frameworks and Guidelines That Affect Cloud Computing
229(7)
Forensics and eDiscovery in the Cloud
236(2)
Understanding Privacy Issues
238(12)
Difference between Contractual and Regulated Private Data
239(3)
Country-Specific Legislation Related to Private Data
242(5)
Jurisdictional Differences in Data Privacy
247(1)
Standard Privacy Requirements
248(2)
Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
250(16)
Internal and External Audit Controls
251(1)
Impact of Audit Requirements
251(1)
Identity Assurance Challenges of Virtualization and Cloud
252(1)
Types of Audit Reports
252(3)
Restrictions of Audit Scope Statements
255(1)
Gap Analysis
256(1)
Audit Planning
257(1)
Internal Information Security Management Systems
258(1)
Internal Information Security Controls System
259(1)
Policies
260(2)
Identification and Involvement of Relevant Stakeholders
262(2)
Specialized Compliance Requirements for Highly Regulated Industries
264(1)
Impact of Distributed Information Technology Models
264(2)
Understand Implications of Cloud to Enterprise Risk Management
266(10)
Assess Providers Risk Management Programs
266(2)
Differences Between Data Owner/Controller vs. Data Custodian/Processor
268(1)
Regulatory Transparency Requirements
269(1)
Risk Treatment
270(1)
Risk Frameworks
270(2)
Metrics for Risk Management
272(1)
Assessment of Risk Environment
273(3)
Understanding Outsourcing and Cloud Contract Design
276(6)
Business Requirements
277(1)
Vendor Management
278(1)
Contract Management
279(2)
Supply Chain Management
281(1)
Summary
282(1)
Index 283
(ISC)² is an international, nonprofit membership association for information security leaders like you. (ISC)² is committed to helping their members learn, grow and thrive. More than 150,000 certified members strong, (ISC)² empowers professionals who touch every aspect of information security.
Pastovi nuoroda: https://www.kriso.lt/db/9781119603399_pe.html
Raktažodžiai: