(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.
The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.
- Review 100% of all CCSP exam objectives
- Practice applying essential concepts and skills
- Access the industry-leading online study tool set
- Test your knowledge with bonus practice exams and more
As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.
Table of Contents
Introduction xxi
Assessment Test xxviii
Chapter 1 Architectural Concepts 1
Cloud Characteristics 2
Business Requirements 4
Existing State 5
Quantifying Benefits and Opportunity Cost 6
Intended Impact 8
Cloud Evolution, Vernacular, and Models 9
New Technology, New Options 9
Cloud Computing Service Models 10
Cloud Deployment Models 12
Cloud Computing Roles and Responsibilities 13
Cloud Computing Definitions 14
Foundational Concepts of Cloud Computing 16
Sensitive Data 16
Virtualization 16
Encryption 16
Auditing and Compliance 17
Cloud Service Provider Contracts 17
Related and Emerging Technologies 18
Summary 19
Exam Essentials 19
Written Labs 20
Review Questions 21
Chapter 2 Design Requirements 25
Business Requirements Analysis 26
Inventory of Assets 26
Valuation of Assets 27
Determination of Criticality 27
Risk Appetite 29
Security Considerations for Different Cloud Categories 31
IaaS Considerations 32
PaaS Considerations 32
SaaS Considerations 32
General Considerations 33
Design Principles for Protecting Sensitive Data 33
Hardening Devices 33
Encryption 35
Layered Defenses 35
Summary 36
Exam Essentials 37
Written Labs 37
Review Questions 38
Chapter 3 Data Classification 43
Data Inventory and Discovery 45
Data Ownership 45
The Data Lifecycle 46
Data Discovery Methods 50
Jurisdictional Requirements 51
Information Rights Management (IRM) 53
Intellectual Property Protections 53
IRM Tool Traits 57
Data Control 59
Data Retention 60
Data Audit 61
Data Destruction/Disposal 63
Summary 65
Exam Essentials 65
Written Labs 66
Review Questions 67
Chapter 4 Cloud Data Security 71
Cloud Data Lifecycle 73
Create 74
Store 75
Use 75
Share 75
Archive 76
Destroy 77
Cloud Storage Architectures 78
Volume Storage: File-Based Storage and Block Storage 78
Object-Based Storage 78
Databases 79
Content Delivery Network (CDN) 79
Cloud Data Security Foundational Strategies 79
Encryption 79
Masking, Obfuscation, Anonymization, and Tokenization 81
Security Information and Event Management 84
Egress Monitoring (DLP) 85
Summary 86
Exam Essentials 86
Written Labs 87
Review Questions 88
Chapter 5 Security in the Cloud 93
Shared Cloud Platform Risks and Responsibilities 95
Cloud Computing Risks by Deployment Model 97
Private Cloud 98
Community Cloud 98
Public Cloud 100
Hybrid Cloud 104
Cloud Computing Risks by Service Model 104
Infrastructure as a Service (IaaS) 104
Platform as a Service (PaaS) 105
Software as a Service (SaaS) 106
Virtualization 106
Threats 107
Countermeasure Methodology 109
Disaster Recovery (DR) and Business Continuity (BC) 112
Cloud-Specific BIA Concerns 112
Customer/Provider Shared BC/DR Responsibilities 113
Summary 116
Exam Essentials 116
Written Labs 117
Review Questions 118
Chapter 6 Responsibilities in the Cloud 123
Foundations of Managed Services 126
Business Requirements 127
Business Requirements: The Cloud Provider Perspective 127
Shared Responsibilities by Service Type 133
IaaS 133
PaaS 133
SaaS 133
Shared Administration of OS, Middleware, or Applications 134
Operating System Baseline Configuration and Management 134
Shared Responsibilities: Data Access 136
Customer Directly Administers Access 137
Provider Administers Access on Behalf of the Customer 137
Third-Party (CASB) Administers Access on Behalf of the Customer 137
Lack of Physical Access 137
Audits 138
Shared Policy 142
Shared Monitoring and Testing 142
Summary 143
Exam Essentials 143
Written Labs 144
Review Questions 145
Chapter 7 Cloud Application Security 149
Training and Awareness 151
Common Cloud Application Deployment Pitfalls 154
Cloud-Secure Software Development Lifecycle (SDLC) 156
Configuration Management for the SDLC 157
ISO/IEC 27034-1 Standards for Secure Application Development 158
Identity and Access Management (IAM) 159
Identity Repositories and Directory Services 160
Single Sign-On (SSO) 161
Federated Identity Management 161
Federation Standards 162
Multifactor Authentication 162
Supplemental Security Components 163
Cloud Application Architecture 164
Application Programming Interfaces 164
Tenancy Separation 165
Cryptography 165
Sandboxing 166
Application Virtualization 167
Cloud Application Assurance and Validation 167
Threat Modeling 167
Quality of Service 169
Software Security Testing 170
Approved APIs 172
Software Supply Chain (API) Management 172
Securing Open-Source Software 172
Application Orchestration 173
The Secure Network Environment 174
Summary 175
Exam Essentials 175
Written Labs 176
Review Questions 177
Chapter 8 Operations Elements 181
Physical/Logical Operations 183
Facilities and Redundancy 184
Virtualization Operations 194
Storage Operations 196
Physical and Logical Isolation 199
Application Testing Methods 200
Security Operations Center 201
Continuous Monitoring 201
Incident Management 202
Summary 203
Exam Essentials 204
Written Labs 204
Review Questions 205
Chapter 9 Operations Management 209
Monitoring, Capacity, and Maintenance 211
Monitoring 211
Maintenance 213
Change and Configuration Management (CM) 217
Baselines 218
Deviations and Exceptions 218
Roles and Process 219
Release Management 221
IT Service Management and Continual Service Improvement 222
Business Continuity and Disaster Recovery (BC/DR) 223
Primary Focus 224
Continuity of Operations 225
The BC/DR Plan 225
The BC/DR Kit 227
Relocation 228
Power 229
Testing 230
Summary 231
Exam Essentials 231
Written Labs 232
Review Questions 233
Chapter 10 Legal and Compliance Part 1 237
Legal Requirements and Unique Risks in the Cloud Environment 239
Legal Concepts 239
US Laws 242
International Laws 246
Laws, Frameworks, and Standards Around the World 246
Information Security Management Systems (ISMSs) 252
The Difference between Laws, Regulations, and Standards 254
Potential Personal and Data Privacy Issues in the Cloud Environment 254
eDiscovery 255
Forensic Requirements 256
Conflicting International Legislation 256
Cloud Forensic Challenges 257
Direct and Indirect Identifiers 258
Forensic Data Collection Methodologies 258
Audit Processes, Methodologies, and Cloud Adaptations 259
Virtualization 259
Scope 259
Gap Analysis 260
Restrictions of Audit Scope Statements 260
Policies 261
Different Types of Audit Reports 261
Auditor Independence 262
AICPA Reports and Standards 262
Summary 263
Exam Essentials 264
Written Labs 264
Review Questions 265
Chapter 11 Legal and Compliance Part 2 269
The Impact of Diverse Geographical Locations and Legal Jurisdictions 271
Policies 272
Implications of the Cloud for Enterprise Risk Management 276
Choices Involved in Managing Risk 276
Risk Management Frameworks 279
Risk Management Metrics 281
Contracts and Service-Level Agreements (SLAs) 281
Business Requirements 284
Cloud Contract Design and Management for Outsourcing 284
Identifying Appropriate Supply Chain and Vendor Management Processes 285
Common Criteria Assurance Framework (ISO/IEC 15408-1:2009) 285
CSA Security, Trust, and Assurance Registry (STAR) 286
Supply Chain Risk 287
Manage Communication with Relevant Parties 288
Summary 289
Exam Essentials 289
Written Labs 289
Review Questions 290
Appendix A Answers to Written Labs 295
Chapter 1: Architectural Concepts 296
Chapter 2: Design Requirements 296
Chapter 3: Data Classification 297
Chapter 4: Cloud Data Security 298
Chapter 5: Security in the Cloud 299
Chapter 6: Responsibilities in the Cloud 299
Chapter 7: Cloud Application Security 300
Chapter 8: Operations Elements 300
Chapter 9: Operations Management 301
Chapter 10: Legal and Compliance Part 1 302
Chapter 11: Legal and Compliance Part 2 302
Appendix B Answers to Review Questions 303
Chapter 1: Architectural Concepts 304
Chapter 2: Design Requirements 305
Chapter 3: Data Classification 307
Chapter 4: Cloud Data Security 308
Chapter 5: Security in the Cloud 310
Chapter 6: Responsibilities in the Cloud 311
Chapter 7: Cloud Application Security 313
Chapter 8: Operations Elements 314
Chapter 9: Operations Management 316
Chapter 10: Legal and Compliance Part 1 317
Chapter 11: Legal and Compliance Part 2 319
Index 321
