CHF60.00
Download est disponible immédiatement
The only official body of knowledge for CCSP--the most popular cloud security credential--fully revised and updated.
Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)² Guide to the CCSP CBK is the authoritative, vendor-neutral common body of knowledge for cloud security professionals.
This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.
Developed by (ISC)², the world leader in professional cybersecurity certification and training, this indispensable guide:
Covers the six CCSP domains and over 150 detailed objectives
Provides guidance on real-world best practices and techniques
Includes illustrated examples, tables, and diagrams
The Official (ISC)² Guide to the CCSP CBK is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.
Auteur
(ISC)² is an international, nonprofit membership association for information security leaders like you. (ISC)² is committed to helping their members learn, grow and thrive. More than 150,000 certified members strong, (ISC)² empowers professionals who touch every aspect of information security.
Texte du rabat
"In an era of increasing reliance on telework for business operations, the interest in and need for cloud computing security has never been greater. The CCSP CBK is the ultimate reference guide for those committed to protecting critical data assets in virtual environments."
Clar Rosso, CEO of (ISC)2
The only official body of knowledge for CCSPthe most popular cloud security credentialfully revised and updated.
Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)2® CCSP® CBK® Reference is the authoritative, vendor-neutral common body of knowledge for cloud security professionals.
This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture, and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk, and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.
The Official (ISC)2 CCSP CBK Reference is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.
Résumé
The only official body of knowledge for CCSPthe most popular cloud security credentialfully revised and updated.
Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of The Official (ISC)2 Guide to the CCSP CBK is the authoritative, vendor-neutral common body of knowledge for cloud security professionals.
This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture, and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk, and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.
Developed by (ISC)2, the world leader in professional cybersecurity certification and training, this indispensable guide:
Contenu
Acknowledgments v
About the Authors vii
About the Technical Editor ix
Foreword to the Third Edition xxi
Introduction xxiii
Domain 1: Cloud Concepts, Architecture, and Design 1
Understand Cloud Computing Concepts 1
Cloud Computing Definitions 1
Cloud Computing Roles 4
Key Cloud Computing Characteristics 5
Building Block Technologies 9
Describe Cloud Reference Architecture 12
Cloud Computing Activities 12
Cloud Service Capabilities 13
Cloud Service Categories 14
Cloud Deployment Models 15
Cloud Shared Considerations 17
Impact of Related Technologies 23
Understand Security Concepts Relevant to Cloud Computing 27
Cryptography and Key Management 27
Access Control 28
Data and Media Sanitization 29
Network Security 30
Virtualization Security 31
Common Threats 32
Understand Design Principles of Secure Cloud Computing 33
Cloud Secure Data Lifecycle 33
Cloud-Based Disaster Recovery and Business Continuity Planning 33
Cost-Benefit Analysis 34
Functional Security Requirements 35
Security Considerations for Different Cloud Categories 36
Evaluate Cloud Service Providers 38
Verification against Criteria 39
System/Subsystem Product Certifications 40
Summary 41
Domain 2: Cloud Data Security 43
Describe Cloud Data Concepts 43
Cloud Data Lifecycle Phases 44
Data Dispersion 47
Design and Implement Cloud Data Storage Architectures 48
Storage Types 48
Threats to Storage Types 50
Design and Apply Data Security Technologies and Strategies 52
Encryption and Key Management 52
Hashing 55
Masking 56
Tokenization 56
Data Loss Prevention 57
Data Obfuscation 60
Data De-identification 61
Implement Data Discovery 62
Structured Data 64
Unstructured Data 65
Implement Data Classification 66
Mapping 68
Labeling 68
Sensitive Data 69
Design and Implement Information Rights Management 71
Objectives 72
Appropriate Tools 73
Plan and Implement Data Retention, Deletion, and Archiving Policies 74
Data Retention Policies 74
Data Deletion Procedures and Mechanisms 77
Data Archiving Procedures and Mechanisms 79
Legal Hold 80
Design and Implement Auditability, Traceability, and Accountability of Data Events 81
Definition of Event Sources and Requirement of Identity Attribution 81
Logging, Storage, and Analysis of Data Events 82
Chain of Custody and N…