The Official (ISC)2 CCSP CBK Reference, 4th Edition
Autor A Krausen Limba Engleză Hardback – 16 noi 2022
Preț: 401.55 lei
Preț vechi: 436.46 lei
-8% Nou
Puncte Express: 602
Preț estimativ în valută:
76.87€ • 79.91$ • 63.74£
76.87€ • 79.91$ • 63.74£
Carte disponibilă
Livrare economică 16-30 ianuarie 25
Livrare express 02-08 ianuarie 25 pentru 41.08 lei
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781119909019
ISBN-10: 1119909015
Pagini: 352
Dimensiuni: 192 x 235 x 23 mm
Greutate: 0.65 kg
Ediția:4th Edition
Editura: Sybex
Locul publicării:Hoboken, United States
ISBN-10: 1119909015
Pagini: 352
Dimensiuni: 192 x 235 x 23 mm
Greutate: 0.65 kg
Ediția:4th Edition
Editura: Sybex
Locul publicării:Hoboken, United States
Descriere scurtă
Cuprins
Foreword to the Fourth Edition xix Introduction xxi Chapter 1 Cloud Concepts, Architecture, and Design 1 Understand Cloud Computing Concepts 2 Cloud Computing Definitions 2 Cloud Computing Roles and Responsibilities 3 Key Cloud Computing Characteristics 7 Building Block Technologies 11 Describe Cloud Reference Architecture 14 Cloud Computing Activities 14 Cloud Service Capabilities 15 Cloud Service Categories 17 Cloud Deployment Models 18 Cloud Shared Considerations 21 Impact of Related Technologies 27 Understand Security Concepts Relevant to Cloud Computing 33 Cryptography and Key Management 33 Identity and Access Control 34 Data and Media Sanitization 36 Network Security 37 Virtualization Security 39 Common Threats 41 Security Hygiene 41 Understand Design Principles of Secure Cloud Computing 43 Cloud Secure Data Lifecycle 43 Cloud-Based Business Continuity and Disaster Recovery Plan 44 Business Impact Analysis 45 Functional Security Requirements 46 Security Considerations for Different Cloud Categories 48 Cloud Design Patterns 49 DevOps Security 51 Evaluate Cloud Service Providers 51 Verification against Criteria 52 System/Subsystem Product Certifications 54 Summary 56 Chapter 2 Cloud Data Security 57 Describe Cloud Data Concepts 58 Cloud Data Lifecycle Phases 58 Data Dispersion 61 Data Flows 62 Design and Implement Cloud Data Storage Architectures 63 Storage Types 63 Threats to Storage Types 66 Design and Apply Data Security Technologies and Strategies 67 Encryption and Key Management 67 Hashing 70 Data Obfuscation 71 Tokenization 73 Data Loss Prevention 74 Keys, Secrets, and Certificates Management 77 Implement Data Discovery 78 Structured Data 79 Unstructured Data 80 Semi-structured Data 81 Data Location 82 Implement Data Classification 82 Data Classification Policies 83 Mapping 85 Labeling 86 Design and Implement Information Rights Management 87 Objectives 88 Appropriate Tools 89 Plan and Implement Data Retention, Deletion, and Archiving Policies 89 Data Retention Policies 90 Data Deletion Procedures and Mechanisms 93 Data Archiving Procedures and Mechanisms 94 Legal Hold 95 Design and Implement Auditability, Traceability, and Accountability of Data Events 96 Definition of Event Sources and Requirement of Event Attribution 97 Logging, Storage, and Analysis of Data Events 99 Chain of Custody and Nonrepudiation 100 Summary 101 Chapter 3 Cloud Platform and Infrastructure Security 103 Comprehend Cloud Infrastructure and Platform Components 104 Physical Environment 104 Network and Communications 106 Compute 107 Virtualization 108 Storage 110 Management Plane 111 Design a Secure Data Center 113 Logical Design 114 Physical Design 116 Environmental Design 117 Analyze Risks Associated with Cloud Infrastructure and Platforms 119 Risk Assessment 119 Cloud Vulnerabilities, Threats, and Attacks 122 Risk Mitigation Strategies 123 Plan and Implementation of Security Controls 124 Physical and Environmental Protection 124 System, Storage, and Communication Protection 125 Identification, Authentication, and Authorization in Cloud Environments 127 Audit Mechanisms 128 Plan Disaster Recovery and Business Continuity 131 Business Continuity/Disaster Recovery Strategy 131 Business Requirements 132 Creation, Implementation, and Testing of Plan 134 Summary 138 Chapter 4 Cloud Application Security 139 Advocate Training and Awareness for Application Security 140 Cloud Development Basics 140 Common Pitfalls 141 Common Cloud Vulnerabilities 142 Describe the Secure Software Development Life Cycle Process 144 NIST Secure Software Development Framework 145 OWASP Software Assurance Maturity Model 145 Business Requirements 145 Phases and Methodologies 146 Apply the Secure Software Development Life Cycle 149 Cloud-Specific Risks 149 Threat Modeling 153 Avoid Common Vulnerabilities during Development 156 Secure Coding 156 Software Configuration Management and Versioning 157 Apply Cloud Software Assurance and Validation 158 Functional and Non-functional Testing 159 Security Testing Methodologies 160 Quality Assurance 164 Abuse Case Testing 164 Use Verified Secure Software 165 Securing Application Programming Interfaces 165 Supply-Chain Management 166 Third-Party Software Management 166 Validated Open-Source Software 167 Comprehend the Specifics of Cloud Application Architecture 168 Supplemental Security Components 169 Cryptography 171 Sandboxing 172 Application Virtualization and Orchestration 173 Design Appropriate Identity and Access Management Solutions 174 Federated Identity 175 Identity Providers 175 Single Sign-on 176 Multifactor Authentication 176 Cloud Access Security Broker 178 Summary 179 Chapter 5 Cloud Security Operations 181 Build and Implement Physical and Logical Infrastructure for Cloud Environment 182 Hardware-Specific Security Configuration Requirements 182 Installation and Configuration of Virtualization Management Tools 185 Virtual Hardware-Specific Security Configuration Requirements 186 Installation of Guest Operating System Virtualization Toolsets 188 Operate Physical and Logical Infrastructure for Cloud Environment 188 Configure Access Control for Local and Remote Access 188 Secure Network Configuration 190 Operating System Hardening through the Application of Baselines 195 Availability of Stand-Alone Hosts 196 Availability of Clustered Hosts 197 Availability of Guest Operating Systems 199 Manage Physical and Logical Infrastructure for Cloud Environment 200 Access Controls for Remote Access 201 Operating System Baseline Compliance Monitoring and Remediation 202 Patch Management 203 Performance and Capacity Monitoring 205 Hardware Monitoring 206 Configuration of Host and Guest Operating System Backup and Restore Functions 207 Network Security Controls 208 Management Plane 212 Implement Operational Controls and Standards 212 Change Management 213 Continuity Management 214 Information Security Management 216 Continual Service Improvement Management 217 Incident Management 218 Problem Management 221 Release Management 221 Deployment Management 222 Configuration Management 224 Service Level Management 225 Availability Management 226 Capacity Management 227 Support Digital Forensics 228 Forensic Data Collection Methodologies 228 Evidence Management 230 Collect, Acquire, and Preserve Digital Evidence 231 Manage Communication with Relevant Parties 234 Vendors 235 Customers 236 Partners 238 Regulators 238 Other Stakeholders 239 Manage Security Operations 239 Security Operations Center 240 Monitoring of Security Controls 244 Log Capture and Analysis 245 Incident Management 248 Summary 253 Chapter 6 Legal, Risk, and Compliance 255 Articulating Legal Requirements and Unique Risks within the Cloud Environment 256 Conflicting International Legislation 256 Evaluation of Legal Risks Specific to Cloud Computing 258 Legal Frameworks and Guidelines 258 eDiscovery 265 Forensics Requirements 267 Understand Privacy Issues 267 Difference between Contractual and Regulated Private Data 268 Country-Specific Legislation Related to Private Data 272 Jurisdictional Differences in Data Privacy 277 Standard Privacy Requirements 278 Privacy Impact Assessments 280 Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 281 Internal and External Audit Controls 282 Impact of Audit Requirements 283 Identify Assurance Challenges of Virtualization and Cloud 284 Types of Audit Reports 285 Restrictions of Audit Scope Statements 288 Gap Analysis 289 Audit Planning 290 Internal Information Security Management System 291 Internal Information Security Controls System 292 Policies 293 Identification and Involvement of Relevant Stakeholders 296 Specialized Compliance Requirements for Highly Regulated Industries 297 Impact of Distributed Information Technology Model 298 Understand Implications of Cloud to Enterprise Risk Management 299 Assess Providers Risk Management Programs 300 Differences between Data Owner/Controller vs. Data Custodian/Processor 301 Regulatory Transparency Requirements 302 Risk Treatment 303 Risk Frameworks 304 Metrics for Risk Management 307 Assessment of Risk Environment 307 Understand Outsourcing and Cloud Contract Design 309 Business Requirements 309 Vendor Management 311 Contract Management 312 Supply Chain Management 314 Summary 316 Index 317