My Account
Log in Registration
All
Cart
Highlights
Fiction Books
Non-Fiction Books
Children's Books
Rare Books
Music
DVD & Blu-Ray
Video Games
Category
Wishlists
Cart
All
Free Shipping in Australia
Trustpilot
Proud to be B-Corp

CCSP For Dummies with Online Practice A Deane

CCSP For Dummies with Online Practice By A Deane

CCSP For Dummies with Online Practice by A Deane

Reviews:
Condition - Good
Out of stock
Good

CCSP For Dummies with Online Practice Summary

CCSP For Dummies with Online Practice by A Deane

Secure your CSSP certification

CCSP is the world's leading Cloud Security certification. It covers the advanced technical skills and knowledge to design, manage, and secure data, applications, and infrastructure in the cloud using best practices, policies, and procedures.

If you're a cloud security professional seeking your CSSP certification, this book is a perfect way to prepare for the exam. Covering in detail all six domains, the expert advice in this book gives you key information you'll need to pass the exam. In addition to the information covered on the exam, you'll get tips on setting up a study plan, tips for exam day, and access to an online test bank of questions.

  • Key information for all six exam domains
  • Test -taking and exam day tips and tricks
  • Free online practice questions and flashcards
  • Coverage of the core concepts

From getting familiar with the core concepts to establishing a study plan, this book is all you need to hang your hat on that certification!

About A Deane

Arthur J. Deane is a security and compliance executive at Google. He is a technical professional with 13+ years experience in information security, cloud security, IT risk management, and systems engineering.

Table of Contents

Introduction 1 About this Book 1 Foolish Assumptions 2 Icons Used in This Book 3 Beyond the Book 4 Where to Go from Here 5 Part 1: Starting Your CCSP Journey 7 Chapter 1: Familiarizing Yourself with (ISC)2 and the CCSP Certification 9 Appreciating (ISC)2 and the CCSP Certification 9 Knowing Why You Need to Get Certified 10 Studying the Prerequisites for the CCSP 11 Understanding the CCSP Domains 12 Domain 1: Cloud Concepts, Architecture and Design 12 Domain 2: Cloud Data Security 13 Domain 3: Cloud Platform and Infrastructure Security 14 Domain 4: Cloud Application Security 15 Domain 5: Cloud Security Operations 15 Domain 6: Legal, Risk and Compliance 16 Preparing for the Exam 17 Studying on your own 18 Learning by doing 19 Getting official (ISC)2 CCSP training 19 Attending other training courses 20 Practice, practice, practice 20 Ensuring you're ready for the exam 21 Registering for the Exam 21 Taking the Exam 22 Identifying What to Do After the Exam 23 Chapter 2: Identifying Information Security Fundamentals 25 Exploring the Pillars of Information Security 26 Confidentiality 26 Integrity 27 Availability 27 Threats, Vulnerabilities, and Risks...Oh My! 28 Threats 28 Vulnerabilities 28 Risks 29 Securing Information with Access Control 29 Deciphering Cryptography 30 Encryption and decryption 30 Types of encryption 31 Common uses of encryption 32 Grasping Physical Security 34 Realizing the Importance of Business Continuity and Disaster Recovery 34 Implementing Incident Handling 35 Preparing for incidents 37 Detecting incidents 37 Containing incidents 38 Eradicating incidents 39 Recovering from incidents 39 Conducting a Post-Mortem 39 Utilizing Defense-in-Depth 40 Part 2: Exploring the CCSP Certification Domains 41 Chapter 3: Domain 1: Cloud Concepts, Architecture and Design 43 Knowing Cloud Computing Concepts 44 Defining cloud computing terms 44 Identifying cloud computing roles 46 Recognizing key cloud computing characteristics 47 Building block technologies 49 Describing Cloud Reference Architecture 49 Cloud computing activities 50 Cloud service capabilities 51 Cloud service categories 51 Cloud deployment models 55 Cloud shared considerations 58 Impact of related technologies 63 Identifying Security Concepts Relevant to Cloud Computing 64 Cryptography and key management 65 Access control 67 Data and media sanitization 69 Network security 69 Virtualization security 70 Common threats 71 Comprehending Design Principles of Secure Cloud Computing 76 Cloud Secure Data Lifecycle 76 Cloud based disaster recovery (DR) and business continuity (BC) planning 78 Cost benefit analysis 78 Security considerations for different cloud categories 79 Evaluating Cloud Service Providers 82 Verifying against certification criteria 82 Meeting system/subsystem product certifications 88 Chapter 4: Domain 2: Cloud Data Security 91 Describing Cloud Data Concepts 91 Cloud data lifecycle phases 92 Data dispersion 94 Designing and Implementing Cloud Data Storage Architectures 94 Storage types 94 Threats to storage types 97 Designing and Implementing Data Security Technologies and Strategies 98 Encryption and key management 99 Hashing 101 Data loss prevention (DLP) 102 Data de-identification 105 Implementing Data Discovery 107 Structured data 108 Unstructured data 109 Implementing Data Classification 109 Mapping 109 Labeling 110 Sensitive data 110 Designing and Implementing Information Rights Management (IRM) 112 Objectives 113 Appropriate tools 114 Planning and Implementing Data Retention, Deletion, and Archiving Policies 115 Data retention policies 115 Data deletion procedures and mechanisms 116 Data archiving procedures and mechanisms 117 Legal hold 118 Designing and Implementing Auditability, Traceability and Accountability of Data Events 118 Defining event sources and requirements of identity attribution 119 Logging, storing, and analyzing data events 124 Chain of custody and nonrepudiation 127 Chapter 5: Domain 3: Cloud Platform and Infrastructure Security 129 Comprehending Cloud Infrastructure Components 130 Physical environment 131 Network and communications 132 Compute 134 Virtualization 136 Storage 139 Management plane 140 Designing a Secure Data Center 141 Logical design 141 Physical design 142 Environmental design 144 Analyzing Risks Associated with Cloud Infrastructure 145 Risk assessment and analysis 145 Cloud vulnerabilities, threats, and attacks 147 Virtualization risks 150 Countermeasure strategies 152 Designing and Planning Security Controls 152 Physical and environmental protection 153 System and communication protection 154 Virtualization systems protection 155 Identification, authentication, and authorization in cloud infrastructure 159 Audit mechanisms 161 Planning Business Continuity (BC) and Disaster Recovery (DR) 162 Risks related to the cloud environment 162 Business requirements 166 Business continuity/disaster recovery strategy 166 Chapter 6: Domain 4: Cloud Application Security 173 Advocating Training and Awareness for Application Security 174 Cloud development basics 174 Common pitfalls 175 Common cloud vulnerabilities 178 Describing the Secure Software Development Lifecycle (SDLC) Process 180 Business requirements 180 Phases 180 Methodologies 184 Applying the SDLC Process 186 Common vulnerabilities during development 186 Cloud-specific risks 191 Quality Assurance (QA) 192 Threat modeling 192 Software configuration management and versioning 196 Applying Cloud Software Assurance and Validation 197 Functional testing 197 Security testing methodologies 198 Using Verified Secure Software 200 Approved Application Programming Interfaces (API) 200 Supply-chain management 200 Third-party software management 201 Validated open source software 201 Comprehending the Specifics of Cloud Application Architecture 201 Supplemental security components 202 Cryptography 203 Sandboxing 204 Application virtualization and orchestration 204 Designing Appropriate Identity and Access Management (IAM) Solutions 205 Federated identity 206 Identity providers 207 Single sign-on (SSO) 208 Multifactor authentication 209 Cloud access security broker (CASB) 210 Chapter 7: Domain 5: Cloud Security Operations 213 Implementing and Building a Physical and Logical Infrastructure for Cloud Environment 214 Hardware specific security configuration requirements 214 Installing and configuring virtualization management tools 218 Virtual hardware specific security configuration requirements 219 Installing guest operating system virtualization toolsets 220 Operating Physical and Logical Infrastructure for a Cloud Environment 221 Configuring access control for local and remote access 221 Secure network configuration 223 Hardening the operating system through the application of baselines 226 Availability of standalone hosts 228 Availability of clustered hosts 228 Availability of guest operating system 230 Managing Physical and Logical Infrastructure for a Cloud Environment 230 Access controls for remote access 230 Operating system baseline compliance monitoring and remediation 231 Patch management 232 Performance and capacity monitoring 234 Hardware monitoring 234 Configuring host and guest operating system backup and restore functions 235 Network security controls 236 Management plane 239 Implementing Operational Controls and Standards 240 Change management 241 Continuity management 243 Information security management 243 Continual service improvement management 244 Incident management 244 Problem management 244 Release and deployment management 244 Configuration management 244 Service level management 245 Availability management 245 Capacity management 245 Supporting Digital Forensics 246 Collecting, acquiring, and preserving digital evidence 246 Evidence management 248 Managing Communication with Relevant Parties 249 Customers 249 Vendors 250 Partners 250 Regulators 250 Other stakeholders 251 Managing Security Operations 251 Security operations center (SOC) 251 Monitoring of security controls 252 Chapter 8: Domain 6: Legal, Risk and Compliance 253 Articulating Legal Requirements and Unique Risks within the Cloud Environment 254 Conflicting international legislation 254 Evaluating legal risks specific to cloud computing 255 Legal framework and guidelines 257 e-Discovery 258 Forensics requirements 261 Understanding Privacy Issues 262 Difference between contractual and regulated private data 262 Country-specific legislation related to private data 263 Jurisdictional differences in data privacy 266 Standard privacy requirements 266 Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 268 Internal and external audit controls 269 Impact of audit requirements 270 Identifying assurance challenges of virtualization and cloud 270 Types of audit reports 271 Restrictions of audit scope statements 273 Gap analysis 274 Audit planning 275 Internal information security management system (ISMS) 278 Internal information security controls system 279 Policies 280 Identification and involvement of relevant stakeholders 282 Specialized compliance requirements for highly regulated industries 282 Impact of distributed Information Technology (IT) model 283 Understanding the Implications of Cloud to Enterprise Risk Management 284 Assessing providers' risk management programs 284 Difference between data owner/controller versus data custodian/processor 284 Regulatory transparency requirements 285 Risk tolerance and risk profile 285 Risk assessment 286 Risk treatment 287 Different risk frameworks 289 Metrics for risk management 290 Assessment of risk environment 290 Understanding Outsourcing and Cloud Contract Design 291 Business requirements 291 Vendor management 292 Contract management 292 Supply-chain management 294 Part 3: The Part of Tens 295 Chapter 9: Ten (or So) Tips to Help You Prepare for the CCSP Exam 297 Brush Up on the Prerequisites 297 Register for the Exam 298 Create a Study Plan 298 Find a Study Buddy 299 Take Practice Exams 299 Get Hands-On 299 Attend a CCSP Training Seminar 300 Plan Your Exam Strategy 300 Get Some Rest and Relaxation 301 Chapter 10: Ten Keys to Success on Exam Day 303 Making Sure You Wake Up 303 Dressing for the Occasion 304 Eating a Great Meal 304 Warming Up Your Brain 304 Bringing Snacks and Drinks 304 Planning Your Route 305 Arriving Early 305 Taking Breaks 305 Staying Calm 306 Remembering Your Strategy 306 Part 4: Appendixes 307 Appendix A: Glossary 309 Appendix B: Helpful Resources 329 (ISC)2 and CCSP Exam Resources 329 Standards and Guidelines 329 Technical References 331 Index 333

Additional information

CIN1119648378G
9781119648376
1119648378
CCSP For Dummies with Online Practice by A Deane
A Deane
Used - Good
Paperback
John Wiley & Sons Inc
2020-11-09
368
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in good condition, but if you are not entirely satisfied please get in touch with us

Customer Reviews - CCSP For Dummies with Online Practice