دانلود کتاب The Official (ISC)2 Guide to the CCSP CBK

فهرست مطالب :

Cover
Title Page
Copyright Page
Acknowledgments
About the Authors
About the Technical Editor
Contents at a Glance 
Contents
Foreword to the Third Edition
Introduction
Domain 1: Cloud Concepts, Architecture, and Design
Domain 2: Cloud Data Security
Domain 3: Cloud Platform and Infrastructure Security
Domain 4: Cloud Application Security
Domain 5: Cloud Security Operations
Domain 6: Legal, Risk, and Compliance
How to Contact the Publisher
Domain 1 Cloud Concepts, Architecture, and Design
Understand Cloud Computing Concepts
Cloud Computing Definitions
Cloud Computing Roles
Key Cloud Computing Characteristics
Building Block Technologies
Describe Cloud Reference Architecture
Cloud Computing Activities
Cloud Service Capabilities
Cloud Service Categories
Cloud Deployment Models
Cloud Shared Considerations
Impact of Related Technologies
Understand Security Concepts Relevant to Cloud Computing
Cryptography and Key Management
Access Control
Data and Media Sanitization
Network Security
Virtualization Security
Common Threats
Understand Design Principles of Secure Cloud Computing
Cloud Secure Data Lifecycle
Cloud-Based Disaster Recovery and Business Continuity Planning
Cost-Benefit Analysis
Functional Security Requirements
Security Considerations for Different Cloud Categories
Evaluate Cloud Service Providers
Verification against Criteria
System/Subsystem Product Certifications
Summary
Domain 2 Cloud Data Security
Describe Cloud Data Concepts
Cloud Data Lifecycle Phases
Data Dispersion
Design and Implement Cloud Data Storage Architectures
Storage Types
Threats to Storage Types
Design and Apply Data Security Technologies and Strategies
Encryption and Key Management
Hashing
Masking
Tokenization
Data Loss Prevention
Data Obfuscation
Data De-identification
Implement Data Discovery
Structured Data
Unstructured Data
Implement Data Classification
Mapping
Labeling
Sensitive Data
Design and Implement Information Rights Management
Objectives
Appropriate Tools
Plan and Implement Data Retention, Deletion, and Archiving Policies
Data Retention Policies
Data Deletion Procedures and Mechanisms
Data Archiving Procedures and Mechanisms
Legal Hold
Design and Implement Auditability, Traceability, and Accountability of Data Events
Definition of Event Sources and Requirement of Identity Attribution
Logging, Storage, and Analysis of Data Events
Chain of Custody and Nonrepudiation
Summary
Domain 3 Cloud Platform and Infrastructure Security
Comprehend Cloud Infrastructure Components
Physical Environment
Network and Communications
Compute
Virtualization
Storage
Management Plane
Design a Secure Data Center
Logical Design
Physical Design
Environmental Design
Analyze Risks Associated with Cloud Infrastructure
Risk Assessment and Analysis
Cloud Vulnerabilities, Threats, and Attacks
Virtualization Risks
Countermeasure Strategies
Design and Plan Security Controls
Physical and Environmental Protection
System and Communication Protection
Virtualization Systems Protection
Identification, Authentication, and Authorization in Cloud Infrastructure
Audit Mechanisms
Plan Disaster Recovery and Business Continuity
Risks Related to the Cloud Environment
Business Requirements
Business Continuity/Disaster Recovery Strategy
Creation, Implementation, and Testing of Plan
Summary
Domain 4 Cloud Application Security
Advocate Training and Awareness for Application Security
Cloud Development Basics
Common Pitfalls
Common Cloud Vulnerabilities
Describe the Secure Software Development Lifecycle Process
NIST Secure Software Development Framework
OWASP Software Assurance Security Model
Business Requirements
Phases and Methodologies
Apply the Secure Software Development Lifecycle
Avoid Common Vulnerabilities During Development
Cloud-Specific Risks
Quality Assurance
Threat Modeling
Software Configuration Management and Versioning
Apply Cloud Software Assurance and Validation
Functional Testing
Security Testing Methodologies
Use Verified Secure Software
Approved Application Programming Interfaces
Supply-Chain Management
Third-Party Software Management
Validated Open-Source Software
Comprehend the Specifics of Cloud Application Architecture
Supplemental Security Components
Cryptography
Sandboxing
Application Virtualization and Orchestration
Design Appropriate Identity and Access Management Solutions
Federated Identity
Identity Providers
Single Sign-On
Multifactor Authentication
Cloud Access Security Broker
Summary
Domain 5 Cloud Security Operations
Implement and Build Physical and Logical Infrastructure for Cloud Environment
Hardware-Specific Security Configuration Requirements
Installation and Configuration of Virtualization Management Tools
Virtual Hardware–Specific Security Configuration Requirements
Installation of Guest Operating System Virtualization Toolsets
Operate Physical and Logical Infrastructure for Cloud Environment
Configure Access Control for Local and Remote Access
Secure Network Configuration
Operating System Hardening through the Application of Baselines
Availability of Stand-Alone Hosts
Availability of Clustered Hosts
Availability of Guest Operating Systems
Manage Physical and Logical Infrastructure for Cloud Environment
Access Controls for Remote Access
Operating System Baseline Compliance Monitoring and Remediation
Patch Management
Performance and Capacity Monitoring
Hardware Monitoring
Configuration of Host and Guest Operating System Backup and Restore Functions
Network Security Controls
Management Plane
Implement Operational Controls and Standards
Change Management
Continuity Management
Information Security Management
Continual Service Improvement Management
Incident Management
Problem Management
Release Management
Deployment Management
Configuration Management
Service Level Management
Availability Management
Capacity Management
Support Digital Forensics
Forensic Data Collection Methodologies
Evidence Management
Collect, Acquire, and Preserve Digital Evidence
Manage Communication with Relevant Parties
Vendors
Customers
Partners
Regulators
Other Stakeholders
Manage Security Operations
Security Operations Center
Monitoring of Security Controls
Log Capture and Analysis
Incident Management
Summary
Domain 6 Legal, Risk, and Compliance
Articulating Legal Requirements and Unique Risks Within the Cloud Environment
Conflicting International Legislation
Evaluation of Legal Risks Specific to Cloud Computing
Legal Frameworks and Guidelines That Affect Cloud Computing
Forensics and eDiscovery in the Cloud
Understanding Privacy Issues
Difference between Contractual and Regulated Private Data
Country-Specific Legislation Related to Private Data
Jurisdictional Differences in Data Privacy
Standard Privacy Requirements
Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
Internal and External Audit Controls
Impact of Audit Requirements
Identity Assurance Challenges of Virtualization and Cloud
Types of Audit Reports
Restrictions of Audit Scope Statements
Gap Analysis
Audit Planning
Internal Information Security Management Systems
Internal Information Security Controls System
Policies
Identification and Involvement of Relevant Stakeholders
Specialized Compliance Requirements for Highly Regulated Industries
Impact of Distributed Information Technology Models
Understand Implications of Cloud to Enterprise Risk Management
Assess Providers Risk Management Programs
Differences Between Data Owner/Controller vs. Data Custodian/Processor
Regulatory Transparency Requirements
Risk Treatment
Risk Frameworks
Metrics for Risk Management
Assessment of Risk Environment
Understanding Outsourcing and Cloud Contract Design
Business Requirements
Vendor Management
Contract Management
Supply Chain Management
Summary
Index
EULA