Description

Book Synopsis


Table of Contents

Foreword to the Fourth Edition xxi

Introduction xix

Chapter 1 Cloud Concepts, Architecture, and Design 1

Understand Cloud Computing Concepts 2

Cloud Computing Definitions 2

Cloud Computing Roles and Responsibilities 3

Key Cloud Computing Characteristics 7

Building Block Technologies 11

Describe Cloud Reference Architecture 14

Cloud Computing Activities 14

Cloud Service Capabilities 15

Cloud Service Categories 17

Cloud Deployment Models 18

Cloud Shared Considerations 21

Impact of Related Technologies 27

Understand Security Concepts Relevant to Cloud Computing 33

Cryptography and Key Management 33

Identity and Access Control 34

Data and Media Sanitization 36

Network Security 37

Virtualization Security 39

Common Threats 41

Security Hygiene 41

Understand Design Principles of Secure Cloud Computing 43

Cloud Secure Data Lifecycle 43

Cloud- Based Business Continuity and Disaster Recovery Plan 44

Business Impact Analysis 45

Functional Security Requirements 46

Security Considerations for Different Cloud Categories 48

Cloud Design Patterns 49

DevOps Security 51

Evaluate Cloud Service Providers 51

Verification against Criteria 52

System/Subsystem Product Certifications 54

Summary 56

Chapter 2 Cloud Data Security 57

Describe Cloud Data Concepts 58

Cloud Data Lifecycle Phases 58

Data Dispersion 61

Data Flows 62

Design and Implement Cloud Data Storage Architectures 63

Storage Types 63

Threats to Storage Types 66

Design and Apply Data Security Technologies and Strategies 67

Encryption and Key Management 67

Hashing 70

Data Obfuscation 71

Tokenization 73

Data Loss Prevention 74

Keys, Secrets, and Certificates Management 77

Implement Data Discovery 78

Structured Data 79

Unstructured Data 80

Semi- structured Data 81

Data Location 82

Implement Data Classification 82

Data Classification Policies 83

Mapping 85

Labeling 86

Design and Implement Information Rights Management 87

Objectives 88

Appropriate Tools 89

Plan and Implement Data Retention, Deletion, and Archiving Policies 89

Data Retention Policies 90

Data Deletion Procedures and Mechanisms 93

Data Archiving Procedures and Mechanisms 94

Legal Hold 95

Design and Implement Auditability, Traceability, and Accountability of Data Events 96

Definition of Event Sources and Requirement of Event Attribution 97

Logging, Storage, and Analysis of Data Events 99

Chain of Custody and Nonrepudiation 100

Summary 101

Chapter 3 Cloud Platform and Infrastructure Security 103

Comprehend Cloud Infrastructure and Platform Components 104

Physical Environment 104

Network and Communications 106

Compute 107

Virtualization 108

Storage 110

Management Plane 111

Design a Secure Data Center 113

Logical Design 114

Physical Design 116

Environmental Design 117

Analyze Risks Associated with Cloud Infrastructure and Platforms 119

Risk Assessment 119

Cloud Vulnerabilities, Threats, and Attacks 122

Risk Mitigation Strategies 123

Plan and Implementation of Security Controls 124

Physical and Environmental Protection 124

System, Storage, and Communication Protection 125

Identification, Authentication, and Authorization in Cloud Environments 127

Audit Mechanisms 128

Plan Disaster Recovery and Business Continuity 131

Business Continuity/Disaster Recovery Strategy 131

Business Requirements 132

Creation, Implementation, and Testing of Plan 134

Summary 138

Chapter 4 Cloud Application Security 139

Advocate Training and Awareness for Application Security 140

Cloud Development Basics 140

Common Pitfalls 141

Common Cloud Vulnerabilities 142

Describe the Secure Software Development Life Cycle Process 144

NIST Secure Software Development Framework 145

OWASP Software Assurance Maturity Model 145

Business Requirements 145

Phases and Methodologies 146

Apply the Secure Software Development Life Cycle 149

Cloud- Specific Risks 149

Threat Modeling 153

Avoid Common Vulnerabilities during Development 156

Secure Coding 156

Software Configuration Management and Versioning 157

Apply Cloud Software Assurance and Validation 158

Functional and Non- functional Testing 159

Security Testing Methodologies 160

Quality Assurance 164

Abuse Case Testing 164

Use Verified Secure Software 165

Securing Application Programming Interfaces 165

Supply- Chain Management 166

Third- Party Software Management 166

Validated Open- Source Software 167

Comprehend the Specifics of Cloud Application Architecture 168

Supplemental Security Components 169

Cryptography 171

Sandboxing 172

Application Virtualization and Orchestration 173

Design Appropriate Identity and Access Management Solutions 174

Federated Identity 175

Identity Providers 175

Single Sign- on 176

Multifactor Authentication 176

Cloud Access Security Broker 178

Summary 179

Chapter 5 Cloud Security Operations 181

Build and Implement Physical and Logical Infrastructure for Cloud Environment 182

Hardware- Specific Security Configuration Requirements 182

Installation and Configuration of Virtualization Management Tools 185

Virtual Hardware–Specific Security Configuration Requirements 186

Installation of Guest Operating System Virtualization Toolsets 188

Operate Physical and Logical Infrastructure for Cloud Environment 188

Configure Access Control for Local and Remote Access 188

Secure Network Configuration 190

Operating System Hardening through the Application of Baselines 195

Availability of Stand- Alone Hosts 196

Availability of Clustered Hosts 197

Availability of Guest Operating Systems 199

Manage Physical and Logical Infrastructure for Cloud Environment 200

Access Controls for Remote Access 201

Operating System Baseline Compliance Monitoring and Remediation 202

Patch Management 203

Performance and Capacity Monitoring 205

Hardware Monitoring 206

Configuration of Host and Guest Operating System Backup and Restore Functions 207

Network Security Controls 208

Management Plane 212

Implement Operational Controls and Standards 212

Change Management 213

Continuity Management 214

Information Security Management 216

Continual Service Improvement Management 217

Incident Management 218

Problem Management 221

Release Management 221

Deployment Management 222

Configuration Management 224

Service Level Management 225

Availability Management 226

Capacity Management 227

Support Digital Forensics 228

Forensic Data Collection Methodologies 228

Evidence Management 230

Collect, Acquire, and Preserve Digital Evidence 231

Manage Communication with Relevant Parties 234

Vendors 235

Customers 236

Partners 238

Regulators 238

Other Stakeholders 239

Manage Security Operations 239

Security Operations Center 240

Monitoring of Security Controls 244

Log Capture and Analysis 245

Incident Management 248

Summary 253

Chapter 6 Legal, Risk, and Compliance 255

Articulating Legal Requirements and Unique Risks within the Cloud Environment 256

Conflicting International Legislation 256

Evaluation of Legal Risks Specific to Cloud Computing 258

Legal Frameworks and Guidelines 258

eDiscovery 265

Forensics Requirements 267

Understand Privacy Issues 267

Difference between Contractual and Regulated Private Data 268

Country- Specific Legislation Related to Private Data 272

Jurisdictional Differences in Data Privacy 277

Standard Privacy Requirements 278

Privacy Impact Assessments 280

Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 281

Internal and External Audit Controls 282

Impact of Audit Requirements 283

Identify Assurance Challenges of Virtualization and Cloud 284

Types of Audit Reports 285

Restrictions of Audit Scope Statements 288

Gap Analysis 289

Audit Planning 290

Internal Information Security Management System 291

Internal Information Security Controls System 292

Policies 293

Identification and Involvement of Relevant Stakeholders 296

Specialized Compliance Requirements for Highly Regulated Industries 297

Impact of Distributed Information Technology Model 298

Understand Implications of Cloud to Enterprise Risk Management 299

Assess Providers Risk Management Programs 300

Differences between Data Owner/Controller vs. Data Custodian/Processor 301

Regulatory Transparency Requirements 302

Risk Treatment 303

Risk Frameworks 304

Metrics for Risk Management 307

Assessment of Risk Environment 307

Understand Outsourcing and Cloud Contract Design 309

Business Requirements 309

Vendor Management 311

Contract Management 312

Supply Chain Management 314

Summary 316

Index 317

The Official ISC2 CCSP CBK Reference

    Product form

    £48.75

    Includes FREE delivery

    RRP £65.00 – you save £16.25 (25%)

    Order before 4pm today for delivery by Mon 22 Jun 2026.

    A Hardback by Aaron Kraus

    2 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of The Official ISC2 CCSP CBK Reference by Aaron Kraus

      Publisher: John Wiley & Sons Inc
      Publication Date: 17/11/2022
      ISBN13: 9781119909019, 978-1119909019
      ISBN10: 1119909015
      Also in:
      Computing Cloud computing Computer security Technology, Engineering & Agriculture Electronics and communications engineering

      Description

      Book Synopsis


      Table of Contents

      Foreword to the Fourth Edition xxi

      Introduction xix

      Chapter 1 Cloud Concepts, Architecture, and Design 1

      Understand Cloud Computing Concepts 2

      Cloud Computing Definitions 2

      Cloud Computing Roles and Responsibilities 3

      Key Cloud Computing Characteristics 7

      Building Block Technologies 11

      Describe Cloud Reference Architecture 14

      Cloud Computing Activities 14

      Cloud Service Capabilities 15

      Cloud Service Categories 17

      Cloud Deployment Models 18

      Cloud Shared Considerations 21

      Impact of Related Technologies 27

      Understand Security Concepts Relevant to Cloud Computing 33

      Cryptography and Key Management 33

      Identity and Access Control 34

      Data and Media Sanitization 36

      Network Security 37

      Virtualization Security 39

      Common Threats 41

      Security Hygiene 41

      Understand Design Principles of Secure Cloud Computing 43

      Cloud Secure Data Lifecycle 43

      Cloud- Based Business Continuity and Disaster Recovery Plan 44

      Business Impact Analysis 45

      Functional Security Requirements 46

      Security Considerations for Different Cloud Categories 48

      Cloud Design Patterns 49

      DevOps Security 51

      Evaluate Cloud Service Providers 51

      Verification against Criteria 52

      System/Subsystem Product Certifications 54

      Summary 56

      Chapter 2 Cloud Data Security 57

      Describe Cloud Data Concepts 58

      Cloud Data Lifecycle Phases 58

      Data Dispersion 61

      Data Flows 62

      Design and Implement Cloud Data Storage Architectures 63

      Storage Types 63

      Threats to Storage Types 66

      Design and Apply Data Security Technologies and Strategies 67

      Encryption and Key Management 67

      Hashing 70

      Data Obfuscation 71

      Tokenization 73

      Data Loss Prevention 74

      Keys, Secrets, and Certificates Management 77

      Implement Data Discovery 78

      Structured Data 79

      Unstructured Data 80

      Semi- structured Data 81

      Data Location 82

      Implement Data Classification 82

      Data Classification Policies 83

      Mapping 85

      Labeling 86

      Design and Implement Information Rights Management 87

      Objectives 88

      Appropriate Tools 89

      Plan and Implement Data Retention, Deletion, and Archiving Policies 89

      Data Retention Policies 90

      Data Deletion Procedures and Mechanisms 93

      Data Archiving Procedures and Mechanisms 94

      Legal Hold 95

      Design and Implement Auditability, Traceability, and Accountability of Data Events 96

      Definition of Event Sources and Requirement of Event Attribution 97

      Logging, Storage, and Analysis of Data Events 99

      Chain of Custody and Nonrepudiation 100

      Summary 101

      Chapter 3 Cloud Platform and Infrastructure Security 103

      Comprehend Cloud Infrastructure and Platform Components 104

      Physical Environment 104

      Network and Communications 106

      Compute 107

      Virtualization 108

      Storage 110

      Management Plane 111

      Design a Secure Data Center 113

      Logical Design 114

      Physical Design 116

      Environmental Design 117

      Analyze Risks Associated with Cloud Infrastructure and Platforms 119

      Risk Assessment 119

      Cloud Vulnerabilities, Threats, and Attacks 122

      Risk Mitigation Strategies 123

      Plan and Implementation of Security Controls 124

      Physical and Environmental Protection 124

      System, Storage, and Communication Protection 125

      Identification, Authentication, and Authorization in Cloud Environments 127

      Audit Mechanisms 128

      Plan Disaster Recovery and Business Continuity 131

      Business Continuity/Disaster Recovery Strategy 131

      Business Requirements 132

      Creation, Implementation, and Testing of Plan 134

      Summary 138

      Chapter 4 Cloud Application Security 139

      Advocate Training and Awareness for Application Security 140

      Cloud Development Basics 140

      Common Pitfalls 141

      Common Cloud Vulnerabilities 142

      Describe the Secure Software Development Life Cycle Process 144

      NIST Secure Software Development Framework 145

      OWASP Software Assurance Maturity Model 145

      Business Requirements 145

      Phases and Methodologies 146

      Apply the Secure Software Development Life Cycle 149

      Cloud- Specific Risks 149

      Threat Modeling 153

      Avoid Common Vulnerabilities during Development 156

      Secure Coding 156

      Software Configuration Management and Versioning 157

      Apply Cloud Software Assurance and Validation 158

      Functional and Non- functional Testing 159

      Security Testing Methodologies 160

      Quality Assurance 164

      Abuse Case Testing 164

      Use Verified Secure Software 165

      Securing Application Programming Interfaces 165

      Supply- Chain Management 166

      Third- Party Software Management 166

      Validated Open- Source Software 167

      Comprehend the Specifics of Cloud Application Architecture 168

      Supplemental Security Components 169

      Cryptography 171

      Sandboxing 172

      Application Virtualization and Orchestration 173

      Design Appropriate Identity and Access Management Solutions 174

      Federated Identity 175

      Identity Providers 175

      Single Sign- on 176

      Multifactor Authentication 176

      Cloud Access Security Broker 178

      Summary 179

      Chapter 5 Cloud Security Operations 181

      Build and Implement Physical and Logical Infrastructure for Cloud Environment 182

      Hardware- Specific Security Configuration Requirements 182

      Installation and Configuration of Virtualization Management Tools 185

      Virtual Hardware–Specific Security Configuration Requirements 186

      Installation of Guest Operating System Virtualization Toolsets 188

      Operate Physical and Logical Infrastructure for Cloud Environment 188

      Configure Access Control for Local and Remote Access 188

      Secure Network Configuration 190

      Operating System Hardening through the Application of Baselines 195

      Availability of Stand- Alone Hosts 196

      Availability of Clustered Hosts 197

      Availability of Guest Operating Systems 199

      Manage Physical and Logical Infrastructure for Cloud Environment 200

      Access Controls for Remote Access 201

      Operating System Baseline Compliance Monitoring and Remediation 202

      Patch Management 203

      Performance and Capacity Monitoring 205

      Hardware Monitoring 206

      Configuration of Host and Guest Operating System Backup and Restore Functions 207

      Network Security Controls 208

      Management Plane 212

      Implement Operational Controls and Standards 212

      Change Management 213

      Continuity Management 214

      Information Security Management 216

      Continual Service Improvement Management 217

      Incident Management 218

      Problem Management 221

      Release Management 221

      Deployment Management 222

      Configuration Management 224

      Service Level Management 225

      Availability Management 226

      Capacity Management 227

      Support Digital Forensics 228

      Forensic Data Collection Methodologies 228

      Evidence Management 230

      Collect, Acquire, and Preserve Digital Evidence 231

      Manage Communication with Relevant Parties 234

      Vendors 235

      Customers 236

      Partners 238

      Regulators 238

      Other Stakeholders 239

      Manage Security Operations 239

      Security Operations Center 240

      Monitoring of Security Controls 244

      Log Capture and Analysis 245

      Incident Management 248

      Summary 253

      Chapter 6 Legal, Risk, and Compliance 255

      Articulating Legal Requirements and Unique Risks within the Cloud Environment 256

      Conflicting International Legislation 256

      Evaluation of Legal Risks Specific to Cloud Computing 258

      Legal Frameworks and Guidelines 258

      eDiscovery 265

      Forensics Requirements 267

      Understand Privacy Issues 267

      Difference between Contractual and Regulated Private Data 268

      Country- Specific Legislation Related to Private Data 272

      Jurisdictional Differences in Data Privacy 277

      Standard Privacy Requirements 278

      Privacy Impact Assessments 280

      Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 281

      Internal and External Audit Controls 282

      Impact of Audit Requirements 283

      Identify Assurance Challenges of Virtualization and Cloud 284

      Types of Audit Reports 285

      Restrictions of Audit Scope Statements 288

      Gap Analysis 289

      Audit Planning 290

      Internal Information Security Management System 291

      Internal Information Security Controls System 292

      Policies 293

      Identification and Involvement of Relevant Stakeholders 296

      Specialized Compliance Requirements for Highly Regulated Industries 297

      Impact of Distributed Information Technology Model 298

      Understand Implications of Cloud to Enterprise Risk Management 299

      Assess Providers Risk Management Programs 300

      Differences between Data Owner/Controller vs. Data Custodian/Processor 301

      Regulatory Transparency Requirements 302

      Risk Treatment 303

      Risk Frameworks 304

      Metrics for Risk Management 307

      Assessment of Risk Environment 307

      Understand Outsourcing and Cloud Contract Design 309

      Business Requirements 309

      Vendor Management 311

      Contract Management 312

      Supply Chain Management 314

      Summary 316

      Index 317

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account