eBook - ePub

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

Name: (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide
Author: Ben Malisow

Ben Malisow

Share book

English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide

Ben Malisow

Book details

Book preview

Table of contents

Citations

About This Book

The only official study guide for the new CCSP exam

(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.

The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.

Review 100% of all CCSP exam objectives
Practice applying essential concepts and skills
Access the industry-leading online study tool set
Test your knowledge with bonus practice exams and more

As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide an online PDF/ePUB?

Yes, you can access (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide by Ben Malisow in PDF and/or ePUB format, as well as other popular books in Informatik & Cybersicherheit. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Sybex

Year

2019

ISBN

9781119603368

Edition

Topic

Informatik

Subtopic

Cybersicherheit

Chapter 1
Architectural Concepts

THE OBJECTIVE OF THIS CHAPTER IS TO ACQUAINT THE READER WITH THE FOLLOWING CONCEPTS:

Domain 1: Cloud Concepts, Architecture, and Design
- 1.1. Understand Cloud Computing Concepts
  - 1.1.1. Cloud Computing Definitions
  - 1.1.2. Cloud Computing Roles
  - 1.1.3. Key Cloud Computing Characteristics
  - 1.1.4. Building Block Technologies
- 1.2. Describe Cloud Reference Architecture
  - 1.2.1. Cloud Computing Activities
  - 1.2.2. Cloud Service Capabilities
  - 1.2.3. Cloud Service Categories
  - 1.2.4. Cloud Deployment Models
  - 1.2.5. Cloud Shared Considerations
  - 1.2.6. Impact of Related Technologies
- 1.4. Understand Design Principles of Secure Cloud Computing
  - 1.4.3. Cost Benefit Analysis
  - 1.4.4. Functional Security Requirements
Domain 4: Cloud Application Security
- 4.7. Design Appropriate Identity and Access Management (IAM) Solutions
  - 4.7.5. Cloud Access Security Broker (CASB)
Domain 5: Cloud Security Operations
- 5.4. Implement Operational Controls and Standards
  - 5.4.10. Service Level Management

This chapter is the foundation for all the other chapters in this study guide. You may find it useful to review this material before reading other chapters.

The CCSP is not a certification of basic computer skills or training; it is a professional certification for practitioners with some background in the field. (ISC)² expects that those who want to earn this particular certification already have experience in the industry; have been employed in an InfoSec position in some professional capacity; and have a thorough understanding of many basic areas related to computers, security, business, risk, and networking. Many people taking the test already have other certifications that validate their knowledge and experience, such as the CISSP. Therefore, this book will not contain many of the basics that, while testable, you are already expected to know. If you aren’t coming from a CISSP background, it would be good to supplement your knowledge with CISSP-focused materials as well.

However, the CCSP Common Body of Knowledge (CBK) contains terminology and concepts that may be expressed in specific ways, to include perspectives and usages that may be unique to the CCSP and different from what you are used to dealing with in your current operations. This chapter is therefore intended as a guide, laying down the foundation for understanding the rest of the material and the CBK as a whole.

Cloud Characteristics

Cloud computing has come to mean many things, but the following characteristics have become part of the generally accepted definition:

Broad network access
On-demand self-service
Resource pooling
Rapid elasticity
Measured or “metered” service

These traits are expressed succinctly in the NIST definition of cloud computing.

NIST 800-145 Cloud Computing Definition

The official NIST definition of cloud computing says, “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

These characteristics are also similar to how cloud computing is defined in ISO 17788 (www.iso.org/iso/catalogue_detail?csnumber=60544).

You can expect to see mention of each of these throughout this book, the CBK, and the exam.

Broad network access means services are consistently accessible by standard means, such as the use of a web browser to access a Software as a Service (SaaS) application regardless of the user’s location or choice of computer OS, browser, and so on. This is generally accomplished with the use of such technologies as advanced routing techniques, load balancers, and multisite hosting, among others.

On-demand self-service refers to the model that allows customers to scale their compute and/or storage needs with little or no intervention from or prior communication with the provider. The services happen in real time.

Resource pooling is the characteristic that allows the cloud provider to meet various demands from customers while remaining financially viable. The cloud provider can make capital investments that greatly exceed what any single customer could provide on their own and can apportion these resources as needed so that the resources are not underutilized (which would mean a wasteful investment) or overtaxed (which would mean a decrease in level of service). This is often referred to as a multitenant environment; multiple customers share the same underlying hardware, software, and networking assets.

Rapid elasticity allows the customer to grow or shrink the IT footprint (number of users, number of machines, size of storage, and so on) as necessary to meet operational needs without excess capacity. In the cloud, this can be done in moments, as opposed to the traditional environment, where acquisition and deployment of resources (or dispensing old resources) can take weeks or months.

Finally, measured or metered service simply means that the customer is charged for only what they use and nothing more. This is much like how a water or power company might charge you each month for the services used (with perhaps a minimum monthly charge for maintaining the connection).

Rest assured—we will be going into more detail regarding all of these concepts in the chapters to come.

Online Shopping

Think of retail demand during the pre-holiday crush toward the end of the year. The sheer volume of customers and transactions greatly exceeds all normal operations throughout the rest of the year. When this happens, retailers who offer online shopping can see great benefit from hosting their sales capability in the cloud. The cloud provider can apportion resources necessary to meet this increased demand and will charge for this increased usage at a negotiated rate, but when shopping drops off after the holiday, the retailers will not continue to be charged at the higher rate.

Business Requirements

The IT department is not a profit center; it provides a support function. This is even more accurate to describe the security department. Security activities actually hinder business efficiency (because, generally, the more secure something is, be it a device or a process, the less efficient it will be). This is why the business needs of the organization drive security decisions and not the other way around.

A successful organization will gather as much information about operational business requirements as possible; this information can be used for many purposes, including several functions in the security realm (I’ll touch on this throughout the book, but a few examples inclu...