Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying CCSP (ISC)2 Certified Cloud Security Professional Exam Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

By : Omar A. Turner, Navya Lakshmana
4.9 (22)
Buy this Book
close
close
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

4.9 (22)
By: Omar A. Turner, Navya Lakshmana
Buy this Book

Overview of this book

Preparing for the Certified Cloud Security Professional (CCSP) exam can be challenging, as it covers a wide array of topics essential for advancing a cybersecurity professional’s career by validating their technical skills. To prepare for the CCSP exam, you need a resource that not only covers all the exam objectives but also helps you prepare for the format and structure of the exam. Written by two seasoned cybersecurity professionals with a collective experience of hundreds of hours training CCSP bootcamps, this CCSP study guide reflects the journey you’d undertake in such training sessions. The chapters are packed with up-to-date information necessary to pass the (ISC)2 CCSP exam. Additionally, to boost your confidence, the book provides self-assessment questions, exam tips, and mock exams with detailed answer explanations. You’ll be able to deepen your understanding using illustrative explanations that briefly review key points. As you progress, you’ll delve into advanced technical aspects of cloud domain security, such as application security, design, managing and securing data, and infrastructure in the cloud using best practices and legal policies and procedures. By the end of this guide, you’ll be ready to breeze through the exam and tackle real-world cloud security challenges with ease.
Table of Contents (27 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who This Book Is For
Icon
What This Book Covers
Icon
How to Get the Most Out of This Book
Icon
Online Practice Resources
Icon
Download the Color Images
Icon
Conventions Used
Icon
Get in Touch
Icon
Share Your Thoughts
Icon
Download a Free PDF Copy of This Book
Free Chapter
1
Chapter 1: Core Cloud Concepts
chevron up
Icon
Chapter 1: Core Cloud Concepts
Icon
Making the Most Out of This Book – Your Certification and Beyond
Icon
What Is Cloud Computing?
Icon
Essential Cloud Computing Characteristics
Icon
Cloud Stakeholders
Icon
Key Cloud Computing Technologies and Building Blocks
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
2
Chapter 2: Cloud Reference Architecture
Icon
Chapter 2: Cloud Reference Architecture
Icon
Cloud Service Models
Icon
Cloud Service Models and Categories
Icon
Cloud Deployment Models
Icon
Shared Considerations for Cloud Deployments
Icon
Emerging Technologies in Cloud Computing
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
3
Chapter 3: Top Threats and Essential Cloud Security Concepts and Controls
Icon
Chapter 3: Top Threats and Essential Cloud Security Concepts and Controls
Icon
The CIA Triad—Confidentiality, Integrity, and Availability
Icon
Common Threats to Cloud Deployments
Icon
Security Control Categories and Types
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
4
Chapter 4: Design Principles for Secure Cloud Computing
Icon
Chapter 4: Design Principles for Secure Cloud Computing
Icon
Security for IaaS, SaaS, and PaaS
Icon
Shared Responsibility Model for Cloud Service Models
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
5
Chapter 5: How to Evaluate Your Cloud Service Provider
Icon
Chapter 5: How to Evaluate Your Cloud Service Provider
Icon
Key Cloud Service Contractual Documents
Icon
Evaluation of the CSP Services
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
6
Chapter 6: Cloud Data Security Concepts and Architectures
Icon
Chapter 6: Cloud Data Security Concepts and Architectures
Icon
Structured and Unstructured Data
Icon
The Cloud Data Lifecycle
Icon
Various Storage Types and Common Threats
Icon
Data Classification and Discovery
Icon
Cloud Data Security Technologies and Common Strategies
Icon
Critical Cloud Data Security Strategies
Icon
Best Practices for Data Retention, Archival, and Deletion
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
7
Chapter 7: Data Governance Essentials
Icon
Chapter 7: Data Governance Essentials
Icon
Data Governance
Icon
IRM
Icon
Auditability in Cloud Data Governance
Icon
Traceability in Cloud Data Governance
Icon
Accountability in Cloud Data Governance
Icon
Cloud Data Life Cycle
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
8
Chapter 8: Essential Infrastructure and Platform Components for a Secure Data Center
Icon
Chapter 8: Essential Infrastructure and Platform Components for a Secure Data Center
Icon
Cloud Infrastructure and Platform Components
Icon
Physical Design
Icon
Environmental Design
Icon
Logical Design
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
9
Chapter 9: Analyzing Risks
Icon
Chapter 9: Analyzing Risks
Icon
Overview of Risk Management
Icon
Risk Identification and Analysis
Icon
Analyzing and Assessing Cloud Security Risks
Icon
Cloud Attack Surface Area, Vulnerabilities, Threats, and Attack Vectors
Icon
Addressing Cloud Security Risks – Safeguards and Countermeasures
Icon
Implementing Cloud Security Best Practices, Controls and Countermeasures
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
10
Chapter 10: Security Control Implementation
Icon
Chapter 10: Security Control Implementation
Icon
Physical and Environmental Protection Controls
Icon
System, Storage, and Communication Protection Controls
Icon
IAM Solutions for Identification, Authentication, and Authorization
Icon
Key Cloud Control Audit Mechanisms
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
11
Chapter 11: Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery
Icon
Chapter 11: Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery
Icon
BCDR Definitions
Icon
BCDR Strategies
Icon
Understanding an Organization’s Business Requirements
Icon
Creation, Implementation, and Testing of a BCDR Plan
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
12
Chapter 12: Application Security
Icon
Chapter 12: Application Security
Icon
Why is Application Security Critical?
Icon
Common Challenges in Securing Web Applications
Icon
Vulnerabilities with OWASP
Icon
Cloud Application Security Tools and Solutions
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
13
Chapter 13: Secure Software Development Life Cycle
Icon
Chapter 13: Secure Software Development Life Cycle
Icon
Traditional SDLC to SSDLC
Icon
Utilizing the SSDLC in Cloud Projects
Icon
Threat Modeling
Icon
Avoiding Vulnerable Code
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
14
Chapter 14: Assurance, Validation, and Verification in Security
Icon
Chapter 14: Assurance, Validation, and Verification in Security
Icon
The Importance of Assurance, Validation, and Verification
Icon
What Are Functional and Non-Functional Testing?
Icon
Security Testing and Quality Assurance
Icon
Two Approaches to Software Verification
Icon
Third-Party Review Processes
Icon
Measures to Secure APIs
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
15
Chapter 15: Application-Centric Cloud Architecture
Icon
Chapter 15: Application-Centric Cloud Architecture
Icon
Supplemental Security Components
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
16
Chapter 16: IAM Design
Icon
Chapter 16: IAM Design
Icon
IAM
Icon
Federated Identity
Icon
IdPs
Icon
SSO
Icon
MFA
Icon
CASB
Icon
Secrets Management
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
17
Chapter 17: Cloud Physical and Logical Infrastructure (Operationalization and Maintenance)
Icon
Chapter 17: Cloud Physical and Logical Infrastructure (Operationalization and Maintenance)
Icon
Hardware-Specific Security Configuration Requirements
Icon
Installation and Configuration of Management Tools
Icon
Virtual Hardware-Specific Security Configuration Requirements
Icon
Installation of Guest OS Virtualization Toolsets
Icon
Access Controls for Local and Remote Access
Icon
Secure Network Configuration
Icon
Network Security Controls
Icon
OS Baselining
Icon
Availability of Clustered Hosts
Icon
Availability of Guest OSs
Icon
Performance and Capacity Monitoring in Cloud Environments
Icon
Hardware Monitoring in Cloud Environments
Icon
Configuration of Host and Guest OS Backup and Restore Functions
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
18
Chapter 18: International Operational Controls and Standards
Icon
Chapter 18: International Operational Controls and Standards
Icon
Operational Controls and Standards
Icon
Change Management
Icon
Continuity Management
Icon
Information Security Management
Icon
Continual Service Improvement Management
Icon
Incident Management
Icon
Problem Management
Icon
Release Management
Icon
Deployment Management
Icon
Configuration Management
Icon
Service-Level Management
Icon
Availability Management
Icon
Capacity Management
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
19
Chapter 19: Digital Forensics
Icon
Chapter 19: Digital Forensics
Icon
Digital forensics
Icon
Forensic data collection methodologies
Icon
Evidence management
Icon
Collecting, acquiring, and preserving digital evidence
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
20
Chapter 20: Managing Communications
Icon
Chapter 20: Managing Communications
Icon
Managing communication with relevant parties
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
21
Chapter 21: Security Operations Center Management
Icon
Chapter 21: Security Operations Center Management
Icon
SOC
Icon
Monitoring of Security Controls
Icon
Log Capture and Analysis
Icon
Incident Management
Icon
Vulnerability Assessments
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
22
Chapter 22: Legal Challenges and the Cloud
Icon
Chapter 22: Legal Challenges and the Cloud
Icon
Legal Requirements and Unique Risks Within the Cloud
Icon
Understanding the Implications of Cloud to Enterprise Risk Management
Icon
Understanding Outsourcing and Cloud Contract Design
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
23
Chapter 23: Privacy and the Cloud
Icon
Chapter 23: Privacy and the Cloud
Icon
Privacy Issues
Icon
Difference between Contractual and Regulated Private Data
Icon
Country-Specific Legislation Related to Private Data
Icon
Jurisdictional Differences in Data Privacy
Icon
Standard Privacy Requirements
Icon
Privacy Impact Assessments (PIAs)
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
24
Chapter 24: Cloud Audit Processes and Methodologies
Icon
Chapter 24: Cloud Audit Processes and Methodologies
Icon
Understanding the Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
Icon
Internal and External Audit Controls
Icon
Impact of Audit Requirements
Icon
Identify Assurance Challenges of Virtualization and the Cloud
Icon
Types of Audit Reports
Icon
Restrictions of Audit Scope Statements
Icon
Gap Analysis
Icon
Audit Planning
Icon
Internal ISMS
Icon
Policies
Icon
Identification and Involvement of Relevant Stakeholders
Icon
Specialized Compliance Requirements for Highly Regulated Industries
Icon
Impact of Distributed IT Model
Icon
Summary
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
25
Chapter 25: Accessing the Online Practice Resources
Icon
Chapter 25: Accessing the Online Practice Resources
Icon
How to Access These Materials
Icon
Troubleshooting Tips
Icon
Back to the Book
Icon
Why subscribe?
26
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Share Your Thoughts
Icon
Download a Free PDF Copy of This Book

Cloud Stakeholders

The International Information Systems Security Certification Consortium (ISC2) CCSP Common Body of Knowledge (CBK) identifies multiple cloud computing stakeholders with specific responsibilities, based primarily on the following International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) standards and NIST special publications:

  • ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)
  • NIST SP 500-292 CCRA

Note

You can read more about the ISO/IEC 17789 CCRA here - https://www.iso.org/standard/60545.html, and the NIST SP 500-292 CCRA here - https://www.nist.gov/publications/nist-cloud-computing-reference-architecture.

The key differences you need to be aware of concerning the identification of these cloud stakeholders are as follows:

  • The ISO/IEC 17789 CCRA defines three main roles with multiple sub-roles in each main role
  • The NIST CCRA defines five key actors

Note

It is important to focus on the cloud service models and cloud delivery models in this chapter. You will learn about the shared responsibility model, the three service models, and the six common deployment models (as mentioned in the NIST definition) in Chapter 2, Cloud Reference Architecture.

You will now go through each role and actor of ISO/IEC 17789 CCRA and NIST CCRA respectively.

ISO/IEC 17789 CCRA Roles and Sub-Roles

ISO/IEC 17789 is a standard developed by the ISO and the IEC, providing an extensive framework for CCRA. The purpose of this standard is to establish a common language, concepts, and structure to create, deliver, and manage cloud services across various domains.

ISO/IEC 17789 defines a CCRA that includes numerous roles and sub-roles, representing the major actors within the cloud computing ecosystem. You will learn about the duties and interactions between entities within this environment for effective operation and efficiency.

Cloud Service Customer

A Cloud Service Customer (CSC) is an entity that purchases cloud services from a CSP for itself or its users. CSCs can include organizations, departments within organizations, and individuals.

Sub-Roles of the CSC

A Cloud Service User (CSU) is an individual or application that utilizes cloud services provided by the CSP on behalf of the CSC.

CSP

A CSP is the entity responsible for supplying, running, and supporting cloud services. CSPs offer various cloud solutions such as SaaS, PaaS, and IaaS that CSCs can access.

Sub-Functions of a CSP

There are three sub-functions of a CSP:

  • Cloud Service Development: The Cloud Service Development (CSD) sub-role is responsible for designing, creating, and deploying cloud services that meet the demands of CSCs.
  • Cloud Service Operation: The Cloud Service Operation (CSO) sub-role is responsible for managing, monitoring, and operating cloud services provided by the CSP. This involves ensuring those services’ availability, performance, and security.
  • Cloud Service Support: The Cloud Service Support (CSS) sub-role is responsible for offering technical assistance, troubleshooting, and resolving issues related to cloud services for CSCs.

Cloud Service Partner

A Cloud Service Partner (CSN) is an entity that collaborates with the CSP to provide value-added services or support to CSCs. CSNs can be suppliers, resellers, or other organizations working closely with the CSP to improve cloud services as a whole.

Sub-Functions of a CSN

There are two sub-functions of a CSN as listed below:

  • Cloud Broker: The Cloud Broker (CB) serves as an intermediary between the CSC and various CSPs.
  • Cloud Carrier: The Cloud Carrier (CC) facilitates network connectivity between a CSP and the CSCs to guarantee secure, dependable communication.

Cloud Auditor

The Cloud Auditor (CA) is an independent body that reviews and validates a CSP and its services’ adherence to applicable standards, laws, and best practices.

You will now learn about the key actors as per the NIST CCRA.

NIST Cloud Computing Key Actors

NIST Cloud Computing Reference Architecture (NIST SP 500-292), is a document published by the NIST, with the aim of offering an in-depth framework to comprehend, design, and implement cloud computing services and solutions. This reference architecture is intended to produce a uniform, technology-neutral framework that allows communication, cooperation, and the creation of cloud computing standards among diverse stakeholders, such as CSPs, users, and regulators.

The NIST CCRA is composed of five essential components, often termed as actors. These components describe the fundamental functions and duties inside a cloud computing system, therefore clarifying their interrelationships. The five major elements of the NIST CCRA are as follows.

Cloud Consumer

The cloud consumer is a person, group, or business that utilizes cloud services offered by the cloud provider. The cloud consumer obtains and administers cloud services in accordance with its needs and can access these services through a variety of interfaces and devices.

Cloud Provider

The cloud provider is the entity tasked with making cloud services accessible to the cloud customer. This covers the design, management, and maintenance of the cloud infrastructure, platforms, and applications necessary to offer the services. Cloud providers can provide a variety of service models, including IaaS, PaaS, and SaaS.

Cloud Broker

The cloud broker is an agent that helps cloud customers choose, manage, and integrate cloud services from numerous cloud providers. Cloud brokers can provide value-added services, such as collecting and integrating various offers, negotiating contracts, and maintaining Service-Level Agreements (SLAs) to guarantee that the demands of cloud consumers are satisfied.

Cloud Auditor (CA)

The CA is an independent, responsible body that assesses and evaluates the cloud services offered by the cloud provider. This involves confirming the cloud services’ performance, security, and compliance with industry standards, legislation, and best practices. CAs contribute to the confidence and trust of cloud consumers by verifying that cloud providers achieve the necessary service levels and customer expectations.

Cloud Carrier (CC)

The CC is responsible for delivering the connectivity and transport services required for cloud consumer access to a cloud provider’s cloud services. CCs provide the delivery of data and communication between cloud consumers and cloud providers, guaranteeing safe and dependable access to cloud services.

In addition to these core aspects, the NIST CCRA highlights many cross-functional characteristics that are essential to the installation and operation of cloud computing services. They include security, privacy, and compliance, which are vital for ensuring data protection and adherence to applicable laws and regulations.

By providing a structured and thorough reference architecture, NIST SP 500-292 fosters a shared understanding of cloud computing ideas and terminology, enabling stakeholders to make informed decisions and ease the development of interoperable cloud computing solutions. This reference design is a great resource for enterprises intending to adopt cloud computing or to enhance their current cloud-based services.

You will now understand the definitions and specifics of cloud stakeholders as seen from the perspective of two organizations. The ISO/IEC 17789 CCRA, with its focus on the CSC, the sub-role of the CSU, the CSP (with its associated sub-roles), the CSN, and the CA, offers a comprehensive view of the dynamics of each of the aforementioned roles, while the NIST reference architecture looks at the five primary actors of consumer, provider, broker, CA, and CC. Both are equally important, and it is essential to understand the differences between the two for the CCSP exam.

In the next section, you will dive into the key core technologies that allow cloud computing to exist and be used at scale for those requiring the use of the cloud.

End of Section 5
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY