The only official study guide for the new CCSP exam objectives effective from 2022-2025(ISC)² CCSP Certified Cloud Security Professional Official Study Guide, 3rd Edition is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)², this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. In this completely rewritten 3rd Edition, experienced cloud security professionals Mike Chapple and David Seidl use their extensive training and hands on skills to help you prepare for the CCSP exam. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Cloud Concepts, Architecture and Design, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Cloud Security Operations, and Legal, Risk, and Compliance with real-world scenarios to help you apply your skills along the way.The CCSP credential from (ISC)² and the Cloud Security Alliance is designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.* Review 100% of all CCSP exam objectives* Practice applying essential concepts and skills* Access the industry-leading online study tool set* Test your knowledge with bonus practice exams and moreAs organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. (ISC)² CCSP Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification and apply your skills in a real-world setting.

Introduction xxiiiAssessment Test xxxiiChapter 1 Architectural Concepts 1Cloud Characteristics 3Business Requirements 5Understanding the Existing State 6Cost/Benefit Analysis 7Intended Impact 10Cloud Computing Service Categories 11Software as a Service 11Infrastructure as a Service 12Platform as a Service 12Cloud Deployment Models 13Private Cloud 13Public Cloud 13Hybrid Cloud 13Multi- Cloud 13Community Cloud 13Multitenancy 14Cloud Computing Roles and Responsibilities 15Cloud Computing Reference Architecture 16Virtualization 18Hypervisors 18Virtualization Security 19Cloud Shared Considerations 20Security and Privacy Considerations 20Operational Considerations 21Emerging Technologies 22Machine Learning and Artificial Intelligence 22Blockchain 23Internet of Things 24Containers 24Quantum Computing 25Edge and Fog Computing 26Confidential Computing 26DevOps and DevSecOps 27Summary 28Exam Essentials 28Review Questions 30Chapter 2 Data Classification 35Data Inventory and Discovery 37Data Ownership 37Data Flows 42Data Discovery Methods 43Information Rights Management 46Certificates and IRM 47IRM in the Cloud 47IRM Tool Traits 47Data Control 49Data Retention 50Data Audit and Audit Mechanisms 53Data Destruction/Disposal 55Summary 57Exam Essentials 57Review Questions 59Chapter 3 Cloud Data Security 63Cloud Data Lifecycle 65Create 66Store 66Use 67Share 67Archive 69Destroy 70Cloud Storage Architectures 71Storage Types 71Volume Storage: File- Based Storage and Block Storage 72Object- Based Storage 72Databases 73Threats to Cloud Storage 73Designing and Applying Security Strategies for Storage 74Encryption 74Certificate Management 77Hashing 77Masking, Obfuscation, Anonymization, and Tokenization 78Data Loss Prevention 81Log Capture and Analysis 82Summary 85Exam Essentials 85Review Questions 86Chapter 4 Security in the Cloud 91Chapter 5 Shared Cloud Platform Risks and Responsibilities 92Cloud Computing Risks by Deployment Model 94Private Cloud 95Community Cloud 95Public Cloud 97Hybrid Cloud 101Cloud Computing Risks by Service Model 102Infrastructure as a Service (IaaS) 102Platform as a Service (PaaS) 102Software as a Service (SaaS) 103Virtualization 103Threats 105Risk Mitigation Strategies 107Disaster Recovery (DR) and Business Continuity (BC) 110Cloud- Specific BIA Concerns 110Customer/Provider Shared BC/DR Responsibilities 111Cloud Design Patterns 114Summary 115Exam Essentials 115Review Questions 116Cloud Platform, Infrastructure, and Operational Security 121Foundations of Managed Services 123Cloud Provider Responsibilities 124Shared Responsibilities by Service Type 125IaaS 125PaaS 126SaaS 126Securing Communications and Infrastructure 126Firewalls 127Intrusion Detection/Intrusion Prevention Systems 128Honeypots 128Vulnerability Assessment Tools 128Bastion Hosts 129Identity Assurance in Cloud and Virtual Environments 130Securing Hardware and Compute 130Securing Software 132Third- Party Software Management 133Validating Open- Source Software 134OS Hardening, Monitoring, and Remediation 134Managing Virtual Systems 135Assessing Vulnerabilities 137Securing the Management Plane 138Auditing Your Environment and Provider 141Adapting Processes for the Cloud 142Planning for Cloud Audits 143Summary 144Exam Essentials 145Review Questions 147Chapter 6 Cloud Application Security 151Developing Software for the Cloud 154Common Cloud Application Deployment Pitfalls 155Cloud Application Architecture 157Cryptography 157Sandboxing 158Application Virtualization and Orchestration 158Application Programming Interfaces 159Multitenancy 162Supplemental Security Components 162Cloud- Secure Software Development Lifecycle (SDLC) 164Software Development Phases 165Software Development Models 166Cloud Application Assurance and Validation 172Threat Modeling 172Common Threats to Applications 174Quality Assurance and Testing Techniques 175Supply Chain Management and Licensing 177Identity and Access Management 177Cloud Identity and Access Control 178Single Sign- On 179Identity Providers 180Federated Identity Management 180Multifactor Authentication 181Secrets Management 182Common Threats to Identity and Access Management in the Cloud 183Zero Trust 183Summary 183Exam Essentials 184Review Questions 186Chapter 7 Operations Elements 191Designing a Secure Data Center 193Build vs. Buy 193Location 194Facilities and Redundancy 196Data Center Tiers 200Logical Design 201Virtualization Operations 202Storage Operations 205Managing Security Operations 207Security Operations Center (SOC) 208Continuous Monitoring 208Incident Management 209Summary 209Exam Essentials 210Review Questions 211Chapter 8 Operations Management 215Monitoring, Capacity, and Maintenance 217Monitoring 217Physical and Environmental Protection 218Maintenance 219Change and Configuration Management 224Baselines 224Roles and Process 226Release and Deployment Management 228Problem and Incident Management 229IT Service Management and Continual Service Improvement 229Business Continuity and Disaster Recovery 231Prioritizing Safety 231Continuity of Operations 232BC/DR Planning 232The BC/DR Toolkit 234Relocation 235Power 237Testing 238Summary 239Exam Essentials 239Review Questions 241Chapter 9 Legal and Compliance Issues 245Legal Requirements and Unique Risks in the Cloud Environment 247Constitutional Law 247Legislation 249Administrative Law 249Case Law 250Common Law 250Contract Law 250Analyzing a Law 251Determining Jurisdiction 251Scope and Application 252Legal Liability 253Torts and Negligence 254U.S. Privacy and Security Laws 255Health Insurance Portability and Accountability Act 255The Health Information Technology for Economic and Clinical Health Act 258Gramm-Leach-Bliley Act 259Sarbanes-Oxley Act 261State Data Breach Notification Laws 261International Laws 263European Union General Data Protection Regulation 263Adequacy Decisions 267U.S.- EU Safe Harbor and Privacy Shield 267Laws, Regulations, and Standards 269Payment Card Industry Data Security Standard 270Critical Infrastructure Protection Program 270Conflicting International Legislation 270Information Security Management Systems 272Iso/iec 27017:2015 272Privacy in the Cloud 273Generally Accepted Privacy Principles 273Iso 27018 279Direct and Indirect Identifiers 279Privacy Impact Assessments 280Cloud Forensics 281Forensic Requirements 281Cloud Forensic Challenges 281Collection and Acquisition 282Evidence Preservation and Management 283e-discovery 283Audit Processes, Methodologies, and Cloud Adaptations 284Virtualization 284Scope 284Gap Analysis 285Restrictions of Audit Scope Statements 285Policies 286Audit Reports 286Summary 288Exam Essentials 288Review Questions 290Chapter 10 Cloud Vendor Management 295The Impact of Diverse Geographical Locations and Legal Jurisdictions 297Security Policy Framework 298Policies 298Standards 300Procedures 302Guidelines 303Exceptions and Compensating Controls 304Developing Policies 305Enterprise Risk Management 306Risk Identification 308Risk Calculation 308Risk Assessment 309Risk Treatment and Response 313Risk Mitigation 313Risk Avoidance 314Risk Transference 314Risk Acceptance 315Risk Analysis 316Risk Reporting 316Enterprise Risk Management 318Assessing Provider Risk Management Practices 318Risk Management Frameworks 319Cloud Contract Design 320Business Requirements 321Vendor Management 321Data Protection 323Negotiating Contracts 324Common Contract Provisions 324Contracting Documents 326Government Cloud Standards 327Common Criteria 327FedRAMP 327Fips 140- 2 327Manage Communication with Relevant Parties 328Summary 328Exam Essentials 329Review Questions 330Appendix Answers to the Review Questions 335Chapter 1: Architectural Concepts 336Chapter 2: Data Classification 337Chapter 3: Cloud Data Security 339Chapter 4: Security in the Cloud 341Chapter 5: Cloud Platform, Infrastructure, and Operational Security 343Chapter 6: Cloud Application Security 345Chapter 7: Operations Elements 347Chapter 8: Operations Management 349Chapter 9: Legal and Compliance Issues 350Chapter 10: Cloud Vendor Management 352Index 355