CCSP For Dummies with Online Practice

Arthur J. Deane

ISBN: 9789354245770

380 pages

INR 899


If you are a cloud security professional seeking your CSSP certification, this book is a perfect way to prepare for the exam. Covering in detail all six domains, the expert advice in this book gives you key information you'll need to pass the exam. In addition to the information covered on the exam, you'll get tips on setting up a study plan, tips for exam day, and access to an online test bank of questions.



About this Book  

Foolish Assumptions  

Icons Used in This Book  

Beyond the Book  

Where to Go from Here  


Part 1: Starting Your CCSP Journey

Chapter 1: Familiarizing Yourself with (ISC)2 and the CCSP Certification

  • Appreciating (ISC)2 and the CCSP Certification
  • Knowing Why You Need to Get Certified
  • Studying the Prerequisites for the CCSP
  • Understanding the CCSP Domains
  • Domain 1: Cloud Concepts, Architecture and Design
  • Domain 2: Cloud Data Security
  • Domain 3: Cloud Platform and Infrastructure Security
  • Domain 4: Cloud Application Security
  • Domain 5: Cloud Security Operations
  • Domain 6: Legal, Risk and Compliance
  • Preparing for the Exam
  • Studying on your own
  • Learning by doing
  • Getting official (ISC)2 CCSP training
  • Attending other training courses
  • Practice, practice, practice
  • Ensuring you're ready for the exam
  • Registering for the Exam
  • Taking the Exam
  • Identifying What to Do After the Exam


Chapter 2: Identifying Information Security Fundamentals

  • Exploring the Pillars of Information Security
  • Confidentiality
  • Integrity
  • Availability
  • Threats, Vulnerabilities, and Risks...Oh My!
  • Threats
  • Vulnerabilities
  • Risks
  • Securing Information with Access Control
  • Deciphering Cryptography
  • Encryption and decryption
  • Types of encryption
  • Common uses of encryption
  • Grasping Physical Security
  • Realizing the Importance of Business Continuity and Disaster Recovery
  • Implementing Incident Handling
  • Preparing for incidents
  • Detecting incidents
  • Containing incidents
  • Eradicating incidents
  • Recovering from incidents
  • Conducting a Post-Mortem
  • Utilizing Defense-in-Depth


Part 2: Exploring the CCSP Certification Domains

Chapter 3: Domain 1: Cloud Concepts, Architecture and Design

  • Knowing Cloud Computing Concepts
  • Defining cloud computing terms
  • Identifying cloud computing roles
  • Recognizing key cloud computing characteristics
  • Building block technologies
  • Describing Cloud Reference Architecture
  • Cloud computing activities
  • Cloud service capabilities
  • Cloud service categories
  • Cloud deployment models
  • Cloud shared considerations
  • Impact of related technologies
  • Identifying Security Concepts Relevant to Cloud Computing
  • Cryptography and key management
  • Access control
  • Data and media sanitization
  • Network security
  • Virtualization security
  • Common threats
  • Comprehending Design Principles of Secure Cloud Computing
  • Cloud Secure Data Lifecycle
  • Cloud based disaster recovery (DR) and business continuity (BC) planning
  • Cost benefit analysis
  • Security considerations for different cloud categories
  • Evaluating Cloud Service Providers
  • Verifying against certification criteria
  • Meeting system/subsystem product certifications


Chapter 4: Domain 2: Cloud Data Security

  • Describing Cloud Data Concepts
  • Cloud data lifecycle phases
  • Data dispersion
  • Designing and Implementing Cloud Data Storage Architectures
  • Storage types
  • Threats to storage types
  • Designing and Implementing Data Security Technologies and Strategies
  • Encryption and key management
  • Hashing
  • Data loss prevention (DLP)
  • Data de-identification
  • Implementing Data Discovery
  • Structured data
  • Unstructured data
  • Implementing Data Classification
  • Mapping
  • Labeling
  • Sensitive data
  • Designing and Implementing Information Rights Management (IRM)
  • Objectives
  • Appropriate tools
  • Planning and Implementing Data Retention, Deletion, and Archiving Policies
  • Data retention policies
  • Data deletion procedures and mechanisms
  • Data archiving procedures and mechanisms
  • Legal hold
  • Designing and Implementing Auditability, Traceability and Accountability of Data Events
  • Defining event sources and requirements of identity attribution
  • Logging, storing, and analyzing data events
  • Chain of custody and nonrepudiation


Chapter 5: Domain 3: Cloud Platform and Infrastructure Security

  • Comprehending Cloud Infrastructure Components
  • Physical environment
  • Network and communications
  • Compute
  • Virtualization
  • Storage
  • Management plane
  • Designing a Secure Data Center
  • Logical design
  • Physical design
  • Environmental design
  • Analyzing Risks Associated with Cloud Infrastructure
  • Risk assessment and analysis
  • Cloud vulnerabilities, threats, and attacks
  • Virtualization risks
  • Countermeasure strategies
  • Designing and Planning Security Controls
  • Physical and environmental protection
  • System and communication protection
  • Virtualization systems protection
  • Identification, authentication, and authorization in cloud infrastructure
  • Audit mechanisms
  • Planning Business Continuity (BC) and Disaster Recovery (DR)
  • Risks related to the cloud environment
  • Business requirements
  • Business continuity/disaster recovery strategy


Chapter 6: Domain 4: Cloud Application Security

  • Advocating Training and Awareness for Application Security
  • Cloud development basics
  • Common pitfalls
  • Common cloud vulnerabilities
  • Describing the Secure Software Development Lifecycle (SDLC) Process
  • Business requirements
  • Phases
  • Methodologies
  • Applying the SDLC Process
  • Common vulnerabilities during development
  • Cloud-specific risks
  • Quality Assurance (QA)
  • Threat modeling
  • Software configuration management and versioning
  • Applying Cloud Software Assurance and Validation
  • Functional testing
  • Security testing methodologies
  • Using Verified Secure Software
  • Approved Application Programming Interfaces (API)
  • Supply-chain management
  • Third-party software management
  • Validated open source software
  • Comprehending the Specifics of Cloud Application Architecture
  • Supplemental security components
  • Cryptography
  • Sandboxing
  • Application virtualization and orchestration
  • Designing Appropriate Identity and Access Management (IAM) Solutions
  • Federated identity
  • Identity providers
  • Single sign-on (SSO)
  • Multifactor authentication
  • Cloud access security broker (CASB)


Chapter 7: Domain 5: Cloud Security Operations

  • Implementing and Building a Physical and Logical Infrastructure for Cloud Environment
  • Hardware specific security configuration requirements
  • Installing and configuring virtualization management tools
  • Virtual hardware specific security configuration requirements
  • Installing guest operating system virtualization toolsets
  • Operating Physical and Logical Infrastructure for a Cloud Environment
  • Configuring access control for local and remote access
  • Secure network configuration
  • Hardening the operating system through the application of baselines
  • Availability of standalone hosts
  • Availability of clustered hosts
  • Availability of guest operating system
  • Managing Physical and Logical Infrastructure for a Cloud Environment
  • Access controls for remote access
  • Operating system baseline compliance monitoring and remediation
  • Patch management
  • Performance and capacity monitoring
  • Hardware monitoring
  • Configuring host and guest operating system backup and restore functions
  • Network security controls
  • Management plane
  • Implementing Operational Controls and Standards
  • Change management
  • Continuity management
  • Information security management
  • Continual service improvement management
  • Incident management
  • Problem management
  • Release and deployment management
  • Configuration management
  • Service level management
  • Availability management
  • Capacity management
  • Supporting Digital Forensics
  • Collecting, acquiring, and preserving digital evidence
  • Evidence management
  • Managing Communication with Relevant Parties
  • Customers
  • Vendors
  • Partners
  • Regulators
  • Other stakeholders
  • Managing Security Operations
  • Security operations center (SOC)
  • Monitoring of security controls


Chapter 8: Domain 6: Legal, Risk and Compliance

  • Articulating Legal Requirements and Unique Risks within the Cloud Environment
  • Conflicting international legislation
  • Evaluating legal risks specific to cloud computing
  • Legal framework and guidelines
  • e-Discovery
  • Forensics requirements
  • Understanding Privacy Issues
  • Difference between contractual and regulated private data
  • Country-specific legislation related to private data
  • Jurisdictional differences in data privacy
  • Standard privacy requirements
  • Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment
  • Internal and external audit controls
  • Impact of audit requirements
  • Identifying assurance challenges of virtualization and cloud
  • Types of audit reports
  • Restrictions of audit scope statements
  • Gap analysis
  • Audit planning
  • Internal information security management system (ISMS)
  • Internal information security controls system
  • Policies
  • Identification and involvement of relevant stakeholders
  • Specialized compliance requirements for highly regulated industries
  • Impact of distributed Information Technology (IT) model
  • Understanding the Implications of Cloud to Enterprise Risk Management
  • Assessing providers' risk management programs
  • Difference between data owner/controller versus data custodian/processor
  • Regulatory transparency requirements
  • Risk tolerance and risk profile
  • Risk assessment
  • Risk treatment
  • Different risk frameworks
  • Metrics for risk management
  • Assessment of risk environment
  • Understanding Outsourcing and Cloud Contract Design
  • Business requirements
  • Vendor management
  • Contract management
  • Supply-chain management


Part 3: The Part of Tens

Chapter 9: Ten (or So) Tips to Help You Prepare for the CCSP Exam

  • Brush Up on the Prerequisites
  • Register for the Exam
  • Create a Study Plan
  • Find a Study Buddy
  • Take Practice Exams
  • Get Hands-On
  • Attend a CCSP Training Seminar
  • Plan Your Exam Strategy
  • Get Some Rest and Relaxation


Chapter 10: Ten Keys to Success on Exam Day

  • Making Sure You Wake Up
  • Dressing for the Occasion
  • Eating a Great Meal
  • Warming Up Your Brain
  • Bringing Snacks and Drinks
  • Planning Your Route
  • Arriving Early
  • Taking Breaks
  • Staying Calm
  • Remembering Your Strategy


Part 4: Appendixes

Appendix A: Glossary

Appendix B: Helpful Resources

  • (ISC)2 and CCSP Exam Resources
  • Standards and Guidelines
  • Technical References




  • Name:
  • Designation:
  • Name of Institute:
  • Email:
  • * Request from personal id will not be entertained
  • Moblie:
  • ISBN / Title:
  • ISBN:    * Please specify ISBN / Title Name clearly