As cloud technology becomes increasingly essential across industries, the need for thorough security knowledge and certification has never been more crucial. The Certificate of Cloud Security Knowledge (CCSK) exam, globally recognized and highly respected, presents a formidable challenge for many.

Author Graham Thompson offers you in-depth guidance and practical tools not only to pass the exam but also to grasp the broader implications of cloud security. This book is filled with real-world examples, targeted practice questions, and the latest on zero trust and AI security—all designed to mirror the actual exam. By reading this book, you will:

• Understand critical topics such as cloud architecture, governance, compliance, and risk management
• Prepare for the exam with chapter tips, concise reviews, and practice questions to enhance retention
• See the latest on securing different workloads (containers, PaaS, FaaS) and on incident response in the cloud
• Equip yourself with the knowledge necessary for significant career advancement in cloud security

Osoby które kupowały "Certificate of Cloud Security Knowledge (CCSK v5) Official Study Guide. In-Depth Guidance and Practice", wybierały także:

• Jak zhakowa 125,00 zł, (10,00 zł -92%)
• Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
• Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
• Efekt piaskownicy. Jak szefować żeby roboty nie zabrały ci roboty 59,50 zł, (11,90 zł -80%)
• Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)

Spis treści

Certificate of Cloud Security Knowledge (CCSK v5) Study Guide. In-Depth Guidance and Practice eBook -- spis treści

• Preface
  • Who This Book Is For
  • Conventions Used in This Book
  • OReilly Online Learning
  • How to Contact Us
  • Acknowledgments
• 1. Cloud Computing Concepts and Architectures
  • Defining Cloud Computing
    • Resource Pools
    • Tools
      • Abstraction
      • Automation
      • Orchestration
    • Two Definitions of Cloud Computing
  • Logical Model of the Cloud
    • Infostructure
    • Applistructure
    • Metastructure
    • Infrastructure
  • Cloud Computing Models
    • Essential Characteristics
      • On-demand self-service
      • Broad network access
      • Resource pooling
      • Rapid elasticity
      • Measured service
      • Multitenancy
    • Cloud Service Models
      • Infrastructure as a service
      • Platform as a service
      • Software as a service
    • Cloud Deployment Models
      • Public cloud
      • Private cloud
      • Community cloud
      • Hybrid cloud
      • Bonus: Multicloud
  • Cloud Security Responsibilities, Frameworks, and Process Models
    • Shared Security Responsibility Model
    • Cloud Security Frameworks and Patterns
      • Frequently discussed frameworks
      • Cloud security process model
  • Summary
• 2. Principles of Cloud and IT Governance
  • Corporate Governance
  • IT Governance
  • Cloud Governance Changes and Challenges
  • Effective Cloud Governance
    • 1. Establish a Governance Hierarchy
    • 2. Leverage Cloud-Specific Security Frameworks
    • 3. Define Cloud Security Policies
    • 4. Set Control Objectives and Specify Control Specifications
    • 5. Define Roles and Responsibilities
    • 6. Establish a Cloud Center of Excellence or Similar Model
    • 7. Conduct Requirements and Information Gathering
    • 8. Manage Risks
    • 9. Classify Data and Assets
    • 10. Comply with Legal and Regulatory Requirements
    • 11. Maintain a Cloud Registry
  • Cloud Center of Excellence
    • Key Components of a CCoE
    • Benefits of a CCoE
  • Structuring IT Security Governance
    • Frameworks
    • Policies
      • Purpose
      • Scope
      • Policy
        • Data classification
        • Classification process
        • Documentation
        • Handling requirements
        • Review and update
        • Training and awareness
      • Compliance
      • Policy review
      • Approval
    • Control Objectives
      • Objective
      • Description
    • Control Specifications and Implementation Guidance
      • Objective
      • Implementation guidance
        • 1. Data classification scheme
        • 2. Responsibility assignment
        • 3. Data inventory
        • 4. Classification process
        • 5. Access controls
        • 6. Encryption
        • 7. Transmission security
        • 8. Storage security
        • 9. Training and awareness
        • 10. Monitoring and auditing
        • 11. Policy and procedure review
      • Success criteria
    • Thinking All the Way Through the Governance Stack
  • Foundational Governance Principles and Guidelines
    • Determining Risk Tolerance
    • Classifying Data and Assets
    • Identifying Regulatory and Legal Requirements
  • Cloud Security Alliance Tools
    • Cloud Controls Matrix
      • Consensus Assessment Initiative Questionnaire
    • Security, Trust, Assurance, and Risk Registry
  • Summary
• 3. Navigating Risk, Audit, and Compliance
  • Basics of Risk Management
  • Understanding the Risk Management Process
    • Step 0: Determining Risk Tolerance
    • Step 1: Risk Identification
    • Step 2: Risk Assessment (or Risk Analysis)
    • Step 3: Risk Treatment
    • Step 4: Risk Monitoring
    • Step 5: Risk Communication and Reporting
  • Assessing Cloud Services
    • Step 1: Assess the Business Request
    • Step 2: Review CSP Documentation
      • Security and privacy documentation
      • SLAs and contracts
      • Terms of service
      • CSP certifications and audits
        • SOC background
        • ISO/IEC 27000-Series Certification background
    • Step 3: Review External Sources
    • Step 4: Map to Compliance Requirements
    • Step 5: Map to Data Classification
    • Step 6: Define Required and Compensating Controls
    • Step 7: Obtain Final Approval
  • Governance, Risk Management, and Compliance Tools
    • Where Compliance Requirements Come From
    • Artifacts of Compliance
    • Jurisdictions
      • European Union/European Economic Areas GDPR
      • Brazils LGPD
    • Data Localization Laws
    • Compliance in the Cloud
      • Secure handling
      • Secure storage
      • Due care and due diligence
      • Audit trails
  • Summary
• 4. Guide to Cloud Organization Management
  • Organizational Hierarchy Models
    • Definitions
    • Organizational Structures
    • Organizational Capabilities Within a Cloud Service Provider
    • Building a Hierarchy Within a Provider
    • Managing Organization-Level Security Within a Provider
      • Identity provider and user/group role mappings
      • Common organizational shared services
  • Considerations for Hybrid and Multicloud Deployments
    • Organizational Management for Hybrid Cloud Security
    • Organizational Management for Multicloud Security
    • Tooling and Staffing for IaaS/PaaS Multicloud
    • Organizational Management for SaaS Hybrid and Multicloud
      • Federated identity brokers
      • Cloud access security brokers
      • API gateways
  • Summary
• 5. Identity and Access Management
  • How IAM Is Different in the Cloud
  • Fundamental Terms for Understanding IAM
    • Persona
    • Attribute
    • Entitlement
    • Entitlement Matrix
    • Role
    • Attribute-Based Access Control
    • Policy-Based Access Control
    • Authoritative Source
    • Federated Identity Management
    • Identity Provider
    • Relying Party
    • Assertion
  • Federated Identity Management
    • Common Federation Standards
    • How Federation Works
      • OIDC workflow
      • SAML workflow
    • Managing Users and Identities for Cloud Computing
  • Strong Authentication and Authorization
    • Authorization
    • Authentication
      • Hard tokens
      • Soft tokens
      • Out-of-band tokens
  • Privileged User Management
    • Privileged Identity Management
    • Privileged Access Management
  • Summary
• 6. Detecting Threats in the Cloud
  • Cloud Monitoring
  • Logs and Events
  • Posture Management
  • Cloud Telemetry Sources
    • Management Plane Logs
    • Service Logs
    • Resource Logs
  • Cloud Native Security Tools
    • Cloud Security Posture Management
    • SaaS Security Posture Management
    • Cloud Workload Protection Platform
    • Data Security Posture Management
    • Application Security Posture Management
    • Cloud Infrastructure Entitlement Management
    • Cloud Detection and Response
  • SIEM and SOAR: The Detective and the Robot Guard
    • Security Information and Event Management
      • Log normalization
      • Correlation and detection
      • Integration with threat intelligence
      • Incident response and forensics support
      • User and entity behavior analytics
    • Security Orchestration, Automation, and Response
      • Event sources
      • Playbooks
  • Collection Architectures
    • Log Storage and Retention
    • Cascading Log Architecture
  • AI for Security Monitoring
  • Summary
• 7. Infrastructure and Networking
  • Cloud Infrastructure Security
    • Cloud Customer Security Techniques
    • CSP Infrastructure Security Responsibilities
  • Infrastructure Resilience
    • Single-Region Resiliency
    • Multiregion Resiliency
    • Multiprovider Resiliency
  • Cloud Network Fundamentals
    • Common SDN-Based Components
      • Virtual networks/virtual private clouds
      • Subnets (public and private)
      • Route tables
      • Security groups
      • Network access control lists
      • Load balancer service
      • Internet gateways
      • Private endpoints
    • Cloud Connectivity
  • Cloud Network Security and Secure Architectures
    • Preventive Controls
    • Detective Security Controls
  • Infrastructure as Code
  • Zero Trust for Cloud Infrastructure and Networks
    • Software-Defined Perimeter
    • Zero Trust Network Access
    • Secure Access Service Edge
  • Summary
• 8. Cloud Workload Security
  • Securing Virtual Machines
    • Virtual Machine Challenges and Mitigations
    • Creating Secure VM Images with Factories
    • Recommended Tools and Best Practices for VMs
      • Cloud workload protection platforms
      • Configuration management tools
      • Endpoint detection and response
      • SIEM and SOAR
    • The Vulnerability Management Lifecycle
    • Snapshots, Public Exposures, and Exfiltration
  • Securing Containers
    • Container Image Creation
    • Container Networking
    • Container Orchestration and Management Systems
    • Container Orchestration Security
    • Secure Artifact Repositories
    • Runtime Protection for Containers
    • Securing Serverless and Function as a Service
    • FaaS Security Issues
    • IAM for Serverless Computing
  • Securing AI Workloads
    • Large Language Model Assets
    • Top Nine Large Language Model System Threats
    • AI Risk Mitigation and Shared Responsibilities
      • AI systems
      • AI as a service
  • Data Security for AI
    • Model Security
    • Infrastructure Security
    • Supply Chain Security
  • Summary
• 9. Keeping Data Safe in the Cloud
  • Data Structures
  • Storage Security Primer
  • Cloud Storage Types
    • Object Storage
      • Technical aspects of object storage
      • Object storage security
    • Volume Storage
    • Database Storage
      • Relational databases
      • Nonrelational databases
    • Other Types of Storage
  • Data Security Tools and Techniques
    • Data Classification
      • Classification techniques
      • Classification approaches
    • Identity and Access Management
    • Access Policies
    • Data Loss Prevention
  • Cloud Data Encryption at Rest
    • Encryption and Key Management
    • Key Management Service
    • Hardware Security Module
    • Encryption Key Options
      • Client-side encryption
      • Server-side encryption
      • Customer-managed encryption keys
      • Customer-provided encryption keys
      • Hold your own key
    • Encryption Implementation Options
      • Volume storage or object storage encryption
      • File/API encryption
      • Database encryption
      • Application encryption
    • Symmetric Versus Asymmetric Encryption
      • Symmetric encryption
      • Asymmetric encryption
    • Data Encryption Recommendations
      • Use a CSP-supplied KMS
      • Encrypt SaaS applications
      • Use the default encryption with care
      • Use different keys for different services
      • Apply IAM policies on keys
      • Align with threat models
  • Data Security Posture Management
  • Summary
• 10. Building Secure Applications
  • Secure Development Lifecycle
    • Stages of the CSA DevSecOps SDLC
      • Secure Design and Architecture stage
      • Secure Coding stage
      • Continuous Build, Integration, and Testing stage
      • Continuous Delivery and Deployment stage
      • Runtime Defense and Monitoring stage
    • Threat Modeling
      • Spoofing
      • Tampering
      • Repudiation
      • Information disclosure
      • Denial of service
      • Elevation of privilege
    • Risk Assessment Matrix
    • Testing: Predeployment
      • Static application security testing
      • Software composition analysis
      • Secrets, images, and IaC template scanning
    • Testing: Post Deployment
      • Dynamic application security testing
      • Interactive application security testing
      • Penetration testing
      • Bug bounty program
  • Architectures Role in Secure Cloud Applications
    • The Impact of the Cloud on Architecture-Level Security
      • Infrastructure and application integration
      • Application component credentials
      • Infrastructure as code and pipelines
      • Immutable infrastructure
    • Architectural Resilience
  • IAM and Application Security
    • Secrets Management
    • Secrets Management Workflow
  • DevOps and DevSecOps
    • The DevOps/DevSecOps Lifecycle
    • CI/CD Pipelines
      • Version control repository
      • Continuous integration server
      • Post build
  • Web Application Firewalls and API Gateways
    • Agent-Based Deployment
    • Cloud Native Provider Services
    • Third-Party Marketplace Solutions
    • WAF and DDoS Protection as a Service
  • Summary
• 11. Incident Response: From Detection to Recovery
  • Incident Response
  • Incident Response Lifecycle
    • Phase 1: Preparation
    • Phase 2: Detection and Analysis
    • Phase 3: Containment, Eradication, and Recovery
    • Phase 4: Post-Incident Analysis
  • How the Preparation Phase Changes in Cloud Environments
  • Training for Cloud Incident Responders
  • How Detection and Analysis Change in Cloud Environments
    • Impact of the Cloud on Incident Analysis
    • Cloud System Forensics
      • Snapshots and storage volume forensics
      • Volatile memory acquisition and live response challenges
      • Log analysis and correlation with management plane activities
      • Forensics chain of custody in cloud environments
    • Forensics Blast Zones
    • Cloud Forensics: Container and Serverless Considerations
      • Containers
      • Serverless computing
      • Support contracts
  • Containment, Eradication, and Recovery
    • Containment
      • IAM containment
      • Network containment
    • Eradication
    • Recovery
  • Post-Incident Analysis
  • Summary
• 12. Deep Dive into Zero Trust and AI
  • Zero Trust
  • Zero Trust Principles
  • Zero Trust Technical Objectives
    • Protective Framework
    • Simplified User Experience
    • Reduced Attack Surface
    • Reduced Complexity
    • Continuous Authentication
    • Improved Incident Containment and Management
    • Principle of Least Privilege
  • Zero Trust Business Objectives
    • Reduce Risk
    • Improve Compliance
    • Demonstrate Commitment to Cybersecurity
  • Core Logical Zero Trust Components
  • Zero Trust Security Frameworks
    • Software-Defined Perimeter
    • Zero Trust Network Access
  • Zero Trust Pillars
  • Zero Trust Maturity Model Levels
  • Zero Trust Design and Implementation
    • Step 1: Define the Protect Surface
    • Step 2: Map the Transaction Flows
    • Step 3: Build a Zero Trust Architecture
    • Step 4: Create a Zero Trust Policy
    • Step 5: Monitor and Maintain the Environment
  • Zero Trust and Cloud Security
  • Artificial Intelligence
    • Characteristics of AI Workloads
    • How AI Intersects with Cloud Security
      • AI as a service for consumption (full SaaS)
      • AI as a service (PaaS/foundation model hosting)
      • Cloud as workload host for AI (bring your own model)
      • AI-enhanced security tools
  • Summary
• 13. Preparing for Your CCSK Exam
  • Studying for the CCSK Exam
  • Exam Details
  • Signing Up for the CCSK Exam
  • Exam Tips
  • Using ChatGPT as a Study Tool
    • About Generative AI Large Language Models
      • Inference
      • Training
      • Tokens
      • Context windows
    • The Importance of Projects
    • Uploading Files
    • Downloading Files
    • Introduction to Prompt Engineering
    • Components of a Good Prompt
      • Clarity and specificity
      • Context
      • Desired format
      • Role or perspective
      • Constraints and parameters
      • Examples for guidance
      • Iterative refinement
      • Asking ChatGPT for a prompt
  • Creating Study Tools
    • Generating Pretest Questions
      • Multiple-choice question prompt
      • Scenario-based multiple-choice question prompt
    • Creating Flashcards
    • Playing Games
    • Study Plans
    • ChatGPT Annoyances
  • Final Exam-Day Thoughts
• Index