Cover -- Title Page -- Copyright -- Acknowledgments -- About the Authors -- About the Technical Editors -- Contents at a Glance -- Contents -- Introduction -- Assessment Test -- Answers to Assessment Test -- Chapter 1 Architectural Concepts -- Business Requirements -- Existing State -- Quantifying Benefits and Opportunity Cost -- Intended Impact -- Cloud Evolution, Vernacular, and Definitions -- New Technology, New Options -- Cloud Computing Service Models -- Cloud Deployment Models -- Cloud Computing Roles and Responsibilities -- Cloud Computing Definitions -- Foundational Concepts of Cloud Computing -- Sensitive Data -- Virtualization -- Encryption -- Auditing and Compliance -- Cloud Service Provider Contracts -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 2 Design Requirements -- Business Requirements Analysis -- Inventory of Assets -- Valuation of Assets -- Determination of Criticality -- Risk Appetite -- Boundaries of Cloud Models -- IaaS Boundaries -- PaaS Boundaries -- SaaS Boundaries -- Design Principles for Protecting Sensitive Data -- Hardening Devices -- Encryption -- Layered Defenses -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 3 Data Classification -- Data Inventory and Discovery -- Data Ownership -- The Data Life Cycle -- Data Discovery Methods -- Jurisdictional Requirements -- Data Rights Management -- Intellectual Property Protections -- DRM Tool Traits -- Data Control -- Data Retention -- Data Audit -- Data Destruction/Disposal -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 4 Cloud Data Security -- Cloud Data Life Cycle -- Create -- Store -- Use -- Share -- Archive -- Destroy -- Cloud Storage Architectures -- Volume Storage: File-Based Storage and Block Storage -- Object-Based Storage -- Databases -- Content Delivery Network (CDN) -- Cloud Data Security Foundational Strategies -- Encryption -- Masking, Obfuscation, Anonymization, and Tokenization -- Security Information and Event Management -- Egress Monitoring (DLP) -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 5 Security in the Cloud -- Shared Cloud Platform Risks and Responsibilities -- Cloud Computing Risks by Deployment and Service Model -- Private Cloud -- Community Cloud -- Public Cloud -- Hybrid Cloud -- IaaS (Infrastructure as a Service) -- PaaS (Platform as a Service) -- SaaS (Software as a Service) -- Virtualization -- Cloud Attack Surface -- Threats by Deployment Model -- Countermeasure Methodology -- Disaster Recovery (DR) and Business Continuity Management (BCM) -- Cloud-Specific BIA Concerns -- Customer/Provider Shared BC/DR Responsibilities -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 6 Responsibilities in the Cloud -- Foundations of Managed Services -- Business Requirements -- Business Requirements: The Cloud Provider Perspective -- Shared Responsibilities by Service Type -- IaaS -- PaaS -- SaaS -- Shared Admin.
istration of OS, Middleware, or Applications -- Operating System Baseline Configuration and Management -- Share Responsibilities: Data Access -- Customer Directly Administers Access -- Provider Administers Access on Behalf of the Customer -- Third-Party (CASB) Administers Access on Behalf of the Customer -- Lack of Physical Access -- Audits -- Shared Policy -- Shared Monitoring and Testing -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 7 Cloud Application Security -- Training and Awareness -- Common Cloud Application Deployment Pitfalls -- Cloud-Secure Software Development Life Cycle (SDLC) -- ISO/IEC 27034-1 Standards for Secure Application Development -- Identity and Access Management (IAM) -- Identity Repositories and Directory Services -- Single Sign-On (SSO) -- Federated Identity Management -- Federation Standards -- Multifactor Authentication -- Supplemental Security Devices -- Cloud Application Architecture -- Application Programming Interfaces -- Tenancy Separation -- Cryptography -- Sandboxing -- Application Virtualization -- Cloud Application Assurance and Validation -- Threat Modeling -- Quality of Service -- Software Security Testing -- Approved APIs -- Software Supply Chain (API) Management -- Securing Open Source Software -- Runtime Application Self-Protection (RASP) -- Secure Code Reviews -- OWASP Top 9 Coding Flaws -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 8 Operations Elements -- Physical/Logical Operations -- Facilities and Redundancy -- Virtualization Operations -- Storage Operations -- Physical and Logical Isolation -- Security Training and Awareness -- Training Program Categories -- Additional Training Insights -- Basic Operational Application Security -- Threat Modeling -- Application Testing Methods -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 9 Operations Management -- Monitoring, Capacity, and Maintenance -- Monitoring -- Maintenance -- Change and Configuration Management (CM) -- Baselines -- Deviations and Exceptions -- Roles and Process -- Business Continuity and Disaster Recovery (BC/DR) -- Primary Focus -- Continuity of Operations -- The BC/DR Plan -- The BC/DR Kit -- Relocation -- Power -- Testing -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 10 Legal and Compliance Part 1 -- Legal Requirements and Unique Risks in the Cloud Environment -- Legal Concepts -- U.S. Laws -- International Laws -- Laws, Frameworks, and Standards Around the World -- The Difference Between Laws, Regulations and Standards -- Potential Personal and Data Privacy Issues in the Cloud Environment -- eDiscovery -- Forensic Requirements -- International Conflict Resolution -- Cloud Forensic Challenges -- Contractual and Regulated PII -- Direct and Indirect Identifiers -- Audit Processes, Methodologies, and Cloud Adaptations -- Virtualization -- Scope -- Gap Analysis -- Information Security Management Systems (ISMSs) -- The R.
ight to Audit in Managed Services -- Audit Scope Statements -- Policies -- Different Types of Audit Reports -- Auditor Independence -- AICPA Reports and Standards -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Chapter 11 Legal and Compliance Part 2 -- The Impact of Diverse Geographical Locations and Legal Jurisdictions -- Policies -- Implications of the Cloud for Enterprise Risk Management -- Choices Involved in Managing Risk -- Risk Management Frameworks -- Risk Management Metrics -- Contracts and Service-Level Agreements (SLAs) -- Business Requirements -- Cloud Contract Design and Management for Outsourcing -- Identifying Appropriate Supply Chain and Vendor Management Processes -- Common Criteria Assurance Framework (ISO/IEC 15408-1:2009) -- Cloud Computing Certification -- CSA Security, Trust, and Assurance Registry (STAR) -- Supply Chain Risk -- Summary -- Exam Essentials -- Written Labs -- Review Questions -- Appendix A Answers to the Review Questions -- Chapter 1: Architectural Concepts -- Chapter 2: Design Requirements -- Chapter 3: Data Classification -- Chapter 4: Cloud Data Security -- Chapter 5: Security in the Cloud -- Chapter 6: Responsibilities in the Cloud -- Chapter 7: Cloud Application Security -- Chapter 8: Operations Elements -- Chapter 9: Operations Management -- Chapter 10: Legal and Compliance Part 1 -- Chapter 11: Legal and Compliance Part 2 -- Appendix B Answers to the Written Labs -- Chapter 1 -- Chapter 2 -- Chapter 3 -- Chapter 4 -- Chapter 5 -- Chapter 6 -- Chapter 7 -- Chapter 8 -- Chapter 9 -- Chapter 10 -- Chapter 11 -- Index -- EULA -- .
