Leslie Fife - The Official (ISC)2 CCSP CBK Reference

Здесь есть возможность читать онлайн «Leslie Fife - The Official (ISC)2 CCSP CBK Reference» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

The Official (ISC)2 CCSP CBK Reference: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «The Official (ISC)2 CCSP CBK Reference»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

The only official body of knowledge for CCSP—the most popular cloud security credential—fully revised and updated. Certified Cloud Security Professional (CCSP) certification validates the advanced technical skills needed to design, manage, and secure data, applications, and infrastructure in the cloud. This highly sought-after global credential has been updated with revised objectives. The new third edition of
is the authoritative, vendor-neutral common body of knowledge for cloud security professionals. 
This comprehensive resource provides cloud security professionals with an indispensable working reference to each of the six CCSP domains: Cloud Concepts, Architecture, and Design; Cloud Data Security; Cloud Platform and Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk, and Compliance. Detailed, in-depth chapters contain the accurate information required to prepare for and achieve CCSP certification. Every essential area of cloud security is covered, including implementation, architecture, operations, controls, and immediate and long-term responses.
Developed by (ISC)2, the world leader in professional cybersecurity certification and training, this indispensable guide:
Covers the six CCSP domains and over 150 detailed objectives Provides guidance on real-world best practices and techniques Includes illustrated examples, tables, diagrams and sample questions
is a vital ongoing resource for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration.

The Official (ISC)2 CCSP CBK Reference — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «The Official (ISC)2 CCSP CBK Reference», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Auditability

A cloud solution needs to be auditable. This is an independent examination of the cloud services controls, with the expression of an opinion on their function with respect to their purpose. Are the controls properly implemented? Are the controls functioning and achieving their goal? These are the questions of an auditor.

A CSP will rarely allow a customer to perform on audit on their controls. Instead, independent third parties will perform assessments that are provided to the customer. Some assessments require a nondisclosure agreement (NDA), and others are publicly available. These include SOC reports, vulnerability scans, and penetration tests.

Regulatory

Proper oversight and auditing of a CSP makes regulatory compliance more manageable. A regulatory environment is one where a principle or rule controls or manages an organization. Governance of the regulatory environment is the implementation of policies, procedures, and controls that assist an organization in meeting regulatory requirements.

One form of regulations are those governmental requirements that have the force of law. The Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX) in the United States, and GDPR in the European Union are examples of laws that are implemented through regulations and have the force of law. If any of these apply to an organization, governance will put a framework in place to ensure compliance with these regulations.

Another form of regulations is those put in place through contractual requirements. An SLA takes the form of a contractual obligation as do the rules associated with credit and debit cards through the Payment Card Industry Data Security Standard (PCI DSS). Enforcement of contractual rules can be through the civil courts governing contracts. Governance must again put in place the framework to ensure compliance.

A third form of regulations is found through standards bodies like International Organization for Standardization (ISO) and NIST as well as nongovernmental groups such as the Cloud Security Alliance and the Center for Internet Security. These organizations make recommendations and provide best practices in the governance of security and risk. These support improved security and risk management. While this form of regulation does not usually have the force of law, an organization or industry may voluntarily choose to be regulated by a specific set of guidelines. For example, U.S. federal agencies are required to follow NIST requirements. If an organization or industry chooses to follow a set of guidelines under ISO, NIST, or other group, they must put the governance framework in place to ensure compliance. While often voluntary, once an organization chooses to follow these guidelines, the governance process ensures the organization complies with these regulations.

Impact of Related Technologies

The technologies in this section may be termed transformative technologies . Without them, the cloud computing still works and retains its benefits. These transformative technologies either improves your capabilities in the cloud or expands the capabilities and benefits of cloud computing. In the following sections, the specific use cases for the technology will be described.

Machine Learning

Machine learning (ML) is a key component of artificial intelligence (AI) and is becoming more widely used in the cloud. Machine learning creates the ability for a solution to learn and improve without the use of additional programming. Many of the CSPs provide ML tools. There is some concern and regulatory movement when ML makes decisions about individuals without the involvement of a person in the process.

The availability of large amounts of inexpensive data storage coupled with vast amounts of computing power increases the effectiveness of ML. A data warehouse, or even a data lake, can hold amounts of data that could not be easily approached before. ML tools can mine this data for answers to questions that could not be asked before because of the computing power required. This capability has the potential to transform how we use data and the answers we can extract from our data.

The security concern has to do with both the data and the processing. If all of your data is available in one large data lake, access to the data must be tightly controlled. If your data store is breached, all of your data is at risk. Controls to protect the data at rest and access to this data are crucial to make this capability safe for use.

The other concern is with how the data is used. More specifically, how will it impact the privacy of the individuals whose data is in the data store? Will questions be asked where the answers can be used to discriminate against groups of people with costly characteristics? Might insurance companies refuse to cover individuals when the health history of their entire family tree suggests they are an even greater risk than would be traditionally believed?

Governmental bodies and Non-Governmental Organizations (NGOs) are addressing these concerns to some degree. For example, Article 22 of the EU GDPR has a prohibition on automated decision-making, which often involves ML, when that decision is made without human intervention if the decision has a significant impact on the individual. For example, a decision on a mortgage loan could involve ML. The final loan decision cannot be made by the ML solution. A human must review the information and make the final decision.

Artificial Intelligence

Machine learning is not the only AI technology. The goal of AI is to create a machine that has the capabilities of a human and cannot be distinguished from a human. It is possible that AI could create intelligent agents online that are indistinguishable to human agents. This has the potential to impact the workforce, particularly in the lower skill areas. There is also concern about how agents could be manipulated to affect consumer behavior and choices. An unethical individual could use these tools to impact humanity. Safeguards in the technology and legal protections will need to be in place to protect the customers.

With the vast amount of data in the cloud, the use of AI is a security and privacy concern beyond the data mining and decision-making of ML. This greater ability to aggregate and manipulate data through the tools created through AI research creates growing concerns over security and privacy of that data and the uses that will be devised for this data.

These concerns and trends will continue to be important over the next several years.

Blockchain

Blockchain is similar to cloud computing, with some significant differences. A blockchain is an open distributed ledger of transactions, often financial, between two parties. This transaction is recorded in a permanent and verifiable manner. The records, or blocks , are linked cryptographically and are distributed across a set of computers, owned by a variety of entities.

Blockchain provides a secure way to perform anonymous transactions that also maintain nonrepudiation. The ability to securely store a set of records across multiple servers, perhaps in different CSPs or on-premise, could lead to new and powerful storage approaches. Any data transaction would be committed to the chain and could be verifiable and secure. Blockchain technology pushes the boundaries of cryptographic research in ways that support secure distributed computing.

In cloud computing, the data may be owned by a single entity. But, the ability to securely store this data across CSPs would open new storage methods and would lead to less vendor lock-in. Each data node could be in any location, on any server, within any CSP or on-premise, where each node in the data chain is not important. While not every record in the cloud is the result of a financial transaction, all data records are the result of some transaction.

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «The Official (ISC)2 CCSP CBK Reference»

Представляем Вашему вниманию похожие книги на «The Official (ISC)2 CCSP CBK Reference» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «The Official (ISC)2 CCSP CBK Reference»

Обсуждение, отзывы о книге «The Official (ISC)2 CCSP CBK Reference» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x