CCSP – Certified Cloud Security Professional – Key Notes
Cloud Service Brokers: Facilitate easy cloud adoption, boost security, and provide extra services for efficient cloud management.
Cloud Regulators: Government entities overseeing policies, ensuring data protection, fostering fair competition, and maintaining trust in cloud services.
Cloud Product Vendors: Companies that develop and offer a diverse range of cloud-based solutions and services for businesses and individuals.
Cloud Service Providers (CSPs): Organizations operating extensive data centers, delivering a broad spectrum of cloud services including computing, storage, networking, databases, and applications.
Failover Mechanism: Essential for seamless transitions between primary and DR sites during disasters.
Multiple Internet Providers: Recommended for accessing the public cloud, contributing to robust network and cloud architecture.
Hypervisors: While different types may exist in a cloud data center, having numerous hypervisors doesn’t guarantee smooth transitions to DR sites.
Web API (Application Programming Interface): Software facilitating functionality between websites, enabling seamless interaction and data exchange.
RPO (Recovery Point Objective): Defines the allowable data loss after a disaster, indicating the amount of data that can be lost in a specific time unit.
RTO (Recovery Time Objective): The time it takes to recover and restore functionality after declaring a disaster, even if full normal conditions are not reached by the end of the RTO.
RSL (Recovery Service Level): Specifies the minimum functionality level that must be achieved by the end of the RTO, often expressed as a percentage of normal operations.
MTR (Mean Time to Repair): The average time required to fix or replace something, such as replacing a drive in a server, helping measure system reliability and maintenance efficiency.
Cloud DRM (Digital Rights Management): Offers features like auditing, expiration, policy control, and protection, allowing control over shared video files, often referred to as Information Rights Management (IRM).
Cloud DLP (Data Loss Prevention): Controls data flow and prevents inappropriate transmissions, such as restricting the sending of classified files in emails.
Cloud IDS (Intrusion Detection System): Analyzes traffic for malicious transmissions, focusing on identifying and blocking activities from bad actors, not concerned with regulating useful data flows or access permissions.
Authentic: Evidence must be real and relevant to the incident under investigation.
Accurate: Evidence should be unquestionably truthful and free from tampering, ensuring integrity.
Complete: The entirety of relevant evidence should be presented without omissions, even if inconvenient.
Convincing: Evidence should support specific facts or conclusions, aiding in establishing a case.
Admissible: Evidence must meet legal standards for court acceptance, avoiding illegally collected or inappropriate materials.
SOX: Protects shareholders, holds CEOs accountable for accurate financial reporting.
Basel III: European banking regulation.
FISMA: U.S. government act for information security in agencies.
SOC 1® Type II: AICPA audit on controls at service organizations; no defined timeframe.
Reservations: Guarantee minimum resources for a cloud customer, protecting against resource overuse by others in a shared environment.
Limit: Sets the maximum resource usage for VMs, applications, or containers, preventing financial strain in case of attacks.
Pooling: Collection of resources (CPU, memory, storage, network) for VMs, applications, etc., shared among tenants on a single server.
Shares: Remaining resources in the pool after reservations are allocated.
Incident Management: Procedures for identifying, responding to, and resolving incidents to minimize business impact.
Change Management: Processes to control and manage changes to the IT environment in a systematic way.
Problem Management: Systematic identification, investigation, and resolution of recurring incidents and problems.
Configuration Management: Management and documentation of configuration items to ensure accurate and reliable infrastructure.
Release Management: Planning, testing, and deploying software releases efficiently and with minimal risk.
Service Level Management: Definition, monitoring, and management of service levels to meet business requirements.
Availability Management: Ensuring IT services are available to meet agreed-upon levels, including disaster recovery planning.
Capacity Management: Planning and monitoring of IT resources to ensure optimal performance and scalability.
Security Management: Implementation of measures to protect information assets and ensure data confidentiality, integrity, and availability.
Continual Service Improvement: Ongoing efforts to enhance the quality and efficiency of IT services.
Deployment Management: Planning and coordination of software or hardware deployments to ensure smooth and controlled implementation without disrupting existing services.
Obfuscation: A technique that conceals sensitive information, employing encryption, tokenization, and masking to safeguard data integrity and privacy.
DLP (Data Loss Prevention): A tool designed to control data transmission, ensuring it is not used inappropriately. It also analyzes server data, verifying the legitimacy of stored information, but may fall short in securing data during transit from server to client.
DNS (Domain Name System): Primarily functioning as a name-to-IP address lookup, DNS lacks inherent security for the transmission of data across a network.
Fibre Channel: As a Storage Area Network (SAN) technology, Fibre Channel does not possess built-in security. However, encryption on the SAN is achievable through the Fibre Channel Security Protocol (FC-SP-2) using Encapsulating Security Protocol (ESP).
TLS (Transport Layer Security): Positioned as an additional option for securing data transmission, TLS plays a crucial role in enhancing communication security over a network.
Identification: Establishing a unique user identity within a specific context.
Authentication: Verifying the claimed identity to ensure the user is genuine, often involving passwords or biometrics.
Authorization: Specifying the level of privileges a user has, determining access rights based on their authenticated identity.
Accountability: Tracking and logging user actions for auditability, establishing responsibility for activities within a system.
OpenID: Manages identification and authentication.
Auth: Handles authorization by specifying user privileges.
SAML and WS-Federation: Protocols for identification and authentication.
Combining Protocols: Combining OpenID with SAML or WS-Federation alone doesn’t provide a complete solution.
Comprehensive Solution: To meet the scenario’s needs, both authentication and authorization are essential.
GDPR (General Data Protection Regulation):
EU law ensuring global protection of personal data within the EU.
Applies to corporations worldwide collecting and storing personal data.
HIPAA (Health Insurance Portability and Accountability Act):
U.S. law focusing on safeguarding Protected Health Information (PHI).
Ensures protection of health-related data within the United States.
APEC (Asia-Pacific Economic Cooperation):
Agreement among 21 Pacific Ocean economies.
Designed to promote free trade and cooperation.
PCI-DSS (Payment Card Industry Data Security Standard):
Standard set by payment card providers.
Requires a specific level of information security for systems handling credit card data.
Shredding: This method involves physically breaking down paper documents or hard drives into tiny pieces, making it nearly impossible to reconstruct the information. It’s effective for paper documents, hard drives, and other physical storage media.
Degaussing: Degaussing uses a high-powered magnet to scramble the data on magnetic storage media, such as hard drives or tapes, rendering the data unreadable. This method is specific to magnetic media and won’t work on solid-state drives or non-magnetic storage.
Incineration: This is the process of burning materials to ash. Incineration is effective for completely destroying paper documents and can also be used for some types of electronic media. However, it’s a method that requires specific facilities and is less environmentally friendly.
