CCSP Cloud Security

Laten we beginnen. Het is Gratis
of registreren met je e-mailadres
CCSP Cloud Security Door Mind Map: CCSP Cloud Security

1. 1. Cloud Concepts, Architecture and Design

1.1. Mod 1. Cloud Computing concepts

1.1.1. Evolution of IT Service Maturation 1970 - Big Infra, Thick Client Terminals, point to point network (decentralized), Tighly coupled apps 1980 - Rise of Internet. Network latency/application timeouts (due tightly coupled apps), Business exploit WAN 1990 - Wireless mobility, Thin Clients. virtualization, Cloud Computing 2000 - Loosely coupled apps, Elastic and Scalable infra. Agile business, adoption of cloud, Data centric security model not infrastructure centric model

1.1.2. Cloud computing Characteristics (5) Ondemand Self Service/ Scalability Broad network access/ Mobility/Collaboration Resource Pooling/Virtualization Rapid Elasticity - dynamically changing needs Measured Service/Cost Pay per usage/Opex not CapEx Risk reduction - Test ideas before major investments in Technology

1.1.3. Technology Implementation options Enterprise IT - - develop and impose IT Governance Managed service provider - Compliance with enterprise imposed IT governance CSP - acceptance of CSP IT policy (shared model)

1.1.4. Due Diligence CSP, enterprise responsibilities & demarcation CSP IT processes/procedures/operating environment compatible with enterprise CSP infra compliant legal, regulatory, industry requirement Have operational visibility and documentation for audit and security req.

1.1.5. Technology fundamental Services Compute services - auto scaling Storage Services Network Services

1.1.6. CSP Structure Data Centres (Physical) Availability Zones - physical separate location within a region Regions - two or more availability zones - Operational redundancy

1.1.7. Cloud Orchestration operational process, API = REST

1.2. Mod 2 Cloud Reference Architecture

1.2.1. ISO/IEC 17788 Cloud Service Capabilities Software Platform Infrastructure

1.2.2. ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA) User View Roles : CSC, CSP, CSN Functional View User, Access, Services, Resource Layer Implementation View Deployment View

2. 2. Cloud Goverence - Legal, Risk and Compliance

2.1. Mod 5 : Understand Implications of Cloud to Enterprise Risk management (Organisation change)

2.1.1. Data Owner /Controller & Data Custodian/Processor (GDPR)

2.1.2. Regulatory Transparency Requirement

3. 3. Cloud Data Security

3.1. Mod 1. Cloud Data Security Concepts

3.1.1. 6 Phases of Data Lifecycle

3.1.2. Location & Access

3.2. P240 Mod 2: Cloud Data Storage Architectures: Storage types (SSD, HDD), Threats, Data security controls, Data Archiving options

3.2.1. P241. IaaS (5 types) - Ephemeral (Non billable) , Raw, Long Term, Volume (Vmware VMFS, EBS), object (File share)

3.2.2. P242 PaaS (Database, Big data as a service)

3.2.3. P SaaS (Information Storage & Management, content/file storage/Content Delivery network (CDN)

3.2.4. P244: Threats to Cloud storage (Unauthorized usage, access, liability to reg compliance, DOS, Corruption, destruction, Data leakage, Threat, Malware, Improper Treatment/Sensitization after end of use

3.3. P245 Mod 3: Data Security Technologies and Strategies: Masking/ obfuscation, anonymization, tokenization, DLP arhitecture components/topologies

3.3.1. Data Masking/Obfuscation (Direct Identifiers)

3.3.2. Data Anonymization (Indirect Identifiers)

3.3.3. Tokenization as a service (Cloud) Basic Tokenisation Architecture

3.3.4. Data Loss Prevention (DLP) : Stages 1. Discovery and Classification, 2 Monitoring, 3 Enforcement (Alert, log, block, Encrypt) Architecture for Data in Motion (DIM) -http/https (decrypt)/SFTP, Data at Rest (DAR), Data in Use (DIU) - endpoint based

3.4. Symmetric

3.5. P254 Mod4 Cryptography*

3.5.1. Encryption Alogorithms Asymetric/Public Key Infra (PKI) Transparent encryption (DB) Hashing

3.5.2. P260 Encryption Implementation Data In motion (DIM) Data at Rest (DAR) Data in user (DIU)

3.5.3. P262 Cloud Encryption challenges

3.5.4. P263 Cloud Data Encryption Archiecture and Options (Data, Encryption : Engine, Keys) - IaaS, PaaS, SaaS IaaS - Basic storage level, Volume, Object Paas & SaaS - File-level, Application Level Database - File Level, Transparent, Application Level, Proxy Level

3.5.5. P267 Encryption Key Management Common challenges

4. 4. Cloud Platform & Infrastructure Security

5. 5. Cloud Application Security

6. 6. Cloud Security Operations

7. 0. Code of Ethics

7.1. Code of Ethics Premable

7.1.1. Safety & welfare - society, common good, principals, each other - adhere highest ethical behavior

7.1.2. Strict adherence to code

7.2. Code of Ethics Canons

7.2.1. Protect Society, common good, public trust & confidence ad infrastructure

7.2.2. Act Honorably, honestly, justly responsibly and legally

7.2.3. Provide diligent & competent service to principals

7.2.4. Advance & Protect the profession