CCSP Cloud Security

Laten we beginnen. Het is Gratis
of registreren met je e-mailadres
CCSP Cloud Security Door Mind Map: CCSP Cloud Security

1. 1. Cloud Concepts, Architecture and Design

1.1. Mod 1. Cloud Computing concepts

1.1.1. Evolution of IT Service Maturation

1.1.1.1. 1970 - Big Infra, Thick Client Terminals, point to point network (decentralized), Tighly coupled apps

1.1.1.2. 1980 - Rise of Internet. Network latency/application timeouts (due tightly coupled apps), Business exploit WAN

1.1.1.3. 1990 - Wireless mobility, Thin Clients. virtualization, Cloud Computing

1.1.1.4. 2000 - Loosely coupled apps, Elastic and Scalable infra. Agile business, adoption of cloud, Data centric security model not infrastructure centric model

1.1.2. Cloud computing Characteristics (5)

1.1.2.1. Ondemand Self Service/ Scalability

1.1.2.2. Broad network access/ Mobility/Collaboration

1.1.2.3. Resource Pooling/Virtualization

1.1.2.4. Rapid Elasticity - dynamically changing needs

1.1.2.5. Measured Service/Cost Pay per usage/Opex not CapEx

1.1.2.6. Risk reduction - Test ideas before major investments in Technology

1.1.3. Technology Implementation options

1.1.3.1. Enterprise IT - - develop and impose IT Governance

1.1.3.2. Managed service provider - Compliance with enterprise imposed IT governance

1.1.3.3. CSP - acceptance of CSP IT policy (shared model)

1.1.4. Due Diligence

1.1.4.1. CSP, enterprise responsibilities & demarcation

1.1.4.2. CSP IT processes/procedures/operating environment compatible with enterprise

1.1.4.3. CSP infra compliant legal, regulatory, industry requirement

1.1.4.4. Have operational visibility and documentation for audit and security req.

1.1.5. Technology fundamental Services

1.1.5.1. Compute services - auto scaling

1.1.5.2. Storage Services

1.1.5.3. Network Services

1.1.6. CSP Structure

1.1.6.1. Data Centres (Physical)

1.1.6.2. Availability Zones - physical separate location within a region

1.1.6.3. Regions - two or more availability zones - Operational redundancy

1.1.7. Cloud Orchestration operational process, API = REST

1.2. Mod 2 Cloud Reference Architecture

1.2.1. ISO/IEC 17788 Cloud Service Capabilities

1.2.1.1. Software

1.2.1.2. Platform

1.2.1.3. Infrastructure

1.2.2. ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)

1.2.2.1. User View

1.2.2.1.1. Roles : CSC, CSP, CSN

1.2.2.2. Functional View

1.2.2.2.1. User, Access, Services, Resource Layer

1.2.2.3. Implementation View

1.2.2.4. Deployment View

2. 2. Cloud Goverence - Legal, Risk and Compliance

2.1. Mod 5 : Understand Implications of Cloud to Enterprise Risk management (Organisation change)

2.1.1. Data Owner /Controller & Data Custodian/Processor (GDPR)

2.1.2. Regulatory Transparency Requirement

3. 3. Cloud Data Security

3.1. Mod 1. Cloud Data Security Concepts

3.1.1. 6 Phases of Data Lifecycle

3.1.2. Location & Access

3.2. P240 Mod 2: Cloud Data Storage Architectures: Storage types (SSD, HDD), Threats, Data security controls, Data Archiving options

3.2.1. P241. IaaS (5 types) - Ephemeral (Non billable) , Raw, Long Term, Volume (Vmware VMFS, EBS), object (File share)

3.2.2. P242 PaaS (Database, Big data as a service)

3.2.3. P SaaS (Information Storage & Management, content/file storage/Content Delivery network (CDN)

3.2.4. P244: Threats to Cloud storage (Unauthorized usage, access, liability to reg compliance, DOS, Corruption, destruction, Data leakage, Threat, Malware, Improper Treatment/Sensitization after end of use

3.3. P245 Mod 3: Data Security Technologies and Strategies: Masking/ obfuscation, anonymization, tokenization, DLP arhitecture components/topologies

3.3.1. Data Masking/Obfuscation (Direct Identifiers)

3.3.2. Data Anonymization (Indirect Identifiers)

3.3.3. Tokenization as a service (Cloud)

3.3.3.1. Basic Tokenisation Architecture

3.3.4. Data Loss Prevention (DLP) : Stages 1. Discovery and Classification, 2 Monitoring, 3 Enforcement (Alert, log, block, Encrypt)

3.3.4.1. Architecture for Data in Motion (DIM) -http/https (decrypt)/SFTP, Data at Rest (DAR), Data in Use (DIU) - endpoint based

3.4. Symmetric

3.5. P254 Mod4 Cryptography*

3.5.1. Encryption Alogorithms

3.5.1.1. Asymetric/Public Key Infra (PKI)

3.5.1.2. Transparent encryption (DB)

3.5.1.3. Hashing

3.5.2. P260 Encryption Implementation

3.5.2.1. Data In motion (DIM)

3.5.2.2. Data at Rest (DAR)

3.5.2.3. Data in user (DIU)

3.5.3. P262 Cloud Encryption challenges

3.5.4. P263 Cloud Data Encryption Archiecture and Options (Data, Encryption : Engine, Keys) - IaaS, PaaS, SaaS

3.5.4.1. IaaS - Basic storage level, Volume, Object

3.5.4.2. Paas & SaaS - File-level, Application Level

3.5.4.3. Database - File Level, Transparent, Application Level, Proxy Level

3.5.5. P267 Encryption Key Management

3.5.5.1. Common challenges

4. 4. Cloud Platform & Infrastructure Security

5. 5. Cloud Application Security

6. 6. Cloud Security Operations

7. 0. Code of Ethics

7.1. Code of Ethics Premable

7.1.1. Safety & welfare - society, common good, principals, each other - adhere highest ethical behavior

7.1.2. Strict adherence to code

7.2. Code of Ethics Canons

7.2.1. Protect Society, common good, public trust & confidence ad infrastructure

7.2.2. Act Honorably, honestly, justly responsibly and legally

7.2.3. Provide diligent & competent service to principals

7.2.4. Advance & Protect the profession