SlideShare a Scribd company logo

CCSP Official Review Notes - 2019 version by Ben.pptx

Download as PPTX, PDF
N
noob95

CCSP

Technology
1 of 19
CCSP Review Notes - Topics • IAM phases • REST vs. SOAP • Vendor lock-in; what causes it, how to avoid • Cryptographic erasure • Virtualization – Type I and II hypervisors • OWASP Top 10 • Cloud Security Alliance – CSTAR – CCM • Bit splitting • Data Dispersion
CCSP Review Notes - Topics • SLAs • SPOFs • Uptime Institute’s Tier levels for data centers • PCI • SOC I, II (Types 1 and 2), and III • Common Criteria • FIPS 140-2 Security Levels • DLP • Homomorphic encryption • HIPAA • ONF/ANF
CCSP Review Notes - Topics Mentioned by Former Students • SAML • Federated identity
From My Exam Experience • GDPR geographical location operation(inside and Outside) • Supervisory authorities like Data custodian, Data Processor etc… • Privacy Shield – how it operates • Cluster Storage – Tightly and Loosely coupled, performance • Object File Risks • SIEM – methods and operation and where we can place • SDLC – full process and their individual phase operations • Audit – Design and Process • What to put into Contract for particular Industry, Regulations, PCI, HIPPA to help both provider and customer • BC/DR,RTO and RPO full process • Sandboxing – where we can use and purpose • Vendor Lock in • SAST and DAST – full process and how it will use in the cloud like code review etc.. • FIPS-140 – Protection phases • 2factor authentication methods
To be strong and Need depth Knowledge and Practice • GDPR notifications • Data Protection officers • Supervisory authentication • Privacy Shield • Cluster storage • Object file Risks • SIEM • SDLC
To be strong and Need depth Knowledge and Practice • Audit Design and Process • What to put into contracts for particular Industry, regulations, PCI Dss, HIPAA • BC/DR • RPO • RTO • RSL • Recoverability • Sandboxing • Vendor lock in • SLA vs Contract differences and who made that what
To be strong and Need depth Knowledge and Practice • SAST individual phases of operation • DAST individual phases of operation • FIPS Module level protections • Cloud Provider roles – operation manager, Service manager etc… • CASB • KVM operation and Risks • Incident management • Forensic data collection and risks in cloud
To be strong and Need depth Knowledge and Practice • IPS • IDS • HIDS • NIDS • DLP and phases like DIU, DIT, Data in Motion • Tokenization • Masking • Anonimyzation • DNSSEC • VPN • TLS • IPsec
To be strong and Need depth Knowledge and Practice • CIA Tried – how it works and where we apply all three • SDN network – Northbound and South bound communication, Logical segmentation • Bastion network • Audit, Auditability • Laws and Regulation, Governance • STRIDE – what is it in each level • Dos and DDoS – scenarios • Interoperability • Portability
To be strong and Need depth Knowledge and Practice • XML – full details like operation, who uses, where used • SOC(SASE 18) – all 3 type of reports and function and where we can use that • Limits • Shares • Reservation • Training phases and where are all we can use • Optimization Resources
To be strong and Need depth Knowledge and Practice • Cost Benefit Analysis • Storage type – Volume, Object, Structure and Unstructured • Gap Analysis • Data Owner, Data Subject, Data Processor, Data Custodian • Multitendency and risks – in all aspects like deployment model, service model, Audit, Goverance, Data storage, Security etc… • Key Cloud Characteristics • Orchestration or Automation • CSP categories – Service and Deployment models
To be strong and Need depth Knowledge and Practice • Cloud Risk and Analysis method/phases • Privacy • Secure APIs • API – communication, Protocol, Encryption types • Hypervisor Security • Guest Escape • Data & Media Sanitization • CDN networks
To be strong and Need depth Knowledge and Practice • Hashing – know more about where and how it will be using • Containers • Supplier risk – How provider manages the supplier like Staragic, Operational etc… • CSA CCM – Domains and mappings and Why it uses • OWASP – Occurring types, how to prevention
CCSP Review Notes - Sources • Cloud Security Alliance: https://cloudsecurityalliance.org/artifacts/security-guidance-v4/ • NIST • SANS • ISC2/BrightTalk/ThinkTank • bitglass • https://www.transcender.com/certprep/isc2.kap • https://docs.aws.amazon.com/quickstart/latest/vpc/images/quickstart- vpc-design-fullscreen.png • https://aws.amazon.com/marketplace/ • www.reddit.com/r/ccsp • https://docs.google.com/document/d/1ANljKA7TIJanZBGBwhNKMuRZXKT EagX-xk7CrodEgkE/edit?usp=sharing
CCSP Review Notes - Sources • Preparation Guide for ISC2 Certified Cloud Security Professional (CCSP) Certification: https://stanislas.io/2018/07/12/preparation-guide-for-isc2- certified-cloud-security-professional-ccsp-certification/
Earn CPEs Free webcasts - Hosted by ISC2 - Via groups on LinkedIn Write exam questions: https://www.isc2.org/Member-Resources/Exam-Development Magazine Questions: Information Security Professional Magazine, every other month Free podcasts - “Down the Security Rabbithole” - “The Sensuous Of INFOSEC” Listservs - ACM TechNews - SANS NewsBytes - Bruce Schneier’s Crypto-Gram - https://www.schneier.com/crypto-gram/
Quizlet content: “Official (ISC)2 CCSP - Domain X: YYYYYY”
• Ben Malisow • ben@benmalisow.com • securityzed.com

Recommended

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itHentsū
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?John Kinsella
 
SIEM.pdf
SIEM.pdfSIEM.pdf
SIEM.pdfssuser0c1819
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoringMoshe Ferber
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology PillarsPriyanka Aash
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 

Recommended

security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itHentsū
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?John Kinsella
 
SIEM.pdf
SIEM.pdfSIEM.pdf
SIEM.pdfssuser0c1819
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoringMoshe Ferber
 
ATP Technology Pillars
ATP Technology PillarsATP Technology Pillars
ATP Technology PillarsPriyanka Aash
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
Cloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challengesCloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challengesVaibhav Khanna
 
Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfChinatu Uzuegbu
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60PolarSeven Pty Ltd
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Amy Nicewick, CISSP, CCSP, CEH
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptxirfanullahkhan64
 
Rubik cloud risks-jun2012
Rubik cloud risks-jun2012Rubik cloud risks-jun2012
Rubik cloud risks-jun2012Shelf Companies Aust
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing OverviewManju Srinivas
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcDataTactics
 
SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxFarzanMansoor1
 
Is Your Data Secure
Is Your Data SecureIs Your Data Secure
Is Your Data SecureReal-Time Innovations (RTI)
 
Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Getting value from IoT, Integration and Data Analytics
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Steve Markey
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

More Related Content

Similar to CCSP Official Review Notes - 2019 version by Ben.pptx

Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
Cloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challengesCloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challengesVaibhav Khanna
 
Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfChinatu Uzuegbu
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60PolarSeven Pty Ltd
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptxirfanullahkhan64
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing OverviewManju Srinivas
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcDataTactics
 
SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxFarzanMansoor1
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCSA Argentina
 
Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Steve Markey
 

Similar to CCSP Official Review Notes - 2019 version by Ben.pptx (20)

Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Cloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challengesCloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challenges
 
Securing The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdfSecuring The Clouds with The Standard Best Practices-1.pdf
Securing The Clouds with The Standard Best Practices-1.pdf
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computing
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptx
 
Rubik cloud risks-jun2012
Rubik cloud risks-jun2012Rubik cloud risks-jun2012
Rubik cloud risks-jun2012
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtc
 
SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptx
 
Is Your Data Secure
Is Your Data SecureIs Your Data Secure
Is Your Data Secure
 
Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25
 
Csa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionalsCsa summit who can protect us education for cloud security professionals
Csa summit who can protect us education for cloud security professionals
 
Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1Securing_Native_Big_Data_v1
Securing_Native_Big_Data_v1
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

CCSP Official Review Notes - 2019 version by Ben.pptx

  • 1. CCSP Review Notes - Topics • IAM phases • REST vs. SOAP • Vendor lock-in; what causes it, how to avoid • Cryptographic erasure • Virtualization – Type I and II hypervisors • OWASP Top 10 • Cloud Security Alliance – CSTAR – CCM • Bit splitting • Data Dispersion
  • 2. CCSP Review Notes - Topics • SLAs • SPOFs • Uptime Institute’s Tier levels for data centers • PCI • SOC I, II (Types 1 and 2), and III • Common Criteria • FIPS 140-2 Security Levels • DLP • Homomorphic encryption • HIPAA • ONF/ANF
  • 3. CCSP Review Notes - Topics Mentioned by Former Students • SAML • Federated identity
  • 4. From My Exam Experience • GDPR geographical location operation(inside and Outside) • Supervisory authorities like Data custodian, Data Processor etc… • Privacy Shield – how it operates • Cluster Storage – Tightly and Loosely coupled, performance • Object File Risks • SIEM – methods and operation and where we can place • SDLC – full process and their individual phase operations • Audit – Design and Process • What to put into Contract for particular Industry, Regulations, PCI, HIPPA to help both provider and customer • BC/DR,RTO and RPO full process • Sandboxing – where we can use and purpose • Vendor Lock in • SAST and DAST – full process and how it will use in the cloud like code review etc.. • FIPS-140 – Protection phases • 2factor authentication methods
  • 5. To be strong and Need depth Knowledge and Practice • GDPR notifications • Data Protection officers • Supervisory authentication • Privacy Shield • Cluster storage • Object file Risks • SIEM • SDLC
  • 6. To be strong and Need depth Knowledge and Practice • Audit Design and Process • What to put into contracts for particular Industry, regulations, PCI Dss, HIPAA • BC/DR • RPO • RTO • RSL • Recoverability • Sandboxing • Vendor lock in • SLA vs Contract differences and who made that what
  • 7. To be strong and Need depth Knowledge and Practice • SAST individual phases of operation • DAST individual phases of operation • FIPS Module level protections • Cloud Provider roles – operation manager, Service manager etc… • CASB • KVM operation and Risks • Incident management • Forensic data collection and risks in cloud
  • 8. To be strong and Need depth Knowledge and Practice • IPS • IDS • HIDS • NIDS • DLP and phases like DIU, DIT, Data in Motion • Tokenization • Masking • Anonimyzation • DNSSEC • VPN • TLS • IPsec
  • 9. To be strong and Need depth Knowledge and Practice • CIA Tried – how it works and where we apply all three • SDN network – Northbound and South bound communication, Logical segmentation • Bastion network • Audit, Auditability • Laws and Regulation, Governance • STRIDE – what is it in each level • Dos and DDoS – scenarios • Interoperability • Portability
  • 10. To be strong and Need depth Knowledge and Practice • XML – full details like operation, who uses, where used • SOC(SASE 18) – all 3 type of reports and function and where we can use that • Limits • Shares • Reservation • Training phases and where are all we can use • Optimization Resources
  • 11. To be strong and Need depth Knowledge and Practice • Cost Benefit Analysis • Storage type – Volume, Object, Structure and Unstructured • Gap Analysis • Data Owner, Data Subject, Data Processor, Data Custodian • Multitendency and risks – in all aspects like deployment model, service model, Audit, Goverance, Data storage, Security etc… • Key Cloud Characteristics • Orchestration or Automation • CSP categories – Service and Deployment models
  • 12. To be strong and Need depth Knowledge and Practice • Cloud Risk and Analysis method/phases • Privacy • Secure APIs • API – communication, Protocol, Encryption types • Hypervisor Security • Guest Escape • Data & Media Sanitization • CDN networks
  • 13. To be strong and Need depth Knowledge and Practice • Hashing – know more about where and how it will be using • Containers • Supplier risk – How provider manages the supplier like Staragic, Operational etc… • CSA CCM – Domains and mappings and Why it uses • OWASP – Occurring types, how to prevention
  • 14. CCSP Review Notes - Sources • Cloud Security Alliance: https://cloudsecurityalliance.org/artifacts/security-guidance-v4/ • NIST • SANS • ISC2/BrightTalk/ThinkTank • bitglass • https://www.transcender.com/certprep/isc2.kap • https://docs.aws.amazon.com/quickstart/latest/vpc/images/quickstart- vpc-design-fullscreen.png • https://aws.amazon.com/marketplace/ • www.reddit.com/r/ccsp • https://docs.google.com/document/d/1ANljKA7TIJanZBGBwhNKMuRZXKT EagX-xk7CrodEgkE/edit?usp=sharing
  • 15. CCSP Review Notes - Sources • Preparation Guide for ISC2 Certified Cloud Security Professional (CCSP) Certification: https://stanislas.io/2018/07/12/preparation-guide-for-isc2- certified-cloud-security-professional-ccsp-certification/
  • 16. Earn CPEs Free webcasts - Hosted by ISC2 - Via groups on LinkedIn Write exam questions: https://www.isc2.org/Member-Resources/Exam-Development Magazine Questions: Information Security Professional Magazine, every other month Free podcasts - “Down the Security Rabbithole” - “The Sensuous Of INFOSEC” Listservs - ACM TechNews - SANS NewsBytes - Bruce Schneier’s Crypto-Gram - https://www.schneier.com/crypto-gram/
  • 17. Quizlet content: “Official (ISC)2 CCSP - Domain X: YYYYYY”
  • 18.
  • 19. • Ben Malisow • ben@benmalisow.com • securityzed.com