site at www.wiley.com
.
Library of Congress Control Number: 2021934228
TRADEMARKS: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. (ISC)2, CCSP, and CBK are service marks or registered trademarks of Information Systems Security Certification Consortium, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Cover Design: Wiley and (ISC)2
Acknowledgments
First and foremost, we offer our deepest appreciation to our spouses, children, and families. Their support and understanding during the long hours of writing and review gave us the time necessary to create this book. This book would not have been possible without our wonderful families.
We would also like to express our appreciation to (ISC)2 for providing the CCSP certification and these certification preparation materials. We are excited to be part of this transformative growth and development of secure cloud computing in the world today.
We would also like to thank John Wiley & Sons, and associate publisher Jim Minatel for entrusting us with the role of creating this study guide. We wish to thank Aaron Kraus for his review and input on the work of other sections, and our technical editor Raven Sims, whose attention to detail made this book so much better. Thanks also goes to project editor Kelly Talbot, content refinement specialist Saravanan Dakshinamurthy, copy editor Kim Wimpsett, and the entire team at Wiley for their guidance and assistance in making this book. We'd also like to thank all of our colleagues and experts who consulted with us while writing this book. You are too many to name here, but we are grateful for your suggestions and contributions.
More than anyone else, we would like to thank our readers. We are grateful for the trust you have placed in us to help you study for the exam.
—The Authors
About the Authors
Leslie D. Fife, CISSP-ISSMP, CCSP, C|CISO, CISA, CISM, CRISC, GDAT, GCED, CBCP, CIPM (and more than 20 other certifications), has more than 40 years of experience in information technology, cybersecurity, and risk management. He is currently an information security risk manager for the Church of Jesus Christ of Latter-day Saints, an assistant professor of practice at Southern Illinois University Carbondale, and an adjunct at the University of Utah. He is also a commissioner for the Computing Accreditation Commission of ABET. His career includes the U.S. Navy submarine service, software development in the defense industry and the oil and gas field service industry, incident response and business continuity in the financial services sector, as well as 22 years as a professor of computer science. He has a PhD in computer science from the University of Oklahoma.
Aaron Kraus, CCSP, CISSP, is an information security professional with more than 15 years of experience in security risk management, auditing, and teaching information security topics. He has worked in security and compliance roles across industries including U.S. federal government civilian agencies, financial services, and technology startups, and he is currently the security engagement manager at Coalition, Inc., a cyber risk insurtech company. His experience includes creating alignment between security teams and the organizations they support, by evaluating the unique threat landscape facing each organization and the unique objectives each organization is pursuing to deliver a balanced, risk-based security control program. As a consultant to a financial services firm he designed, executed, and matured the third-party vendor audit programs to provide oversight of key compliance initiatives, and he led the global audit teams to perform reviews covering physical security, logical security, and regulatory compliance. Aaron is a course author, instructor, and cybersecurity curriculum dean with more than 13 years of experience at Learning Tree International, and he most recently taught the Official (ISC)2 CISSP CBK Review Seminar. He has served as a technical editor for numerous Wiley publications including (ISC)2 CCSP Certified Cloud Security Professional Official Study Guide, 2nd Edition; CCSP Official (ISC)2 Practice Tests, 1st Edition; The Official (ISC)2 Guide to the CISSP CBK Reference, 5th Edition; and (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests, 2nd Edition.
Bryan Lewis, EdD, currently serves as an assistant dean and IT area lecturer for the McIntire School of Commerce at the University of Virginia. Certified as both a CISSP and CCSP, he has extensive experience with cybersecurity operations, research, and instruction in both the public and private sectors. Prior to joining the McIntire School, Dr. Lewis served as a company officer and principal for an audio visual and telecommunications design, engineering, and manufacturing company. His past experience includes large-scale network infrastructure and secure system design, deployments, and migrations, including secure distance-based learning and collaborative space design. He currently serves as a lecturer on network, data, and cloud security with a focus on defensive technologies, secure communications, and the business impacts of information security in the graduate and undergraduate curricula. His primary consulting interests focus on distance learning design, large-scale visualization, information security in the public sector, and collaborative space design projects.
About the Technical Editor
Raven Sims, CISSP, CCSP, SSCP, is a space systems senior principal cyber architect in the Strategic Deterrent division of a notable defense contractor. In this role, Sims has responsibility for the division's cyber architecture within the weapon system command-and-control business portfolio, including full-spectrum cyber, cloud computing, as well as mission-enabling cyber solutions supporting domestic and international customers. Most recently, Sims was a cyber architect of the Department of Justice (DoJ) Cybersecurity Services (CSS) team in providing cloud security guidance to all 14+ DoJ components. She was responsible for designing, deploying, and maintaining enterprise-class security, network, and systems management applications within an Amazon Web Services (AWS) and Azure environment. Within this role, she led incident response guidance for the DoJ as it pertained to securing the cloud and how to proactively respond to events within their cloud infrastructure. Sims has held business development, functional, and program positions of increasing responsibility in multiple sectors of the company. Her program experience includes government and international partnerships. Sims earned a bachelor's degree in computer science from Old Dominion University in Norfolk, Virginia, and a master's degree in technology management from Georgetown University in Washington, D.C. She is now pursuing a doctoral degree from Dakota State University in cyber operations. She serves on the board of directors of FeedTheStreetsRVA (FTSRVA); is a member of Society of Women Engineers (SWE) and Zeta Phi Beta Sorority, Inc.; and is the owner of Sims Designs. Sims is nationally recognized for her advancements in cyber and mission solutions as an awardee of the 2019 Black Engineer of the Year (BEYA): Modern Day Technology Award, and UK Cybercenturion awards.
Foreword to the Third Edition
EARNING THE GLOBALLY RECOGNIZED CCSP® cloud security certification is a proven way to build your career and better secure critical assets in the cloud. Whether you are picking up this book to supplement your preparation to sit for the exam or you are an existing CCSP using this as a desk reference, you'll find the Official (ISC)2 Guide to the CCSP CBK to be the perfect primer on the cloud security topics covered in the CCSP CBK.
Cloud computing security is one of the most in-demand skillsets in IT today. The designation of CCSP instantly communicates to everyone within our industry that you have the advanced technical skills and knowledge to design, manage, and