CCSP最全思维导图,已经通过考试,so easy~~
2024-04-09 11:09:02 10 举报
AI智能生成
登录查看完整内容
导图有点儿大,一下子展不开,建议一个个域学习! 同时建议自行梳理思维导图! 同时建议自行梳理思维导图! 同时建议自行梳理思维导图!
作者其他创作
大纲/内容
云计算定义Cloud computing definitions
云服务客户cloud service customer
云服务供应商cloud service provider
云服务合作伙伴cloud service partner
云服务代理cloud service broker
监管机构regulator
云计算角色和职责Cloud computing roles and responsibilities
按需自助服务on-demand self-service
广泛的网络访问broad network access
多租户multi-tenancy
快速弹性和可伸缩性rapid elasticity and scalability
资源池化resource pooling
可度量服务measured service
云计算关键特性Key cloud computing characteristics
虚拟化virtualization
存储storage
联网networking
数据库databases
编排orchestration
构建块技术Building block technologies
1.1 了解云计算概念Understand cloud computing concepts
云计算活动Cloud computing activities
应用能力类型application capability types
平台能力类型platform capability types
基础设施能力类型 infrastructure capability types
云服务能力Cloud service capabilities
软件即服务 (SaaS)Software as a Service (SaaS)
基础设施即服务 (IaaS)Infrastructure as a Service (IaaS)
平台即服务 (PaaS)Platform as a Service (PaaS)
云服务类别Cloud service categories
公共云public
私有云private
混合云hybrid
社区云community
多云multi-cloud
云部署模型Cloud deployment models
互操作性interoperability
可移植性portability
可逆性reversibility
可用性availability
安全性security
隐私privacy
弹性resiliency
性能performance
治理governance
维护和版本控制maintenance and versioning
服务等级和服务等级协议 (SLA)service levels and service-level agreements (SLA)
可审计性auditability
监管regulatory
外包outsourcing
云共享考虑因素Cloud shared considerations
数据科学data science
机器学习machine learning
人工智能 (AI)artificial intelligence (AI)
区块链blockchain
物联网 (IoT)Internet of Things (IoT)
容器containers
量子计算quantum computing
边缘计算edge computing
机密计算confidential computing
DevSecOps
相关技术的影响Impact of related technologies
1.2 描述云计算参考架构Describe cloud reference architecture
密码学和密钥管理Cryptography and key management
用户访问user access
特权访问privilege access
服务访问service access
身份和访问控制Identity and access control
覆盖overwriting
加密擦除cryptographic erase
数据和媒介清理Data and media sanitization
网络安全组network security groups
流量检查traffic inspection
地理围栏geofencing
零信任网络zero trust network
网络安全Network security
hypervisor 安全hypervisor security
容器安全container security
临时计算ephemeral computing
无服务器技术serverless technology
虚拟化安全Virtualization security
常见威胁Common threats
打补丁patching
基线baselining
安全卫生Security hygiene
1.3 了解与云计算相关的安全概念Understand security concepts relevant to cloud computing
云安全数据生命周期Cloud secure data lifecycle
基于云的业务连续性 (BC) 和灾难恢复 (DR) 计划Cloud-based business continuity (BC) and disaster recovery (DR) plan
成本效益分析cost-benefit analysis
投资回报率 (ROI)return on investment (ROI)
业务影响分析 (BIA)Business impact analysis (BIA)
供应商锁定vendor lock-in
功能安全要求Functional security requirements
不同云类别的安全注意事项和责任Security considerations and responsibilities for different cloud categories
SANS 安全原则SANS security principles
架构完善的框架Well-Architected Framework
云安全联盟 (CSA) 企业架构Cloud Security Alliance (CSA) Enterprise Architecture
云设计模式Cloud design patterns
DevOps 安全DevOps security
1.4 了解安全云计算的设计原则Understand design principles of secure cloud computing
国际标准组织/国际电子技术委员会 (ISO/IEC) 27017International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27017
支付卡行业数据安全标准 (PCI DSS)Payment Card Industry Data Security Standard (PCI DSS)
根据标准进行验证Verification against criteria
通用标准 (CC)Common Criteria (CC)
联邦信息处理标准 (FIPS) 140-2Federal Information Processing Standard (FIPS) 140-2
系统/子系统产品认证System/subsystem product certifications
1.5 评估云服务供应商Evaluate cloud service providers
云数据生命周期阶段Cloud data life cycle phases
数据分散Data dispersion
数据流Data flows
2.1 描述云数据概念Describe cloud data concepts
长期long-term
临时ephemeral
原始存储raw storage
存储类型Storage types
对存储类型的威胁Threats to storage types
2.2 设计和实现云数据存储架构Design and implement cloud data storage architectures
加密和密钥管理Encryption and key management
散列Hashing
屏蔽masking
匿名化anonymization
数据混淆Data obfuscation
令牌化Tokenization
数据丢失防护(DLP)Data loss prevention (DLP)
2.3 设计和应用数据安全技术和策略Design and apply data security technologies and strategies
结构化数据Structured data
非结构化数据Unstructured data
半结构化数据Semi-structured data
数据位置Data location
2.4 实现数据发现Implement data discovery
数据分类策略Data classification policies
数据映射Data mapping
数据标记Data labeling
2.5 计划和实现数据分类Plan and implement data classification
数据权限data rights
访问provisioning
访问模型access models
目标Objectives
颁发和撤销证书issuing and revocation of certificates
适当的工具Appropriate tools
2.6 设计和实现信息权限管理 (IRM)Design and implement Information Rights Management (IRM)
数据保留策略Data retention policies
数据删除程序和机制Data deletion procedures and mechanisms
数据归档程序和机制Data archiving procedures and mechanisms
依法保留Legal hold
身份identity
互联网协议 (IP) 地址Internet Protocol (IP) address
地理位置geolocation
事件源的定义和事件属性的要求Definition of event sources and requirement of event attributes
监管链和不可抵赖性Chain of custody and non-repudiation
D2 云数据安全Cloud Data Security
物理环境Physical environment
网络与通信Network and communications
计算Compute
虚拟化Virtualization
存储Storage
管理平面Management plane
3.1 理解云基础架构和平台组件Comprehend cloud infrastructure and platform components
租户分区tenant partitioning
访问控制access control
逻辑设计Logical design
位置location
购买或建造buy or build
物理设计Physical design
供暖Heating
多供应商通路连接multi-vendor pathway connectivity
环境设计Environmental design
设计弹性Design resilient
3.2 设计安全的数据中心Design a secure data center
识别identification
分析analysis
风险评估Risk assessment
风险缓解策略Risk mitigation strategies
3.3 分析与云基础架构和平台相关的风险Analyze risks associated with cloud infrastructure and platforms
内部部署on-premises
物理和环境保护Physical and environmental protection
日志收集log collection
关联correlation
数据包捕获packet capture
审计机制Audit mechanisms
3.4 计划和实现安全控制Plan and implementation of security controls
业务连续性 (BC) / 灾难恢复 (DR) 策略Business continuity (BC) / disaster recovery (DR) strategy
恢复时间目标 (RTO)Recovery Time Objective (RTO)
恢复点目标 (RPO)Recovery Point Objective (RPO)
恢复服务级别recovery service level
业务需求Business requirements
3.5 计划业务连续性 (BC) 和灾难恢复 (DR)Plan business continuity (BC) and disaster recovery (DR)
D3 云平台和基础架构安全Cloud Platform and Infrastructure Security
云开发基础Cloud development basics
常见陷阱Common pitfalls
开放web应用安全项目 (OWASP) 10 大风险Open Web Application Security Project (OWASP) Top-10
SANS 前 25 个最危险的软件错误SANS Top-25
常见云漏洞Common cloud vulnerabilities
4.1 倡导应用程序安全性的培训和意识Advocate training and awareness for application security
设计design
编码code
测试test
维护maintain
瀑布式与敏捷waterfall vs. agile
阶段和方法Phases and methodologies
4.2 描述安全软件开发生命周期 (SDLC) 流程Describe the Secure Software Development Life Cycle (SDLC) process
云特定风险Cloud-specific risks
攻击模拟和威胁分析过程 (PASTA)Process for Attack Simulation and Threat Analysis (PASTA)
威胁建模Threat modeling
避免开发过程中的常见漏洞Avoid common vulnerabilities during development
开放web应用安全项目 (OWASP) 应用安全检验标准 (ASVS)Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS)
卓越代码软件保障论坛 (SAFECode)Software Assurance Forum for Excellence in Code (SAFECode)
安全编码Secure coding
软件配置管理和版本控制Software configuration management and versioning
4.3 应用安全软件开发生命周期 (SDLC)Apply the Secure Software Development Life Cycle (SDLC)
功能和非功能测试Functional and non-functional testing
黑盒blackbox
白盒whitebox
静态static
动态dynamic
软件组成分析(SCA)Software Composition Analysis (SCA)
交互式应用程序安全测试 (IAST)interactive application security testing (IAST)
安全测试方法Security testing methodologies
质量保证 (QA)Quality assurance (QA)
滥用案例测试Abuse case testing
4.4 应用云软件保障和验证Apply cloud software assurance and validation
保护应用编程接口 (API)Securing application programming interfaces (API)
供应商评估vendor assessment
供应链管理Supply-chain management
许可licensing
第三方软件管理Third-party software management
经过验证的开源软件Validated open-source software
4.5 使用经过验证的安全软件Use verified secure software
web应用防火墙 (WAF)web application firewall (WAF)
数据库活动监控 (DAM)Database Activity Monitoring (DAM)
可扩展标记语言 (XML) 防火墙Extensible Markup Language (XML) firewalls
应用编程接口 (API) 网关application programming interface (API) gateway
补充安全组件Supplemental security components
密码学Cryptography
沙盒Sandboxing
微服务microservices
应用程序虚拟化和编排Application virtualization and orchestration
4.6 了解云应用架构的细节Comprehend the specifics of cloud application architecture
联合身份Federated identity
身份提供商 (IdP)Identity providers (IdP)
单点登录 (SSO)Single sign-on (SSO)
多因子验证 (MFA)Multi-factor authentication (MFA)
云访问安全代理 (CASB)Cloud access security broker (CASB)
密钥/凭据管理Secrets management
4.7 设计适当的身份和访问管理 (IAM) 解决方案Design appropriate identity and access management (IAM) solutions
D4 云应用安全Cloud Application Security
硬件安全模块 (HSM) hardware security module (HSM)
可信赖平台模块 (TPM)Trusted Platform Module (TPM)
硬件特定的安全配置要求Hardware specific security configuration requirements
管理工具的安装和配置Installation and configuration of management tools
网络network
内存memory
中央处理器 (CPU)central processing unit (CPU)
Hypervisor 类型 1 和 2Hypervisor type 1 and 2
虚拟硬件特定的安全配置要求Virtual hardware specific security configuration requirements
安装客户操作系统 (OS) 虚拟化工具集Installation of guest operating system (OS) virtualization toolsets
5.1 为云环境构建和实现物理和逻辑基础架构Build and implement physical and logical infrastructure for cloud environment
远程桌面协议 (RDP)Remote Desktop Protocol (RDP)
安全终端访问secure terminal access
安全外壳 (SSH)Secure Shell (SSH)
基于控制台的访问机制console-based access mechanisms
跳板机jumpboxes
虚拟客户端virtual client
本地和远程访问的访问控制Installation of guest operating system (OS) virtualization toolsets
虚拟局域网 (VLAN)virtual local area networks (VLAN)
传输层安全 (TLS)Transport Layer Security (TLS)
动态主机配置协议 (DHCP)Dynamic Host Configuration Protocol (DHCP)
域名系统安全扩展 (DNSSEC)Domain Name System Security Extensions (DNSSEC)
虚拟专用网络 (VPN)virtual private network (VPN)
安全网络配置Secure network configuration
防火墙firewalls
入侵检测系统 (IDS)intrusion detection systems (IDS)
入侵防御系统 (IPS)intrusion prevention systems (IPS)
蜜罐honeypots
漏洞评估vulnerability assessments
堡垒主机bastion host
网络安全控制Network security controls
Windows
Linux
VMware
补丁管理Patch management
基础设施即代码 (IaC) 策略Infrastructure as Code (IaC) strategy
分布式资源调度distributed resource scheduling
动态优化dynamic optimization
存储集群storage clusters
维护模式maintenance mode
高可用性(HA)high availability (HA)
集群主机的可用性Availability of clustered hosts
客户操作系统 (OS) 的可用性Availability of guest operating system (OS)
计算compute
响应时间response time
性能和容量监控Performance and capacity monitoring
磁盘disk
风扇速度fan speed
温度temperature
硬件监控Hardware monitoring
主机和客户操作系统 (OS) 备份和恢复功能的配置Configuration of host and guest operating system (OS) backup and restore functions
调度scheduling
维护maintenance
5.2 运行和维护云环境的物理和逻辑基础架构 Operate and maintain physical and logical infrastructure for cloud environment
变更管理Change management
连续性管理Continuity management
信息安全管理Information security management
连续的服务改进管理Continual service improvement management
事故管理Incident management
问题管理Problem management
发布管理Release management
部署管理Deployment management
配置管理Configuration management
服务等级管理Service level management
可用性管理Availability management
容量管理Capacity management
取证数据收集方法Forensic data collection methodologies
证据管理Evidence management
5.4 支持数字取证Support digital forensics
供应商Vendors
客户Customers
合作伙伴Partners
监管机构Regulators
其他利益相关者Other stakeholders
5.5 管理与相关方的沟通Manage communication with relevant parties
安全运营中心 (SOC)Security operations center (SOC)
人工智能 (AI)artificial intelligence (AI)
安全控制的智能监控Intelligent monitoring of security controls
安全信息和事件管理 (SIEM)security information and event management (SIEM)
日志管理log management
日志捕获和分析Log capture and analysis
漏洞评估Vulnerability assessments
5.6 管理安全运营Manage security operations
D5 云安全运营Cloud Security Operations
国际法律冲突Conflicting international legislation
云计算特有的法律风险评估Evaluation of legal risks specific to cloud computing
法律框架和准则Legal framework and guidelines
国际标准组织/国际电子技术委员会 (ISO/IEC) 27050International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27050
云安全联盟 (CSA) 指引Cloud Security Alliance (CSA) Guidance
eDiscovery
取证要求Forensics requirements
6.1 明确云环境中的法律要求和独特风险Articulate legal requirements and unique risks within the cloud environment
受保护的健康信息 (PHI)protected health information (PHI)
个人可识别信息 (PII)personally identifiable information (PII)
合同规定的和受监管的私人数据之间的区别Difference between contractual and regulated private data
与私人数据相关的国家特定立法Country-specific legislation related to private data
数据隐私的司法管辖区差异Jurisdictional differences in data privacy
国际标准组织/国际电子技术委员会 (ISO/IEC) 27018International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27018
普遍接受的隐私原则 (GAPP)Generally Accepted Privacy Principles (GAPP)
一般数据保护条例 (GDPR)General Data Protection Regulation (GDPR)
标准隐私要求Standard privacy requirements
隐私影响评估 (PIA)Privacy Impact Assessments (PIA)
6.2 了解隐私问题Understand privacy issues
内部和外部审计控制Internal and external audit controls
审计要求的影响Impact of audit requirements
确定虚拟化和云的保障挑战Identify assurance challenges of virtualization and cloud
关于认证业务标准的声明 (SSAE)Statement on Standards for Attestation Engagements (SSAE)
服务组织控制 (SOC)Service Organization Control (SOC)
国际鉴证业务准则 (ISAE)International Standard on Assurance Engagements (ISAE)
审计报告的类型Types of audit reports
审计范围声明的限制Restrictions of audit scope statements
控制分析control analysis
基线baselines
差距分析Gap analysis
审计计划Audit planning
内部信息安全管理系统Internal information security management system
内部信息安全控制系统Internal information security controls system
组织organizational
功能functional
云计算cloud computing
策略Policies
相关利益相关者的识别和参与Identification and involvement of relevant stakeholders
北美电力可靠性公司/关键基础设施保护 (NERC / CIP)North American Electric Reliability Corporation / Critical Infrastructure Protection (NERC / CIP)
健康保险便捷与责任法案 (HIPAA)Health Insurance Portability and Accountability Act (HIPAA)
经济与临床医疗保健信息科技 (HITECH) 法案Health Information Technology for Economic and Clinical Health (HITECH) Act
支付卡行业 (PCI)Payment Card Industry (PCI)
受到严格监管行业的特殊合规要求Specialized compliance requirements for highly-regulated industries
不同的地理位置diverse geographical locations
跨越法律管辖区crossing over legal jurisdictions
分布式信息技术 (IT) 模型的影响Impact of distributed information technology (IT) model
控制controls
方法methodologies
策略policies
风险概况risk profile
风险偏好risk appetite
评估提供商风险管理计划Assess providers risk management programs
数据所有者/控制者与数据保管者/处理者之间的区别Difference between data owner/controller vs. data custodian/processor
违规通知breach notification
Sarbanes-Oxley (SOX)
监管透明度要求Regulatory transparency requirements
规避avoid
减轻mitigate
转移transfer
共享share
接受acceptance
风险处理Risk treatment
不同的风险框架Different risk frameworks
风险管理指标Metrics for risk management
服务service
供应商vendor
基础架构infrastructure
业务business
风险环境评估Assessment of risk environment
6.4 了解云对企业风险管理的影响Understand implications of cloud to enterprise risk management
服务等级协议(SLA)service-level agreement (SLA)
主服务协议(MSA)master service agreement (MSA)
工作陈述(SOW)statement of work (SOW)
业务要求Business requirements
供应商评估vendor assessments
供应商锁定风险vendor lock-in risks
供应商生存能力vendor viability
托管escrow
供应商管理Vendor management
审计权right to audit
指标metrics
定义definitions
终止termination
诉讼litigation
保证assurance
合规compliance
访问云/数据access to cloud/data
网络风险保险cyber risk insurance
合同管理Contract management
国际标准组织/国际电子技术委员会 (ISO/IEC) 27036International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27036
6.5 了解外包和云合同设计Understand outsourcing and cloud contract design
CCSP outline
0 条评论
回复 删除
下一页