CCSK Domain 1 Notes

Posted byAayush GoelPosted inccskTags:, , , , , , , , , , ,

Definitions

  • NIST SP 800-145: [A] model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
  • ISO/IEC 22123-1: [A] paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand.

Essential Characteristics (NIST)

  • On-Demand Self-Service
  • Broad Network Access
  • Resource Pooling
  • Rapid Elasticity
  • Measured Service
  • ISO addition: Multi-tenancy

Service Models

– IaaS → CSC manages OS, apps, data; CSP infra.

– PaaS → CSC manages apps; CSP manages platform.

– SaaS → CSC manages config only; CSP manages everything else.

Deployment Models

  • Private Cloud – For one org, on/off-prem.
  • Community Cloud – Shared by orgs with common needs.
  • Hybrid Cloud – Mix of public and private cloud with portability.
  • Public Cloud – For general public, owned by CSP.

Core Concepts

  • Abstraction – Virtualization (Creation of virtual machines from physical servers).
  • Orchestration – Automation of provisioning/config of VMs.
  • Multi-tenancy – Clouds are multi-tenant , with multiple CSCs sharing resource pools while being segregated and isolated for confidentiality and integrity. Segregation and isolation ensure that CSCs cannot see or modify each other’s assets.

CSA Enterprise Architecture

  • BOSS (SABSA) – Business Security
  • ITOS (ITIL) – IT Services
  • TSS (TOGAF) – Infra, Info, App, Presentation
  • SRM (OpenGroup) – Security & Risk

Shared Responsibility Model

  • SaaS – CSP secures all, CSC manages users/config.
  • PaaS – CSP secures platform, CSC secures apps/data.
  • IaaS – CSP secures infra, CSC secures OS, apps, network.

Key Tools

  • CAIQ – Questionnaire for CSP security controls.
  • CCM – Cloud Controls Matrix (maps controls to standards).

Exam Tip: Always link responsibility level to the amount of control the CSC has (highest in IaaS, lowest in SaaS).

Flashcards: https://quizlet.com/in/1070003177/ccsk-domain-1-flash-cards/?i=4jehw4&x=1jqt

Discover more from Information Security Blogs

Subscribe to get the latest posts sent to your email.

Leave a comment

Discover more from Information Security Blogs

Subscribe now to keep reading and get access to the full archive.

Continue reading