You're reading from Mastering Cloud Security Posture Management (CSPM) Secure multi-cloud infrastructure across AWS, Azure, and Google Cloud using proven techniques

Product type Paperback

Published in Jan 2024

Publisher Packt

ISBN-13 9781837638406

Length 472 pages

Edition 1st Edition

Tools

AWS

Concepts

Cloud Security

Author (1):

Qamar Nomani

View More author details

Table of Contents (26) Chapters

Preface

1. Part 1:CSPM Fundamentals

2. Chapter 1: Cloud Security Fundamentals FREE CHAPTER

3. Chapter 2: Understanding CSPM and the Threat Landscape

4. Chapter 3: CSPM Tools and Features

5. Chapter 4: CSPM Tool Selection

6. Part 2: CSPM Deployment Aspects

7. Chapter 5: Deploying the CSPM Tool

8. Chapter 6: Onboarding Cloud Accounts

9. Chapter 7: Onboarding Containers

10. Chapter 8: Exploring Environment Settings

11. Part 3: Security Posture Enhancement

12. Chapter 9: Exploring Cloud Asset Inventory

13. Chapter 10: Reviewing CSPM Dashboards

14. Chapter 11: Major Configuration Risks

15. Chapter 12: Investigating Threats with Query Explorers and KQL

16. Chapter 13: Vulnerability and Patch Management

17. Chapter 14: Compliance Management and Governance

18. Chapter 15: Security Alerts and Monitoring

19. Part 4: Advanced Topics and Future Trends

20. Chapter 16: Integrating CSPM with IaC

21. Chapter 17: DevSecOps – Workflow Automation

22. Chapter 18: CSPM-Related Technologies

23. Chapter 19: Future Trends and Challenges

24. Index

Why subscribe?

25. Other Books You May Enjoy

Compliance concepts

We are in the age of data analytics and data science, where data has become more precious than ever. Organizations, institutions, and businesses now rely on data to function on a day-to-day basis. It has become even more crucial to take extra care when dealing with data when organizations are moving their data to the cloud. To protect personally identifiable information (PII), health-related data, and financial data, government agencies, regulatory authorities, and industry groups have issued regulations to help protect and govern the use of data.

Security and compliance are not the same concepts, even though they are very well interconnected and the line between them is blurred. Security refers to the set of policies, processes, and controls that a company implements to protect its assets, while compliance refers to the meeting that some regulatory body or third party has set as a best practice or legal requirement.

Some of the compliance concepts in cybersecurity include the following:

Regulatory compliance: This refers to adherence to legal requirements, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Regulatory compliance involves implementing security measures and protocols to protect sensitive data and ensure that organizations are following established legal requirements.
Industry-specific compliance: This refers to adherence to specific security requirements established by particular industries, such as the Payment Card Industry Data Security Standard (PCI DSS) for organizations that handle credit card information. Industry-specific compliance involves implementing security measures and protocols that are specific to the requirements of a particular industry. Another significant example would be the Health Insurance Portability and Accountability Act (HIPAA) as it ensures the protection and confidentiality of individuals’ sensitive health information, providing them with greater control over their medical data and promoting trust in the healthcare system. Its regulations establish standards for securely handling the protected health information of healthcare providers, insurers, and other entities in the United States.
Standards compliance: This refers to adherence to established security standards, such as the ISO/IEC 27001 and the National Institute of Standards and Technology (NIST) standards for information security management systems. Standards compliance involves implementing security measures and protocols that meet or exceed established industry standards.
Best practices compliance: This refers to adherence to established best practices for cybersecurity, such as the Center for Internet Security (CIS). Best practices compliance involves implementing security measures and protocols that are widely accepted as effective in the cybersecurity community. You can find the latest CIS benchmarks for cloud providers such as Alibaba, AWS, and Azure, as well as various other technologies, at https://www.cisecurity.org/cis-benchmarks.

Here are some important topics associated with data compliance:

Data residency: This refers to the physical or geographical location of the data. It sounds normal in the case of on-premises but it’s challenging to achieve when data is stored in the cloud. Some countries have regulations that their data must be stored on a server physically located within the country.
Data sovereignty: This refers to the laws and governance structures that data is subject to, due to the geographical location of where it is processed.
Data privacy: This refers to providing notice and being transparent about collecting, using, and sharing personal data. These are fundamental principles of laws and regulations.

Compliance in cybersecurity is important because it helps organizations establish a baseline of security measures and protocols that can protect sensitive data and ensure the security of computer systems and networks. Compliance can also be used to demonstrate to stakeholders that an organization is taking the necessary steps to protect data and mitigate cybersecurity risks.

Now, let’s understand another interesting and important topic: cryptography.

You're reading from Mastering Cloud Security Posture Management (CSPM) Secure multi-cloud infrastructure across AWS, Azure, and Google Cloud using proven techniques

Table of Contents (26) Chapters

Compliance concepts

Authors (1)

Personalised recommendations for you