Academics & The Arts Articles
Maybe you need help passing calculus ― or the real estate exam. You're looking to move up at work or school. Or maybe you're done with school, but you want to learn Spanish or acting or songwriting. It's all here. Dive in!Articles From Academics & The Arts
page 1
page 2
page 3
page 4
page 5
page 6
page 7
page 8
page 9
page 10
page 11
page 12
page 13
page 14
page 15
page 16
page 17
page 18
page 19
page 20
page 21
page 22
page 23
page 24
page 25
page 26
page 27
page 28
page 29
page 30
page 31
page 32
page 33
page 34
page 35
page 36
page 37
page 38
page 39
page 40
page 41
page 42
page 43
page 44
page 45
page 46
page 47
page 48
page 49
page 50
page 51
page 52
page 53
page 54
page 55
page 56
page 57
page 58
page 59
page 60
page 61
page 62
page 63
page 64
page 65
page 66
page 67
page 68
page 69
page 70
page 71
page 72
page 73
page 74
page 75
page 76
page 77
page 78
page 79
page 80
page 81
page 82
page 83
page 84
page 85
page 86
page 87
page 88
page 89
page 90
page 91
page 92
page 93
page 94
page 95
page 96
page 97
page 98
page 99
page 100
page 101
page 102
page 103
page 104
page 105
page 106
page 107
page 108
page 109
page 110
page 111
page 112
page 113
page 114
page 115
page 116
page 117
page 118
page 119
page 120
page 121
page 122
page 123
page 124
page 125
page 126
page 127
page 128
page 129
page 130
page 131
page 132
page 133
page 134
page 135
page 136
page 137
page 138
page 139
page 140
page 141
page 142
page 143
page 144
page 145
page 146
page 147
page 148
page 149
page 150
page 151
page 152
page 153
page 154
page 155
page 156
page 157
page 158
page 159
page 160
page 161
page 162
page 163
page 164
page 165
page 166
page 167
page 168
page 169
page 170
page 171
page 172
page 173
page 174
page 175
page 176
page 177
page 178
page 179
page 180
page 181
page 182
page 183
page 184
page 185
page 186
page 187
page 188
page 189
page 190
page 191
page 192
page 193
page 194
page 195
page 196
page 197
page 198
page 199
page 200
page 201
page 202
page 203
page 204
page 205
page 206
page 207
page 208
page 209
page 210
page 211
page 212
page 213
page 214
page 215
page 216
page 217
page 218
page 219
page 220
page 221
page 222
page 223
page 224
page 225
page 226
page 227
page 228
page 229
page 230
page 231
page 232
page 233
page 234
page 235
page 236
page 237
page 238
page 239
page 240
page 241
page 242
page 243
page 244
page 245
page 246
page 247
page 248
page 249
page 250
page 251
page 252
page 253
page 254
page 255
page 256
page 257
page 258
page 259
page 260
page 261
page 262
page 263
page 264
page 265
page 266
page 267
page 268
page 269
page 270
page 271
page 272
page 273
page 274
page 275
page 276
page 277
page 278
page 279
page 280
page 281
page 282
page 283
page 284
page 285
page 286
page 287
page 288
page 289
page 290
page 291
page 292
page 293
page 294
page 295
page 296
page 297
page 298
page 299
page 300
page 301
page 302
page 303
page 304
page 305
page 306
page 307
page 308
page 309
page 310
page 311
page 312
page 313
page 314
page 315
page 316
page 317
page 318
page 319
page 320
page 321
page 322
page 323
page 324
page 325
page 326
page 327
page 328
page 329
page 330
page 331
page 332
page 333
page 334
page 335
page 336
page 337
page 338
page 339
page 340
page 341
page 342
page 343
page 344
page 345
page 346
page 347
page 348
page 349
page 350
page 351
page 352
page 353
page 354
page 355
page 356
page 357
page 358
page 359
page 360
page 361
page 362
page 363
page 364
page 365
page 366
page 367
page 368
page 369
page 370
page 371
page 372
page 373
page 374
page 375
page 376
page 377
page 378
page 379
page 380
page 381
page 382
page 383
page 384
page 385
page 386
page 387
page 388
page 389
page 390
page 391
page 392
page 393
page 394
page 395
page 396
page 397
page 398
page 399
page 400
page 401
page 402
page 403
page 404
page 405
page 406
page 407
page 408
page 409
page 410
page 411
page 412
page 413
page 414
page 415
page 416
page 417
page 418
page 419
page 420
page 421
page 422
page 423
page 424
page 425
page 426
page 427
page 428
page 429
page 430
page 431
page 432
page 433
page 434
page 435
page 436
page 437
page 438
page 439
page 440
page 441
page 442
page 443
page 444
page 445
page 446
page 447
page 448
page 449
page 450
page 451
page 452
page 453
page 454
page 455
page 456
page 457
page 458
page 459
page 460
page 461
page 462
page 463
page 464
page 465
page 466
page 467
page 468
page 469
page 470
page 471
page 472
page 473
page 474
page 475
page 476
page 477
page 478
page 479
page 480
page 481
page 482
page 483
page 484
page 485
page 486
page 487
page 488
page 489
page 490
page 491
page 492
page 493
page 494
page 495
page 496
page 497
page 498
page 499
page 500
page 501
page 502
page 503
page 504
page 505
page 506
page 507
page 508
page 509
page 510
page 511
page 512
page 513
page 514
page 515
page 516
page 517
page 518
page 519
page 520
page 521
page 522
page 523
page 524
page 525
page 526
page 527
page 528
page 529
page 530
page 531
page 532
page 533
page 534
page 535
page 536
page 537
page 538
page 539
page 540
page 541
page 542
page 543
page 544
page 545
page 546
page 547
page 548
page 549
page 550
page 551
page 552
page 553
page 554
page 555
page 556
page 557
page 558
page 559
page 560
page 561
page 562
page 563
page 564
page 565
page 566
page 567
page 568
page 569
page 570
page 571
page 572
page 573
page 574
page 575
page 576
page 577
page 578
page 579
page 580
page 581
page 582
page 583
page 584
page 585
page 586
page 587
page 588
page 589
page 590
page 591
page 592
page 593
page 594
page 595
page 596
page 597
page 598
page 599
page 600
page 601
page 602
page 603
page 604
page 605
page 606
page 607
page 608
page 609
page 610
page 611
page 612
page 613
page 614
page 615
page 616
page 617
page 618
page 619
page 620
page 621
page 622
page 623
page 624
page 625
page 626
page 627
page 628
page 629
page 630
page 631
page 632
page 633
page 634
page 635
page 636
page 637
page 638
page 639
page 640
page 641
page 642
page 643
page 644
page 645
page 646
page 647
page 648
page 649
page 650
page 651
page 652
page 653
page 654
page 655
page 656
page 657
page 658
page 659
page 660
page 661
page 662
page 663
page 664
page 665
page 666
page 667
page 668
page 669
page 670
page 671
page 672
page 673
page 674
page 675
page 676
page 677
page 678
page 679
page 680
page 681
page 682
page 683
page 684
page 685
page 686
page 687
page 688
page 689
page 690
page 691
page 692
page 693
page 694
page 695
page 696
page 697
page 698
page 699
page 700
page 701
page 702
page 703
page 704
page 705
page 706
page 707
page 708
page 709
page 710
page 711
page 712
page 713
page 714
page 715
page 716
page 717
page 718
page 719
page 720
page 721
page 722
page 723
page 724
page 725
page 726
page 727
page 728
page 729
page 730
page 731
page 732
page 733
page 734
page 735
page 736
page 737
page 738
page 739
page 740
page 741
page 742
page 743
page 744
page 745
page 746
page 747
page 748
page 749
page 750
page 751
page 752
page 753
page 754
page 755
page 756
page 757
page 758
page 759
page 760
page 761
page 762
page 763
page 764
page 765
page 766
page 767
page 768
page 769
page 770
page 771
page 772
page 773
page 774
page 775
page 776
page 777
page 778
page 779
page 780
page 781
page 782
page 783
page 784
page 785
page 786
page 787
page 788
page 789
page 790
page 791
page 792
page 793
page 794
page 795
page 796
page 797
page 798
page 799
page 800
page 801
page 802
page 803
page 804
page 805
page 806
page 807
page 808
page 809
page 810
page 811
page 812
page 813
page 814
page 815
page 816
page 817
page 818
page 819
page 820
page 821
page 822
page 823
page 824
page 825
page 826
page 827
page 828
page 829
page 830
page 831
page 832
page 833
page 834
page 835
page 836
page 837
page 838
page 839
page 840
page 841
page 842
page 843
page 844
page 845
page 846
page 847
page 848
page 849
page 850
page 851
page 852
page 853
page 854
page 855
page 856
page 857
page 858
page 859
page 860
page 861
page 862
Filter Results
8,611 results
8,611 results
Physics Astrophysics for Dummies Cheat Sheet Cheat Sheet / Updated 03-14-2024 The path to understanding astrophysics is both thought-provoking and brain-stretching. How did the universe come into existence, when will it end, and what role do our familiar planets and stars play in the grand scheme of the cosmos? There are many more questions in astrophysics than there are answers. The goal of this book is to put you in a position where you’re able to better formulate those questions, and know where to go for answers.
As you’re getting started on your journey, use this Cheat Sheet to answer some of the first questions that come to mind. View Cheat Sheet
Geography Human Geography For Dummies Cheat Sheet Cheat Sheet / Updated 02-22-2024 Welcome to the world of Human Geography. It is a whole world that a shockingly large number of people do not even know exists. Human geography is an academic discipline regularly taught at the high school and university level that actually encompasses quite a few subdisciplines of geographic study. The traditional divisions of human geography study the following major fields.
Populations and migration
Urban geography
Economic geography
Cultural geography
Political geography
Within those fields, a slew of other research areas can be included under the umbrella of human geography. Areas like medical geography study the relationship between space and medical care (like the spread of infectious diseases or the impact that location has on quality of life). Political geography is a geopolitics field that tries to understand the geographic factors that influence how different countries interact. The content in this book will give you a working overview of the terms and concepts covered within the field of human geography.
The materials are comparable to the content covered in a lower-level undergraduate college course or an upper-level high school course. This book is not an in-depth dive into any particular human geography topic. In fact, every topic included in this book could have entire books written about just that one idea. Many researchers have spent untold hours building the human geography field. The purpose of this book is to give you a taste of the breadth of human geography in easily digestible tidbits.
Also, this is not a textbook. Instead, it is a starting place for where human geography can take you. View Cheat Sheet
Neuroscience Neurobiology For Dummies Cheat Sheet Cheat Sheet / Updated 02-12-2024 Neurobiology has all kinds of real-world (and not so real-world) applications. From curing paralysis to the possibility of cyborgs, neurobiology has answers to many fascinating questions. View Cheat Sheet
CCSP CCSP: Data Security Technologies and Strategies Article / Updated 12-20-2023 When studying for the CCSP exam, you must consider how to implement data security technologies and design data security strategies that fit your business and security needs. The following technologies are commonly applied as part of a comprehensive data security strategy in the cloud:
Encryption and key management
Hashing
Data loss prevention (DLP)
Data de-identification (by masking and data obfuscation)
Tokenization
Encryption and key management
As encryption pertains to cloud data security, encryption and key management are critical topics that must be fully understood in order to pass the CCSP exam. With resource pooling (and multitenancy) being a key characteristic of cloud computing, it’s important to remember that physical separation and protections are not commonly available in cloud environments. As such, strategic use of encryption is crucial to ensuring secure data storage and use in the cloud.
When designing or implementing encryption technologies, remember that an encryption architecture has three basic components:
The data being secured
The encryption engine that performs all encryption operations
The encryption keys used to secure the data
While it would seem like encrypting everything would be the best way to ensure data security, it’s important to consider that encryption has a performance impact on systems; system resources are used in order to process encryption algorithms every time data is encrypted or decrypted, which can add up if encryption is used excessively. As a CCSP, it is up to you to implement encryption so that data is as secure as possible while minimizing the impact to system performance.
Countless other challenges and considerations exist when implementing encryption technologies, both on-prem and in cloud environments. Some key cloud encryption challenges are
Almost all data processing requires that data is in an unencrypted state. If a cloud customer is using a CSP for data analysis or processing, then encryption can be challenging to implement.
Encryption keys are cached in memory when in use and often stay there for some time. This consideration is a major point of in multitenant environments because memory is a shared resource between tenants. CSPs must implement protections against tenants’ keys being accessed by tenants who share the same resources.
Cloud data is often highly replicated (for availability purposes), which can make encryption and key managing challenging. Most CSPs have mechanisms in place to ensure that any copies of encrypted data remain encrypted.
Throughout the entire data lifecycle, data can change states, locations, and format, which can require different applications of encryption along the way. Managing these changes may be a challenge, but understanding the Cloud Secure Data Lifecycle can help design complete end-to-end encryption solutions.
Encryption is a confidentiality control at heart. It does not address threats to integrity of data on its own. Other technologies discussed throughout this chapter should be implemented to address integrity concerns.
The effectiveness of an encryption solution is dependent upon how securely the encryption keys are stored and managed. As soon as an encryption key gets into the wrong hands, all data protected with that key is compromised. Keys that are managed by the CSP may potentially be accessed by malicious insiders, while customer-managed encryption keys are often mishandled or mismanaged.
As the last point indicates, key management is a huge factor in ensuring that encryption implementations effectively secure cloud data. Because of its importance and the challenges associated with key management in the cloud, this task is typically one of the most complicated ones associated with securing cloud data.
When developing your organization’s encryption and key management strategy, it’s important that you consider the following:
Key generation: Encryption keys should be generated within a trusted, secure cryptographic module. FIPS 140-3 validated modules have been tested and certified to meet certain requirements that demonstrate tamper resistance and integrity of encryption keys.
Key distribution: It’s important that encryption keys are distributed securely to prevent theft or compromise during transit. One best practice is to encrypt keys with a separate encryption key while distributing to other parties (in PKI applications, for example). The worst thing that could happen is sending out a bunch of “secret” keys that get stolen by malicious eavesdroppers!
Key storage: Encryption keys must be protected at rest (both in volatile and persistent memory) and should never be stored in plaintext. Keys may be stored and managed internally on a virtual machine or other integrated application, externally and separate from the data itself, or managed by a trusted third party that provides key escrow services for secure key management. A Hardware Security Module (HSM) is a physical device that safeguards encryption keys. Many cloud providers provide HSM services, as well as software-based HSM capabilities.
Key destruction or deletion: At the end of the encryption key’s lifecycle, there will be a time that the key is no longer needed. Key destruction is the removal of an encryption key from its operational location. Key deletion takes it a step further and also removes any information that could be used to reconstruct that key. To prevent a Denial of Service due to unavailable keys, deletion should only occur after an archival period that includes substantial analysis to ensure that the key is in fact no longer needed.
Cloud environments rely heavily on encryption throughout the entire data lifecycle. While encryption itself is used for confidentiality, the widespread use of encryption means that availability of the encryption keys themselves is a major concern. Pay close attention to availability as you’re designing your key management systems and processes.
Hashing
Hashing, as depicted, is the process of taking an arbitrary piece of data and generating a unique string or number of fixed-length from it. Hashing can be applied to any type of data — documents, images, database files, virtual machines, and more.
Hashing in a data structure provides a mechanism to ensure the integrity of data. Hashes are similar to human fingerprints, which can be used to uniquely identify a single person to whom that fingerprint belongs. As seen, even the slightest change to a large text file will noticeably change the output of the hashing algorithm. Hashing is incredibly useful when you want to be sure that what you’re looking at now is the same as what you created before. In cloud environments, hashing helps verify that virtual machine instances haven’t been modified (maliciously or accidentally) without your knowledge. Simply hash your VM image before running it and compare it to the hash of the known-good VM image; the hash outputs should be identical.
The term hashing is sometimes used interchangeably with encryption, but they are very different! Encryption is a two-way function, meaning what can be encrypted can be decrypted. Conversely, hashing is a one-way function. You can only generate a hash of an object; you cannot retrieve an object from its hash. Encryption, again, is used to provide confidentiality, while hashing provides integrity checking. Be careful not to confuse these two terms!
Several hashing algorithms are available, but the SHA (Secure Hash Algorithm) family of algorithms are amongst the most popular. Specific algorithms are outside the scope of this book, but you can research SHA-1, SHA-2, and SHA-3 for additional context.
Data Loss Prevention (DLP)
Data loss prevention (DLP), also known as data leakage prevention, is the set of technologies and practices used to identify and classify sensitive data, while ensuring that sensitive data is not lost or accessed by unauthorized parties.
DLP can be applied to help restrict the flow of both structured and unstructured data to authorized locations and users. Effective use of DLP goes a long way to helping organizations safeguard their data’s confidentiality, both on-prem and in the cloud. To put it plainly, DLP analyzes data storage, identifies sensitive data components, and prevents users from accidentally or maliciously sending that sensitive data to the wrong party.
When designing a DLP strategy, organizations must consider how the technology fits in with their existing technologies, processes, and architecture. DLP controls need to be thoroughly understood and applied in a manner that aligns with the organization’s overall enterprise architecture in order to ensure that only the right type of data is blocked from being transmitted.
Hybrid cloud users, or users that utilize a combination of cloud-based and on-prem services, should pay extremely close attention to their enterprise security architecture while developing a DLP strategy. Because data traverses both cloud and noncloud environments, a poor DLP implementation can result in segmented data security policies that are hard to manage and ineffective.
DLP that is incorrectly implemented can lead to false-positives (for example, blocking legitimate traffic) or false-negatives (allowing sensitive data to be sent to unauthorized parties).
DLP implementations consist of three core components or stages:
Discovery and classification: The first stage of DLP is discovery and classification. Discovery is the process of finding all instances of data, and classification is the act of categorizing that data based on its sensitivity and other characteristics. Examples of classifications may include “credit card data,” “Social Security numbers,” “health records,” and so on. Comprehensive discovery and proper classification is crucial to success during the remaining DLP stages.
Monitoring: After data has been fully discovered and classified, it is able to be monitored. Monitoring is an essential component of the DLP implementation and involves watching data as it moves throughout the cloud data lifecycle. The monitoring stage is where the DLP implementation is looking to identify data that is being misused or handled outside of established usage policies. Effective DLP monitoring should happen on storage devices, networking devices, servers, workstations, and other endpoints — and it should evaluate traffic across all potential export routes (email, Internet browsers, and so on).
Enforcement: The final DLP stage, enforcement, is where action is taken on policy violations identified during the monitoring stage. These actions are configured based on the classification of data and the potential impact of its loss. Violations of less sensitive data is traditionally logged and/or alerted on, while more sensitive data can actually be blocked from unauthorized exposure or loss. A common use-case here is financial services companies that detect credit card numbers being emailed to unauthorized domains and are able to stop the email in its tracks, before it ever leaves the corporate network.
Always remember “Security follows the data” — and DLP technology is no different. When creating a DLP implementation strategy, it’s important that you consider techniques for monitoring activity in every data state. DLP data states are
DLP at rest: For data at rest, the DLP implementation is stored wherever the data is stored, such as a workstation, file server, or some other form of storage system. Although this DLP implementation is often the simplest, it may need to work in conjunction with other DLP implementations to be most effective.
DLP in transit: Network-based DLP is data loss prevention that involves monitoring outbound traffic near the network perimeter. This DLP implementation monitors traffic over Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP), and other protocols.
If the network traffic being monitored is encrypted, you will need to integrate encryption and key management technologies into your DLP solution. Standard DLP implementations cannot effectively monitor encrypted traffic, such as HTTPS.
DLP in use: Host-based, or endpoint-based, DLP is data loss prevention that involves installation of a DLP application on a workstation or other endpoint device. This DLP implementation allows monitoring of all data in use on the client device and provides insights that network-based DLP are not able to provide.
Because of the massive scale of many cloud environments, host-based DLP can be a major challenge. There are simply too many hosts and endpoints to monitor without a sophisticated strategy that involves automated deployment. Despite this challenge, host-based DLP is not impossible in the cloud, and CSPs continue to make monitoring easier as new cloud-native DLP features become available.
After you understand DLP and how it can be used to protect cloud data, there are a few considerations that cloud security professionals commonly face when implementing cloud-based DLP:
Cloud data is highly distributed and replicated across locations. Data can move between servers, from one data center to another, to and from backup storage, or between a customer and the cloud provider. This movement, along with the data replication that ensures availability, present challenges that need to be worked through in a DLP strategy.
DLP technologies can impact performance. Host-based DLP scan all data access activities on an endpoint, and network-based DLP scan all outbound network traffic across a network boundary. This constant monitoring and scanning can impact system and network performance and must be considered while developing and testing your DLP strategy.
Cloud-based DLP can get expensive. The pay-for-what-you-use model is often a great savings to cloud customers, but when it comes to DLP, the constant resource utilization associated with monitoring traffic can quickly add up. It’s important to model and plan for resource consumption costs on top of the costs of the DLP solution itself.
Data de-identification
Confidentiality is incredibly important, especially in the cloud. While mechanisms like encryption and DLP go a long way to providing data confidentiality, they’re not always feasible. Data de-identification (or anonymization) is the process of removing information that can be used to identify a specific individual from a dataset. This technique is commonly used as a privacy measure to protect Personally Identifiable Information (PII) or other sensitive information from being exposed when an entire dataset is shared. The following figure depicts the purest form of data de-identification; in this example, student names have been removed in order to protect the confidentiality of their grades.
Several techniques are available to de-identify sensitive information; masking (or obfuscation) and tokenization are two of the most commonly used methods.
Masking
Masking is the process of partially or completely replacing sensitive data with random characters or other nonsensitive data. Masking, or obfuscation, can happen in a number of ways, but the following figure is a visual depiction of the most popular type of data masking, which is commonly used to protect credit card numbers and other sensitive financial information.
As a cloud security professional, you can use several techniques when masking or obfuscating data. Here are a few to remember:
Substitution: Substitution mimics the look of real data, but replaces (or appends) it with some unrelated value. Substitution can either be random or algorithmic, with the latter allowing two-way substitution — meaning if you have the algorithm, then you can retrieve the original data from the masked dataset.
Scrambling: Scrambling mimics the look of real data, but simply jumbles the characters into a random order. For example, a customer’s whose account number is #5551234 may be shown as #1552435 in a development environment. (For what it’s worth, my scrambled phone number is 0926381135.)
Deletion or nulling: This technique is just what it sounds like. When using this masking technique, data appears blank or empty to anyone who isn’t authorized to view it.
Aside from being used to comply with regulatory regulations (like HIPAA or PCI DSS), data masking is often used when organizations need to use production data in a test or development environment. By masking the data, development environments are able to use real data without exposing sensitive data elements to unauthorized viewers or less secure environments.
Tokenization
Tokenization is the process of substituting a sensitive piece of data with a nonsensitive replacement, called a token. The token is merely a reference back to the sensitive data, but has no meaning or sensitivity on its own. The token maintains the look and feel of the original data and is mapped back to the original data by the tokenization engine or application. Tokenization allows code to continue to run seamlessly, even with randomized tokens in place of sensitive data.
Tokenization can be outsourced to external, cloud-based tokenization services (referred to as tokenization-as-a-service). When using these services, it’s prudent to understand how the provider secures your data both at rest and in transit between you and their systems. View Article
CCSP CCSP Exam and Virtualization Article / Updated 12-20-2023 Domain 3, which includes cloud platform and infrastructure security, represents 17 percent of the CCSP certification exam. Virtualization is the process of creating software instances of actual hardware. VMs, for example, are software instances of actual computers. Software-Defined Networks are virtualized networks. Nowadays, you can pretty much find any traditional hardware available as a virtualized solution.
Virtualization is the secret sauce behind cloud computing, as it allows a single piece of hardware to be shared by multiple customers. Concepts like multitenancy and resource pooling would not exist as they do today — and you wouldn’t be reading this book — if it weren’t for the advent of virtualization!
Virtualization offers many clear benefits. Following is a list of some of the most noteworthy:
Increases scalability: Virtualized environments are designed to grow as your demand grows. Instead of buying new hardware, you simply spin up additional virtual instances.
Allows faster resource provisioning: It’s much quicker and easier to spin up virtualized hardware from a console than it is to physically boot-up multiple pieces of hardware.
Reduces downtime: Restoring or redeploying physical hardware takes a lot of time, especially at scale. Failover for virtualized resources can happen much more quickly, which means your systems remain up and running longer.
Avoids vendor lock-in: Virtualization abstracts software from hardware, meaning your virtualized resources are more portable than their physical counterparts. Unhappy with your vendor? Pack up your VMs and move to another one!
Saves time (and money): Virtualized resources can be easily centrally managed, reducing the need for personnel and equipment to maintain your infrastructure. In addition, less hardware usually means less money.
The preceding list reiterates why virtualization is such a critical technology and reminds you of the deep connection between virtualization and cloud computing.
The most common implementation of virtualization is the hypervisor. A hypervisor is a computing layer that allows multiple guest Operating Systems to run on a single physical host device. The following figure shows an overview of hypervisor architecture.
The hypervisor abstracts software from hardware and allows each of the guest OSes to share the host’s hardware resources, while giving the guests the impression that they’re all alone on that host. The two categories of hypervisors are Type 1 and Type 2. A Type 1 hypervisor is also known as a bare metal hypervisor, as it runs directly on the hardware. Type 2 hypervisors, however, run on the host’s Operating System. This figure shows a comparison of the two.
Despite all the advantages of virtualization, and hypervisors specifically, you, as a CCSP candidate, should remember some challenges:
Hypervisor security: The hypervisor is an additional piece of software, hardware, or firmware that sits between the host and each guest. As a result, it expands the attack surface and comes with its own set of vulnerabilities that the good guys must discover and patch before the bad guys get to them. If not fixed, hypervisor flaws can lead to external attacks on VMs or even VM-to-VM attacks, where one cloud tenant can access or compromise another tenant’s data.
VM security: Virtual machines are nothing more than files that sit on a disk or other storage mechanism. Imagine your entire home computer wrapped up into a single icon that sits on your desktop — that’s pretty much what a virtual machine comes down to. If not sufficiently protected, a VM image is susceptible to compromise while dormant or offline. Use controls like Access Control Lists (ACLs), encryption, and hashing to protect the confidentiality and integrity of your VM files.
Network security: Network traffic within virtualized environments cannot be monitored and protected by physical security controls, such as network-based intrusion detection systems. You must select appropriate tools to monitor inter- and intra-VM network traffic.
The concept of virtual machine introspection (VMI) allows a hypervisor to monitor its guest Operating Systems during runtime. Not all hypervisors are capable of VMI, but it’s a technique that can prove invaluable for securing VMs during operation.
Resource utilization: If not properly configured, a single VM can exhaust a host’s resources, leaving other VMs out of luck. Resource utilization is where the concept of limits (discussed in the “Reservations, limits, and shares” section of this chapter) comes in handy. It’s essential that you manage VMs as if they share a pool of resources — because they do!
View Article
CCSP The Secure Software Development Lifecycle (SDLC) Process Article / Updated 12-20-2023 The Secure Software Development Lifecycle process is covered under Domain 4, which represents 17 percent of the CCSP certification exam. Streamlined and secure application development requires a consistent methodology and a well-defined process of getting from concept to finished product. SDLC is the series of steps that is followed to build, modify, and maintain computing software.
Business requirements
Your organization’s business requirements should be a key consideration whenever you develop new software or even when you modify existing applications. You should make sure that you have a firm understanding of your organization’s goals (overall and specific to your project) and knowledge of the end-user’s needs and expectations.
It’s important to gather input from as many stakeholders as possible as early as possible to support the success of your application. Gathering requirements from relevant leaders and business units across your organization is crucial to ensuring that you don’t waste development cycles on applications or features that don’t meet the needs of your business.
These business requirements are a critical input into the SDLC.
SDLC phases
While the SDLC process has multiple different variations, it most commonly includes the steps, or phases:
Planning
Defining
Designing
Developing
Testing
Deploying and maintaining
There’s a good chance that you will see at least one question related to the SDLC on your exam. Remember that the titles of each phase may vary slightly from one methodology to the next, but make sure that you have a strong understanding of the overall flow and the order of operations.
Although none of the stages specifically reference security, it is important that you consider security at each and every step of the SDLC process. Waiting until later stages of the process can introduce unnecessary security risks, which can add unforeseen costs and extend your project timeline.
SDLC Planning phase
The Planning phase is the most fundamental stage of the SDLC and is sometimes called Requirements Gathering. During this initial phase, the project scope is established and high-level requirements are gathered to support the remaining lifecycle phases. The project team should work with senior leadership and all project stakeholders to create the overall project timeline and identify project costs and resources required.
During the Planning phase, you must consider all requirements and desired features and conduct a cost-benefit analysis to determine the potential financial impact versus the proposed value to the end-user. Using all the information that you gather during this phase, you should then validate the economic and technical feasibility of proceeding with the project.
The Planning phase is where risks should initially be identified. Your project team should consider what may go wrong and how you can mitigate, or lower, the impact of those risks. For example, imagine that you’re building an online banking application. As part of the Planning phase, you should not only consider all functional requirements of such an application, but also security and compliance requirements, such as satisfying PCI DSS. Consider what risks currently exist within your organization (or your cloud environment) that might get in the way of demonstrating PCI DSS and then plan ways to address those risks.
SDLC Defining phase
You may also see this phase referred to as Requirements Analysis. During the Defining phase, you use all the business requirements, feasibility studies, and stakeholder input from the Planning phase to document clearly defined product requirements. Your product requirements should provide full details of the specific features and functionality of your proposed application. These requirements will ultimately feed your design decisions, so it needs to be as thorough as possible.
In addition, during this phase you must define the specific hardware and software requirements required for your development team — identify what type of dev environment is needed, designate your programming language, and define all technical resources needed to complete the project.
This phase is where you should specifically define all your application security requirements and identify the tools and resources necessary to develop those accordingly. You should be thinking about where encryption is required, what type of access control features are needed, and what requirements you have for maintaining your code’s integrity.
SDLC Designing phase
The Designing phase is where you take your product requirements and software specifications and turn them into an actual design plan, often called a design specification document. This design plan is then used during the next phase to guide the actual development and implementation of your application.
During the Designing phase, your developers, systems architects, and other technical staff create the high-level system and software design to meet each identified requirement. Your mission during this phase is to design the overall software architecture and create a plan that identifies the technical details of your application’s design. In cloud development, this phase includes defining the required amount of CPU cores, RAM, and bandwidth, while also identifying which cloud services are required for full functionality of your application. This component is critical because it may identify a need for your organization to provision additional cloud resources. Your design should define all software components that need to be created, interconnections with third-party systems, the front-end user interface, and all data flows (both within the application and between users and the application).
At this stage of the SDLC, you should also conduct threat modeling exercises and integrate your risk mitigation decisions (from the Planning phase) into your formal designs. In other words, you want to fully identify potential risks.
SDLC Developing phase
Software developers, rejoice! After weeks or even months of project planning, you can finally write some code! During this phase of the SDLC, your development team breaks up the work documented in previous steps into pieces (or modules) that are coded individually. Database developers create the required data storage architecture, front-end developers create the interface that users will interact with, and back-end developers code all the behind-the-scenes inner-workings of the application. This phase is typically the longest of the SDLC, but if the previous steps are followed carefully, it can be the least complicated part of the whole process.
During this phase, developers should conduct peer reviews of each other’s code to check for flaws, and each individual module should be unit tested to verify its functionality prior to being rolled into the larger project. Some development teams skip this part and struggle mightily to debug flaws once an application is completed.
In addition to conducting functional testing of each module, the time is right to begin security testing. Your organization should conduct static code analysis and security scanning of each module before integration into the project. Failure to do so may allow individual software vulnerabilities to get lost in the overall codebase, and multiple individual security flaws may combine to present a larger aggregate risk, or combined risk.
SDLA Testing phase
Once the code is fully developed, the application enters the Testing phase. During this phase, application testers seek to verify whether the application functions as desired and according to the documented requirements; the ultimate goal here is to uncover all flaws within the application and report those flaws to the developers for patching. This cyclical process continues until all product requirements have been validated and all flaws have been fixed.
As a completed application, security testers have more tools at their disposal to uncover security flaws. Instead of relying solely on static code analysis, testers can use dynamic analysis to identify flaws that occur only when the code is executed.
The Testing phase is one of the most crucial phases of the SDLC, as it is the main gate between your development team and customers. Testing should be conducted in accordance with an application testing plan that identifies what and how to test. Management and relevant stakeholders should carefully review and approve your testing plan before testing begins.
Deploying and maintaining
Once the application has passed the Testing phase, it is ready to be deployed for customer use. There are often multiple stages of deployment (Alpha, Beta, and General Availability are common ones), each with its own breadth of deployment (for example, alpha releases tend to be deployed to select customers, whereas general availability means it’s ready for everyone).
Once applications have been tested and successfully deployed, they enter a maintenance phase where they’re continually monitored and updated. During the Maintaining phase, the production software undergoes an ongoing cycle of the SDLC process, where security patches and other updates go through the same planning, defining, designing, developing, testing, and deploying activities discussed in the preceding sections.
Many SDLC models include a separate phase for disposal or termination, which happens when an application is no longer needed or supported. From a security perspective, you should keep in mind that data (including portions of applications) may remain in cloud environments even after deletion. Consult your contracts and SLAs for commitments that your CSP makes for data deletion.
Methodologies
Although the steps within the SDLC remain largely constant, several SDLC methodologies, or models, exist, and each approaches these steps in slightly different ways. Two of the most commonly referenced and used methodologies are waterfall and agile.
Waterfall
Waterfall is the oldest and most straightforward SDLC methodology. In this model, you complete one phase and then continue on to the next — you move in sequential order, flowing through every step of the cycle from beginning to end. Each phase of this model relies on successful completion of the previous phase; there’s no going back, because... well, because waterfalls don’t flow up.
Some advantages of the waterfall methodology include
It’s simple to manage and easy to follow.
Tracking and measuring progress is easy because you have a clearly defined end state early on.
The measure twice, cut once approach allows applications to be developed based upon a more complete understanding of all requirements and deliverables from the start.
The process can largely occur without customer intervention after requirements are initially gathered. Customers and developers agree on desired outcomes early in the project.
Some challenges that come with waterfall include
It’s rigid. Requirements must be fully developed early in the process and are difficult to change once the design has been completed.
Products may take longer to deliver compared to more iterative models, like agile.
It relies very little on the customer or end-user, which may make some customers feel left out.
Testing is delayed until late in the process, which may allow small issues to build up into larger ones before they’re detected.
Agile
Agile is more of the new kid on the block, having been introduced in the 1990s. In this model, instead of proceeding in a linear and sequential fashion, development and testing activities occur simultaneously and cyclically.
Application development is separated into sprints that produce a succession of releases that each improves upon the previous release. With the agile model, the goal is to move quickly and to fail fast — create your first release, test it, fix it, and create your next release fast!
Some advantages of the agile methodology include
It’s flexible. You can move from one phase to the next without worrying that the previous phase isn’t perfect or complete.
Time to market is much quicker than waterfall.
It’s very user-focused; the customer has frequent opportunities to give feedback on the application.
Risks may be reduced because the iterative nature of agile allows you get feedback and conduct testing early and often.
Some challenges that come with Agile include
It can be challenging to apply in real-life projects, especially larger projects with many stakeholders and components.
The product end-state is less predictable than waterfall. With agile, you iterate until you’re happy with the result.
It requires a very high level of collaboration and frequent communication between developers, customers, and other stakeholders. This challenge can be a pro, but sometimes has a negative impact on developers and project timelines.
View Article
CCSP CCSP For Dummies Cheat Sheet Cheat Sheet / Updated 12-20-2023 The Certified Cloud Security Professional (CCSP) credential is based upon a Common Body of Knowledge (CBK) jointly developed by the International Information Systems Security Certification Consortium (ISC)2 and the Cloud Security Alliance (CSA).
The CBK (and the associated exam) includes six domains that cover separate, but interrelated, areas: Cloud Concepts, Architecture and Design; Cloud Data Security; Cloud Platform & Infrastructure Security; Cloud Application Security; Cloud Security Operations; and Legal, Risk and Compliance. A ton of information is in these domains, and you can use this Cheat Sheet to remember some of the most important parts. View Cheat Sheet
Swahili Swahili For Dummies Cheat Sheet Cheat Sheet / Updated 12-01-2023 Whether you’re planning to visit East Africa for a few days or stay long term, it’s a good idea to have some basic phrases up your sleeve to help you manage conversations in Swahili smoothly. In this cheat sheet, you’ll find useful phrases to use in greetings, asking questions, dealing with numbers, and understanding the calendar days. View Cheat Sheet
Genetics Genetics For Dummies Cheat Sheet Cheat Sheet / Updated 11-21-2023 Genetics is a complex field with lots of details to keep straight. But when you get a handle on some key terms and concepts, including the structure of DNA and the laws of inheritance, you can start putting the pieces together for a better understanding of genetics. View Cheat Sheet
Italian Italian Workbook For Dummies Cheat Sheet Cheat Sheet / Updated 11-02-2023 As you're studying Italian, either on your own or in a course, keep this Cheat Sheet handy for a quick reference on articles, personal pronouns, tenses, and more. View Cheat Sheet
page 1
page 2
page 3
page 4
page 5
page 6
page 7
page 8
page 9
page 10
page 11
page 12
page 13
page 14
page 15
page 16
page 17
page 18
page 19
page 20
page 21
page 22
page 23
page 24
page 25
page 26
page 27
page 28
page 29
page 30
page 31
page 32
page 33
page 34
page 35
page 36
page 37
page 38
page 39
page 40
page 41
page 42
page 43
page 44
page 45
page 46
page 47
page 48
page 49
page 50
page 51
page 52
page 53
page 54
page 55
page 56
page 57
page 58
page 59
page 60
page 61
page 62
page 63
page 64
page 65
page 66
page 67
page 68
page 69
page 70
page 71
page 72
page 73
page 74
page 75
page 76
page 77
page 78
page 79
page 80
page 81
page 82
page 83
page 84
page 85
page 86
page 87
page 88
page 89
page 90
page 91
page 92
page 93
page 94
page 95
page 96
page 97
page 98
page 99
page 100
page 101
page 102
page 103
page 104
page 105
page 106
page 107
page 108
page 109
page 110
page 111
page 112
page 113
page 114
page 115
page 116
page 117
page 118
page 119
page 120
page 121
page 122
page 123
page 124
page 125
page 126
page 127
page 128
page 129
page 130
page 131
page 132
page 133
page 134
page 135
page 136
page 137
page 138
page 139
page 140
page 141
page 142
page 143
page 144
page 145
page 146
page 147
page 148
page 149
page 150
page 151
page 152
page 153
page 154
page 155
page 156
page 157
page 158
page 159
page 160
page 161
page 162
page 163
page 164
page 165
page 166
page 167
page 168
page 169
page 170
page 171
page 172
page 173
page 174
page 175
page 176
page 177
page 178
page 179
page 180
page 181
page 182
page 183
page 184
page 185
page 186
page 187
page 188
page 189
page 190
page 191
page 192
page 193
page 194
page 195
page 196
page 197
page 198
page 199
page 200
page 201
page 202
page 203
page 204
page 205
page 206
page 207
page 208
page 209
page 210
page 211
page 212
page 213
page 214
page 215
page 216
page 217
page 218
page 219
page 220
page 221
page 222
page 223
page 224
page 225
page 226
page 227
page 228
page 229
page 230
page 231
page 232
page 233
page 234
page 235
page 236
page 237
page 238
page 239
page 240
page 241
page 242
page 243
page 244
page 245
page 246
page 247
page 248
page 249
page 250
page 251
page 252
page 253
page 254
page 255
page 256
page 257
page 258
page 259
page 260
page 261
page 262
page 263
page 264
page 265
page 266
page 267
page 268
page 269
page 270
page 271
page 272
page 273
page 274
page 275
page 276
page 277
page 278
page 279
page 280
page 281
page 282
page 283
page 284
page 285
page 286
page 287
page 288
page 289
page 290
page 291
page 292
page 293
page 294
page 295
page 296
page 297
page 298
page 299
page 300
page 301
page 302
page 303
page 304
page 305
page 306
page 307
page 308
page 309
page 310
page 311
page 312
page 313
page 314
page 315
page 316
page 317
page 318
page 319
page 320
page 321
page 322
page 323
page 324
page 325
page 326
page 327
page 328
page 329
page 330
page 331
page 332
page 333
page 334
page 335
page 336
page 337
page 338
page 339
page 340
page 341
page 342
page 343
page 344
page 345
page 346
page 347
page 348
page 349
page 350
page 351
page 352
page 353
page 354
page 355
page 356
page 357
page 358
page 359
page 360
page 361
page 362
page 363
page 364
page 365
page 366
page 367
page 368
page 369
page 370
page 371
page 372
page 373
page 374
page 375
page 376
page 377
page 378
page 379
page 380
page 381
page 382
page 383
page 384
page 385
page 386
page 387
page 388
page 389
page 390
page 391
page 392
page 393
page 394
page 395
page 396
page 397
page 398
page 399
page 400
page 401
page 402
page 403
page 404
page 405
page 406
page 407
page 408
page 409
page 410
page 411
page 412
page 413
page 414
page 415
page 416
page 417
page 418
page 419
page 420
page 421
page 422
page 423
page 424
page 425
page 426
page 427
page 428
page 429
page 430
page 431
page 432
page 433
page 434
page 435
page 436
page 437
page 438
page 439
page 440
page 441
page 442
page 443
page 444
page 445
page 446
page 447
page 448
page 449
page 450
page 451
page 452
page 453
page 454
page 455
page 456
page 457
page 458
page 459
page 460
page 461
page 462
page 463
page 464
page 465
page 466
page 467
page 468
page 469
page 470
page 471
page 472
page 473
page 474
page 475
page 476
page 477
page 478
page 479
page 480
page 481
page 482
page 483
page 484
page 485
page 486
page 487
page 488
page 489
page 490
page 491
page 492
page 493
page 494
page 495
page 496
page 497
page 498
page 499
page 500
page 501
page 502
page 503
page 504
page 505
page 506
page 507
page 508
page 509
page 510
page 511
page 512
page 513
page 514
page 515
page 516
page 517
page 518
page 519
page 520
page 521
page 522
page 523
page 524
page 525
page 526
page 527
page 528
page 529
page 530
page 531
page 532
page 533
page 534
page 535
page 536
page 537
page 538
page 539
page 540
page 541
page 542
page 543
page 544
page 545
page 546
page 547
page 548
page 549
page 550
page 551
page 552
page 553
page 554
page 555
page 556
page 557
page 558
page 559
page 560
page 561
page 562
page 563
page 564
page 565
page 566
page 567
page 568
page 569
page 570
page 571
page 572
page 573
page 574
page 575
page 576
page 577
page 578
page 579
page 580
page 581
page 582
page 583
page 584
page 585
page 586
page 587
page 588
page 589
page 590
page 591
page 592
page 593
page 594
page 595
page 596
page 597
page 598
page 599
page 600
page 601
page 602
page 603
page 604
page 605
page 606
page 607
page 608
page 609
page 610
page 611
page 612
page 613
page 614
page 615
page 616
page 617
page 618
page 619
page 620
page 621
page 622
page 623
page 624
page 625
page 626
page 627
page 628
page 629
page 630
page 631
page 632
page 633
page 634
page 635
page 636
page 637
page 638
page 639
page 640
page 641
page 642
page 643
page 644
page 645
page 646
page 647
page 648
page 649
page 650
page 651
page 652
page 653
page 654
page 655
page 656
page 657
page 658
page 659
page 660
page 661
page 662
page 663
page 664
page 665
page 666
page 667
page 668
page 669
page 670
page 671
page 672
page 673
page 674
page 675
page 676
page 677
page 678
page 679
page 680
page 681
page 682
page 683
page 684
page 685
page 686
page 687
page 688
page 689
page 690
page 691
page 692
page 693
page 694
page 695
page 696
page 697
page 698
page 699
page 700
page 701
page 702
page 703
page 704
page 705
page 706
page 707
page 708
page 709
page 710
page 711
page 712
page 713
page 714
page 715
page 716
page 717
page 718
page 719
page 720
page 721
page 722
page 723
page 724
page 725
page 726
page 727
page 728
page 729
page 730
page 731
page 732
page 733
page 734
page 735
page 736
page 737
page 738
page 739
page 740
page 741
page 742
page 743
page 744
page 745
page 746
page 747
page 748
page 749
page 750
page 751
page 752
page 753
page 754
page 755
page 756
page 757
page 758
page 759
page 760
page 761
page 762
page 763
page 764
page 765
page 766
page 767
page 768
page 769
page 770
page 771
page 772
page 773
page 774
page 775
page 776
page 777
page 778
page 779
page 780
page 781
page 782
page 783
page 784
page 785
page 786
page 787
page 788
page 789
page 790
page 791
page 792
page 793
page 794
page 795
page 796
page 797
page 798
page 799
page 800
page 801
page 802
page 803
page 804
page 805
page 806
page 807
page 808
page 809
page 810
page 811
page 812
page 813
page 814
page 815
page 816
page 817
page 818
page 819
page 820
page 821
page 822
page 823
page 824
page 825
page 826
page 827
page 828
page 829
page 830
page 831
page 832
page 833
page 834
page 835
page 836
page 837
page 838
page 839
page 840
page 841
page 842
page 843
page 844
page 845
page 846
page 847
page 848
page 849
page 850
page 851
page 852
page 853
page 854
page 855
page 856
page 857
page 858
page 859
page 860
page 861
page 862