☁️ با گسترش روزافزون فناوری‌های ابری در صنایع مختلف، نیاز به دانش امنیت فضای ابری و گواهی‌نامه‌های معتبر بیش از هر زمان دیگری احساس می‌شود.

کتاب حاضر راهنمایی جامع برای آمادگی آزمون بین‌المللی و معتبر CCSK است — آزمونی که توسط Cloud Security Alliance (CSA) طراحی شده و یکی از پرآوازه‌ترین مدارک امنیت ابری مستقل از فروشندگان (vendor-agnostic) در جهان به شمار می‌رود.

🔐 ویژگی‌های کلیدی کتاب:

• توضیح مفاهیم حیاتی مانند معماری ابر، حاکمیت، انطباق (Compliance) و مدیریت ریسک
• شامل نمونه‌سؤالات هدفمند، مرورهای خلاصه، و نکات هر فصل برای افزایش ماندگاری مطالب
• پوشش آخرین موضوعات روز از جمله امنیت هوش مصنوعی (AI Security) و مدل اعتماد صفر (Zero Trust)
• بررسی امنیت در محیط‌های Container، PaaS، و FaaS
• آموزش پاسخ به رخدادها (Incident Response) در فضای ابری
• پر از نمونه‌های واقعی از صنایع مختلف و تجربیات شخصی نویسنده در شرکت‌های بزرگ و قانون‌مند

🎯 اهداف کتاب:

با مطالعه‌ی این کتاب:

• برای موفقیت در آزمون CCSK آماده می‌شوید.
• دانش خود را برای سایر مدارک امنیتی پیشرفته تقویت می‌کنید.
• مهارت‌های لازم برای پیشرفت شغلی در امنیت ابری را به‌دست می‌آورید.
• مفاهیم نظری را با سناریوهای واقعی و کاربردی پیوند می‌زنید.

🧠 زمینه‌های دانشی تحت پوشش کتاب:

• مفاهیم و معماری رایانش ابری
• حاکمیت ابری (Cloud Governance)
• ریسک، حسابرسی و انطباق
• مدیریت سازمانی
• هویت و دسترسی (IAM)
• پایش امنیت (Security Monitoring)
• زیرساخت و شبکه
• امنیت بارهای کاری ابری (Workload Security)
• امنیت داده و برنامه
• پاسخ‌گویی به رخدادها و تاب‌آوری (Resilience)
• فناوری‌ها و راهبردهای مرتبط

📈 شاخه تخصصی کتاب:

این اثر در شاخه‌های زیر از مدیریت و فناوری اطلاعات قرار می‌گیرد:

• امنیت سایبری (Cybersecurity)
• امنیت رایانش ابری (Cloud Security)
• مدیریت فناوری اطلاعات (IT Management)
• مدیریت ریسک و انطباق (Risk & Compliance Management)
• آمادگی برای آزمون‌های بین‌المللی امنیت (Certification Preparation)

👨‍🏫 درباره نویسنده:

Graham Thompson متخصص امنیت اطلاعات با بیش از ۲۵ سال سابقه در حوزه‌های مهندسی، معماری، ارزیابی و آموزش است.

او نویسنده‌ی نسخه‌های پیشین CCSK All-in-One Exam Guide و مربی اصلی ائتلاف امنیت ابری (CSA) می‌باشد.

سبک آموزشی او ساده، روان و مبتنی بر تجربه است — با هدف آموزش واقعی، نه صرفاً تدریس تئوری.

As cloud technology becomes increasingly essential across industries, the need for thorough security knowledge and certification has never been more crucial. The Certificate of Cloud Security Knowledge (CCSK) exam, globally recognized and highly respected, presents a formidable challenge for many.

Author Graham Thompson offers you in-depth guidance and practical tools not only to pass the exam but also to grasp the broader implications of cloud security. This book is filled with real-world examples, targeted practice questions, and the latest on zero trust and AI security—all designed to mirror the actual exam. By reading this book, you will:

• Understand critical topics such as cloud architecture, governance, compliance, and risk management
• Prepare for the exam with chapter tips, concise reviews, and practice questions to enhance retention
• See the latest on securing different workloads (containers, PaaS, FaaS) and on incident response in the cloud
• Equip yourself with the knowledge necessary for significant career advancement in cloud security

Table of Contents

Chapter 1. Cloud Computing Concepts and Architectures

Chapter 2. Principles of Cloud and IT Governance

Chapter 3. Navigating Risk, Audit, and Compliance

Chapter 4. Guide to Cloud Organization Management

Chapter 5. Identity and Access Management

Chapter 6. Detecting Threats in the Cloud

Chapter 7. Infrastructure and Networking

Chapter 8. Cloud Workload Security

Chapter 9. Keeping Data Safe in the Cloud

Chapter 10. Building Secure Applications

Chapter 11. Incident Response: From Detection to Recovery

Chapter 12. Deep Dive into Zero Trust and AI

Chapter 13. Preparing for Your CC SP Exam

Cloud computing has fundamentally reshaped how organizations build, secure, and scale their digital infrastructure. With this transformation comes a new set of risks, responsibilities, and security approaches that professionals must understand to protect cloud environments effectively. The Certificate of Cloud Security Knowledge (CCSK), now in its fifth version, was developed by the Cloud Security Alliance (CSA) to help professionals and organizations with a framework for building cloud security implementations. The CCSK is one of the most widely recognized vendor-agnostic certifications in cloud security. It offers a strong foundation in best practices for governance, cloud provider assessment, cloud security architecture, and the technical aspects of securing cloud environments.

This study guide was created to support your preparation for the CCSK exam. It follows the structure of the official CSA study guide and goes deeper into key subjects that all security professionals should be well versed in. No matter if you are a recent graduate, work in the IT field, perform a compliance role, or seek to round out your cloud knowledge as a seasoned cybersecurity professional, this book will serve you well in obtaining your CCSK certification.

The following is a list of the knowledge areas covered in this book:

• Cloud computing concepts and architectures
• Cloud governance
• Risk, audit, and compliance
• Organization management
• Identity and access management
• Security monitoring
• Infrastructure and networking
• Cloud workload security
• Data security
• Application security
• Incident response and resilience
• Related technologies and strategies

Each chapter explains core concepts clearly, connects theory to real-world scenarios, and includes review questions to reinforce key takeaways. Whether you’re studying independently or in a group setting, this guide is designed to keep you focused on what matters most for the exam—and more importantly, for advancing your career.

Who This Book Is For

I wrote this book for people who want to get ahead and are considering obtaining certification in the field of cloud security. If you are reading this, you are already interested in the security field. Although my top priority in writing this book was to help you pass the CCSK exam, another objective I had during its creation was to set you up for success in obtaining other security certifications. I obviously can’t address everything in the field of security in a single book, but I can honestly say I believe the content in this book fills in the assumed knowledge of the CSA material and expands on important material beyond just the exam.

My goal in writing this book was to make the content approachable, comprehensive, and real. I threw away the thesaurus in favor of creating a reader-friendly approach. I wrote this book in the same way that I teach the official CCSK training course. My goal is to teach you, not to sound like a professor. Throughout the chapters, I try to share real-world stories from my years of experience working with large, regulated companies in a variety of industries. I believe these experiences happened so that I could pass these stories on to you to assist with your learning.

I hope you find this study guide useful not only for passing the exam, but also for helping you become a more effective and confident cloud security professional.

About the Author

Graham Thompson is an Information Security professional with over 25 years of enterprise experience across engineering, architecture, assessment, and training disciplines. He is the author of the CCSK All-in-One Exam guide (v4) and is a principal trainer for the Cloud Security Alliance.