CCSK Certificate of Cloud Security

Knowledge All-in-One Exam Guide

Graham Thompson
Visit to download the full and correct content document:
https://ebookmass.com/product/ccsk-certificate-of-cloud-security-knowledge-all-in-on
e-exam-guide-graham-thompson/
Contents
1. Cover
2. About the Author
3. Title Page
4. Copyright Page
5. Dedication
6. Contents at a Glance
7. Contents
8. Foreword
9. Acknowledgments
10. Introduction
11. Chapter 1 Cloud Computing Concepts and Architectures

1. Cloud Logical Model

1. Infrastructure
2. Metastructure
3. Infostructure
4. Applistructure

2. Cloud Computing Definitions

1. Essential Characteristics
2. Cloud Service Models
3. Cloud Deployment Models

3. Cloud Security Scope and the Shared Responsibility Model

1. Shared Responsibility Model

2. Cloud Security Alliance Tools
3. Cloud Controls Matrix
4. Consensus Assessments Initiative Questionnaire
5. STAR Registry
6. Cloud Reference and Architecture Models
 4. Chapter Review

1. Questions
2. Answers
12. Chapter 2 Governance and Enterprise Risk Management

1. Governance

1. Governance Backgrounder
2. Cloud Governance

2. Risk Management

1. Risk Management Backgrounder

3. Cloud Risk Management

1. The Effects of Service and Deployment Models

2. Cloud Risk Management Trade-Offs
3. Assessing Cloud Service Providers

4. Chapter Review

1. Questions
2. Answers

13. Chapter 3 Legal Issues, Contracts, and Electronic Discovery

1. Legal Frameworks Governing Data Protection and Privacy

1. Required Security Measures

2. Treaties
3. Restrictions to Cross-Border Data Transfers
4. CLOUD Act

2. Regional Examples

1. Asia Pacific Region

2. European Union and European Economic Area
 3. The Americas
3. Contracts and Provider Selection

1. Internal Due Diligence

2. Monitoring, Testing, and Updating
3. External Due Diligence
4. Contract Negotiations
5. Third-Party Audits and Attestations

4. Electronic Discovery

1. Possession, Custody, and Control

2. Relevant Cloud Applications and Environment
3. Searchability and E-Discovery Tools
4. Preservation
5. Data Retention Laws and Recordkeeping
Obligations
6. Data Collection
7. Forensics
8. Reasonable Integrity
9. Direct Access
10. Native Production
11. Authentication
12. Cooperation Between Provider and Client in E-
Discovery
13. Response to a Subpoena or Search Warrant

5. Chapter Review

1. Questions
2. Answers
14. Chapter 4 Compliance and Audit Management

1. Compliance Backgrounder
2. Impact of the Cloud on Contracts
3. How the Cloud Changes Compliance

1. Compliance Inheritance
2. Continuous Compliance
 4. Audit Backgrounder
5. Audit Management in the Cloud
6. SOC Reports and ISO Certifications Backgrounder

1. SOC Backgrounder
2. ISO Backgrounder

7. How the Cloud Changes Audits

1. Right to Audit
2. Audit Scope
3. Auditor Requirements

8. Chapter Review

1. Questions
2. Answers
15. Chapter 5 Information Governance

1. Cloud Information Governance Domains

1. Information Classification Backgrounder

2. Information Management Backgrounder

2. The Data Security Lifecycle

1. Locations and Entitlements

2. Functions, Actors, and Controls

3. Chapter Review

1. Questions
2. Answers

16. Chapter 6 Management Plane and Business Continuity

1. Management Plane

1. Application Programming Interface Backgrounder

 2. Accessing the Management Plane
3. Securing the Management Plane
2. Business Continuity and Disaster Recovery in the Cloud

1. BCP/DR Backgrounder
2. Architecting for Failure
3. Business Continuity Within the Cloud Provider
4. Chaos Engineering
5. Business Continuity for Loss of the Cloud Provider
6. Continuity for Private Cloud and Providers

3. Chapter Review

1. Questions
2. Answers
17. Chapter 7 Infrastructure Security

1. Cloud Network Virtualization

1. OSI Reference Model Backgrounder

2. VLANs
3. VXLAN
4. Networking Planes Backgrounder
5. Software Defined Networking
6. Network Functions Virtualization

2. How Security Changes with Cloud Networking

1. Challenges of Virtual Appliances

2. Benefits of SDN Security
3. Microsegmentation and the Software Defined
Perimeter
4. Additional Considerations for CSPs or Private
Clouds
5. Hybrid Cloud Considerations

3. Cloud Compute and Workload Security

1. Compute Abstraction Technologies

2. How the Cloud Changes Workload Security
 3. Immutable Workloads Enable Security
4. The Impact of the Cloud on Standard Workload
Security Controls
5. Changes to Workload Security Monitoring and
Logging
6. Changes to Vulnerability Assessment
4. Chapter Review

1. Questions
2. Answers
18. Chapter 8 Virtualization and Containers

1. Major Virtualization Categories Relevant to Cloud

Computing

1. Compute Virtualization
2. Network Virtualization
3. Storage Virtualization

2. Containers

1. Container Definitions Backgrounder

2. Container Security Recommendations

3. Chapter Review

1. Questions
2. Answers

19. Chapter 9 Incident Response

1. Incident Response Lifecycle

1. Incident and Event Backgrounder

2. Preparation Phase
3. Detection and Analysis Phase
4. Containment, Eradication, and Recovery Phase
5. Post-Incident Activity Phase

2. How the Cloud Impacts Incident Response

 1. Preparation
2. Detection and Analysis
3. Containment, Eradication, and Recovery
4. Post-Incident Activity
3. Chapter Review

1. Questions
2. Answers
20. Chapter 10 Application Security

1. The SSDLC and Cloud Computing

2. Secure Design and Development

1. Training
2. Define
3. Design
4. Develop
5. Test

3. Secure Deployment

1. Cloud Impacts on Vulnerability Assessments

2. Cloud Impact on Penetration Testing
3. Deployment Pipeline Security
4. Impact of IaC and Immutable Workloads

4. Secure Operations
5. How the Cloud Impacts Application Design and
Architectures

1. Microservices Backgrounder

6. The Rise and Role of DevOps

1. DevOps Backgrounder
2. Security Implications and Advantages of DevOps

7. Chapter Review

1. Questions
 2. Answers
21. Chapter 11 Data Security and Encryption

1. Data Security Controls

2. Cloud Data Storage Types
3. Managing Data Migrations to the Cloud

1. CASB Backgrounder
2. Securing Cloud Data Transfers

4. Securing Data in the Cloud

1. Cloud Data Access Controls

2. Storage (at Rest) Encryption and Tokenization
3. Key Management (Including Customer-Managed
Keys)

5. Data Security Architecture

6. Monitoring, Auditing, and Alerting
7. Additional Data Security Controls

1. Cloud Platform/Provider-Specific Controls

2. Data Loss Prevention
3. Enterprise Rights Management
4. Data Masking and Test Data Generation

8. Enforcing Lifecycle Management Security

9. Chapter Review

1. Questions
2. Answers

22. Chapter 12 Identity, Entitlement, and Access Management

1. How IAM Works in the Cloud

2. IAM Terms
3. IAM Standards

1. Federation Backgrounder
 4. Managing Users and Identities for Cloud Computing
5. Authentication and Credentials
6. Entitlements and Access Management
7. Privileged User Management
8. Chapter Review

1. Questions
2. Answers
23. Chapter 13 Security as a Service

1. Potential Benefits and Concerns of SecaaS

2. Major Categories of SaaS Offerings

1. Identity, Entitlement, and Access Management

Services
2. Cloud Access Security Broker
3. Web Security Gateway
4. E-mail Security
5. Security Assessment
6. Web Application Firewall
7. Intrusion Detection/Prevention
8. Security Information and Event Management
(SIEM)
9. Encryption and Key Management
10. Business Continuity and Disaster Recovery
11. Security Management
12. Distributed Denial of Service Protection

3. Chapter Review

1. Questions
2. Answers

24. Chapter 14 Related Technologies

1. Big Data

1. Distributed Data Collection Backgrounder

2. Hadoop Backgrounder
3. Security and Privacy Considerations
 4. Data Collection
5. Key Management
6. Security Capabilities
7. Identity and Access Management
8. PaaS
2. Internet of Things (IoT)
3. Mobile Computing
4. Serverless Computing
5. Chapter Review

1. Questions
2. Answers
25. Chapter 15 ENISA Cloud Computing: Benefits, Risks, and
Recommendations for Information Security

1. Security Benefits of Cloud

1. Security and the Benefits of Scale

2. Security as a Market Differentiator
3. Standardized Interfaces for Managed Security
Services
4. Rapid, Smart Scaling of Resources
5. Audit and Evidence Gathering
6. Timely, Effective, and Efficient Updates and
Defaults
7. Audit and SLAs Force Better Risk Management
8. Benefits of Resource Concentration

2. Top Security Risks

1. IT Risk Backgrounder
2. Loss of Governance
3. Lock-in
4. Isolation Failure
5. Compliance Risks
6. Management Interface Compromise
7. Data Protection
8. Insecure or Incomplete Data Deletion
9. Malicious Insider
 3. Five Key Legal Issues Common Across All Scenarios

1. Data Protection
2. Confidentiality
3. Intellectual Property
4. Professional Negligence
5. Outsourcing Service and Changes in Control

4. Additional Items for the Exam

1. Open Virtualization Format

2. VM Hopping
3. Economic Denial of Service
4. Licensing Risks
5. Risk Concerns of a Cloud Provider Being Acquired
6. Data Controller vs. Data Processor Definitions
7. Guest System Monitoring in IaaS Responsibilities
8. User Provisioning Vulnerability
9. Underlying Vulnerability in Loss of Governance

5. Risks R.1–R.35 and Underlying Vulnerabilities

6. Chapter Review

1. Questions
2. Answers
26. Appendix A Cloud Computing Security Policy Examples

1. Cloud Security Policy: Centralized Example

1. Purpose
2. Scope
3. Background
4. Policy

2. Cloud Security Policy: Classification Example

1. Purpose
2. Scope
3. Background
4. Policy
 27. Appendix B About the Online Content

1. System Requirements
2. Your Total Seminars Training Hub Account

1. Privacy Notice

3. Single User License Terms and Conditions

4. TotalTester Online
5. Technical Support

28. Glossary
29. Index

Guide
1. Cover
2. Title Page
3. CCSK™ Certificate of Cloud Security Knowledge All-in-One Exam
Guide

Page List
1. i
2. iii
3. v
4. vi
5. vii
6. viii
7. x
8. xi
9. xii
10. xiii
11. xiv
12. xv
13. xvi
14. xvii
15. xviii
16. xix
17. xx
18. xxi
19. xxii
20. xxiii
21. xxiv
22. xxv
23. xxvi
24. xxvii
25. xxviii
26. xxix
27. xxx
28. 1
29. 2
30. 3
31. 4
32. 6
33. 5
34. 7
35. 8
36. 9
37. 10
38. 11
39. 12
40. 13
41. 14
42. 15
43. 16
44. 17
45. 18
46. 19
47. 20
48. 21
49. 22
50. 23
51. 24
52. 25
53. 26
54. 27
55. 28
56. 29
57. 30
58. 31
59. 32
60. 33
61. 34
62. 35
63. 36
64. 37
65. 38
66. 39
67. 40
68. 41
69. 42
70. 43
71. 44
72. 45
73. 46
74. 47
75. 48
76. 49
77. 50
78. 51
79. 52
80. 53
81. 54
82. 55
83. 56
84. 57
85. 58
86. 59
87. 60
88. 61
89. 62
90. 63
91. 64
92. 65
93. 66
94. 67
95. 68
 96. 69
97. 70
98. 71
99. 72
100. 73
101. 74
102. 75
103. 76
104. 77
105. 78
106. 79
107. 80
108. 81
109. 82
110. 83
111. 84
112. 85
113. 86
114. 87
115. 88
116. 89
117. 90
118. 91
119. 92
120. 93
121. 94
122. 95
123. 96
124. 97
125. 98
126. 99
127. 100
128. 101
129. 102
130. 103
131. 104
132. 105
133. 106
134. 107
135. 108
136. 109
137. 110
138. 111
139. 112
140. 113
141. 114
142. 115
143. 116
144. 117
145. 118
146. 119
147. 120
148. 121
149. 122
150. 123
151. 124
152. 125
153. 126
154. 127
155. 128
156. 129
157. 130
158. 131
159. 132
160. 133
161. 134
162. 135
163. 136
164. 137
165. 138
166. 139
167. 140
168. 141
169. 142
170. 143
171. 144
172. 145
173. 146
174. 147
175. 148
176. 149
177. 150
178. 151
179. 152
180. 153
181. 154
182. 155
183. 156
184. 157
185. 158
186. 159
187. 160
188. 161
189. 162
190. 163
191. 164
192. 165
193. 166
194. 167
195. 168
196. 169
197. 170
198. 171
199. 172
200. 173
201. 174
202. 175
203. 176
204. 177
205. 178
206. 179
207. 180
208. 181
209. 182
210. 183
211. 184
212. 185
213. 186
214. 187
215. 188
216. 189
217. 190
218. 191
219. 192
220. 193
221. 194
222. 195
223. 196
224. 197
225. 198
226. 199
227. 200
228. 201
229. 202
230. 203
231. 204
232. 205
233. 206
234. 207
235. 208
236. 209
237. 210
238. 211
239. 212
240. 213
241. 214
242. 215
243. 216
244. 217
245. 218
246. 219
247. 220
248. 221
249. 222
250. 223
251. 224
252. 225
253. 226
254. 227
255. 228
256. 229
257. 230
258. 231
259. 232
260. 233
261. 234
262. 235
263. 236
264. 237
265. 238
266. 239
267. 240
268. 241
269. 242
270. 243
271. 244
272. 245
273. 246
274. 247
275. 248
276. 249
277. 250
278. 251
279. 252
280. 253
281. 254
282. 255
283. 256
284. 257
285. 258
286. 259
287. 260
288. 261
289. 262
290. 263
291. 264
292. 265
293. 266
294. 267
295. 268
296. 269
297. 270
298. 271
299. 272
300. 273
301. 274
302. 275
303. 276
304. 277
305. 278
306. 279
307. 280
308. 281
309. 282
310. 283
311. 284
312. 285
313. 286
314. 287
315. 288
316. 289
317. 290
318. 291
319. 292
320. 293
321. 294
322. 295
323. 296
324. 298
325. 299
326. 300
327. 301
328. 302
329. 303
330. 304
331. 305
332. 306
333. 307
334. 308
335. 309
336. 310
337. 311
338. 312
339. 313
340. 314
341. 315
342. 316
343. 317
344. 318
345. 319
346. 320
347. 321
348. 322
349. 323
350. 324
351. 325
352. 326
353. 327
354. 328
355. 329
356. 330
357. 331
358. 332
359. 333
360. 334
361. 335
362. 336
363. 337
 ABOUT THE AUTHOR
Graham Thompson is the founder of Intrinsec Security, a
cloud security consulting and training organization that serves
enterprises and governments across North America. He is a
security professional with more than 25 years of experience in
areas such as systems engineering, technical architecture,
vulnerability assessment, and a variety of management roles.
He has built successful multimillion-dollar security solutions for
leading enterprises and government agencies.

Since 2010, Graham has dedicated himself to cloud security. He

has architected and assessed cloud security solutions for
government agencies and Fortune 500 financial, telecom, and
retail companies across North America. He is a Cloud Security
Alliance and (ISC)2 authorized trainer of CCSK, CISSP, and
CCSP, a course he helped develop as a subject matter expert.

In addition to his CSA and (ISC)2 certifications, Graham has

obtained multiple certifications, including Amazon, ISACA
(CISA), Microsoft (MCSE), Cisco, Symantec, Fortinet, SANS,
and others. He attended McGill University in Montreal and has
been an adjunct professor for multiple security courses at
Algonquin College in Ottawa.

ABOUT THE TECHNICAL EDITORS

Ryan Bergsma, CCSK, is a dedicated cybersecurity
professional who endeavors to promote best practices in
cybersecurity in general and cloud security in particular. As the
Training Program Director for the Cloud Security Alliance, he is
constantly looking for ways to turn the most recent best
practices documentation into training products that can help to
fill the cybersecurity skills gap and develop individuals who can
create a more secure cyber ecosystem. Ryan comes from a sales
and business background and holds a bachelor’s degree in
computer information system security.

Daniele Catteddu is a security and risk management

practitioner and a privacy evangelist. He worked in senior roles
in both the private and public sectors. Currently, he is the CTO
at Cloud Security Alliance, where he is responsible for driving
the adoption of the organization technology strategy. He is the
co-founder of the CSA STAR Program and a member of the
Italian Standard National delegation at ISO/IEC SC27. He is a
lecturer at the Maastricht University Centre on Privacy &
Cybersecurity, a member of the European Privacy Association
Scientific Committee, and a member of the Advisory Board of
the Kent University CyberSecurity. In the past, he worked at
ENISA, the European Union Agency for Cybersecurity, as an
expert in the areas of critical information infrastructure
protection and emerging and future risks. Before joining
ENISA, he worked as an information security consultant in the
banking and financial sector. He holds a master’s degree in
business administration and economics from the University of
Parma (Italy). He is a frequent keynote speaker at leading
security conferences and the author of several papers on
cybersecurity and privacy.

Dr. Peter van Eijk, CCSK, CCSP, is a highly accomplished

information technology professional with more than 40 years of
experience in many fields of information and communications
technology as well as computer science. He is a practitioner, a
researcher, and a teacher. His experience includes teaching and
researching computer networks, managing many projects and
groups on digital infrastructure projects, and acting as the
technical director of an Internet service provider. In his
consulting career, his practical experience includes IT shared
services cost and risk assessments, client-service architectures,
IT strategy, collaborative architectures, and shared services
implementations. He has also been active in ISO
standardization activities, on government committees on
critical network infrastructures, and as a volunteer for CSA
activities. He authored and delivered several cloud-training
programs, including the first version of what is now known as
CompTIA Cloud Essentials. He is currently working as an
independent CCSK trainer and as an associate professor of
cybersecurity and the cloud at Hogeschool Utrecht. He holds a
master’s degree in mathematics and computer science from the
University of Groningen and a PhD from Twente University.
Copyright © 2020 by McGraw-Hill Education. All rights
reserved. Except as permitted under the United States
Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or
stored in a database or retrieval system, without the prior
written permission of the publisher, with the exception that the
program listings may be entered, stored, and executed in a
computer system, but they may not be reproduced for
publication.

ISBN: 978-1-26-046009-4
MHID: 1-26-046009-6

The material in this eBook also appears in the print version of

this title: ISBN: 978-1-26-046008-7, MHID: 1-26-046008-8.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners.

Rather than put a trademark symbol after every occurrence of a
trademarked name, we use names in an editorial fashion only,
and to the benefit of the trademark owner, with no intention of
infringement of the trademark. Where such designations appear
in this book, they have been printed with initial caps.

McGraw-Hill Education eBooks are available at special quantity

discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please
visit the Contact Us page at www.mhprofessional.com.

Information has been obtained by McGraw-Hill Education from

sources believed to be reliable. However, because of the
possibility of human or mechanical error by our sources,
McGraw-Hill Education, or others, McGraw-Hill Education
does not guarantee the accuracy, adequacy, or completeness of
any information and is not responsible for any errors or
omissions or the results obtained from the use of such
information.

TERMS OF USE

This is a copyrighted work and McGraw-Hill Education and its

licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the
Copyright Act of 1976 and the right to store and retrieve one
copy of the work, you may not decompile, disassemble, reverse
engineer, reproduce, modify, create derivative works based
upon, transmit, distribute, disseminate, sell, publish or
sublicense the work or any part of it without McGraw-Hill
Education’s prior consent. You may use the work for your own
noncommercial and personal use; any other use of the work is
strictly prohibited. Your right to use the work may be
terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL

EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR
COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM
USING THE WORK, INCLUDING ANY INFORMATION THAT
CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK
OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hill Education and its licensors do not
warrant or guarantee that the functions contained in the work
will meet your requirements or that its operation will be
uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any
inaccuracy, error or omission, regardless of cause, in the work
or for any damages resulting therefrom. McGraw-Hill
Education has no responsibility for the content of any
information accessed through the work. Under no
circumstances shall McGraw-Hill Education and/or its licensors
be liable for any indirect, incidental, special, punitive,
consequential or similar damages that result from the use of or
inability to use the work, even if any of them has been advised of
the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise.
This book is dedicated to you, the reader. My wish is that you
use the knowledge in this book to secure your potential.
Knowing that you may benefit by my efforts drove me to the
finish line. Here’s to your future success.
 CONTENTS AT A GLANCE
Chapter 1 Cloud Computing Concepts and Architectures

Chapter 2 Governance and Enterprise Risk Management

Chapter 3 Legal Issues, Contracts, and Electronic

Discovery

Chapter 4 Compliance and Audit Management

Chapter 5 Information Governance

Chapter 6 Management Plane and Business Continuity

Chapter 7 Infrastructure Security

Chapter 8 Virtualization and Containers

Chapter 9 Incident Response

Chapter 10 Application Security

Chapter 11 Data Security and Encryption

Chapter 12 Identity, Entitlement, and Access Management

Chapter 13 Security as a Service

Chapter 14 Related Technologies

Chapter 15 ENISA Cloud Computing: Benefits, Risks, and

Recommendations for Information Security
Appendix A Cloud Computing Security Policy Examples

Appendix B About the Online Content

Glossary

Index
 CONTENTS
Foreword

Acknowledgments

Introduction

Chapter 1 Cloud Computing Concepts and Architectures

Cloud Logical Model

Infrastructure

Metastructure

Infostructure

Applistructure

Cloud Computing Definitions

Essential Characteristics

Cloud Service Models

Cloud Deployment Models

Cloud Security Scope and the Shared Responsibility Model

Shared Responsibility Model

Cloud Security Alliance Tools

Cloud Controls Matrix

Consensus Assessments Initiative Questionnaire

STAR Registry

Cloud Reference and Architecture Models

Chapter Review

Questions

Answers

Chapter 2 Governance and Enterprise Risk Management

Governance

Governance Backgrounder

Cloud Governance

Risk Management

Risk Management Backgrounder

Cloud Risk Management

The Effects of Service and Deployment Models

Cloud Risk Management Trade-Offs

Assessing Cloud Service Providers

Chapter Review

Questions
Answers

Chapter 3 Legal Issues, Contracts, and Electronic

Discovery

Legal Frameworks Governing Data Protection and Privacy

Required Security Measures

Treaties

Restrictions to Cross-Border Data Transfers

CLOUD Act

Regional Examples

Asia Pacific Region

European Union and European Economic Area

The Americas

Contracts and Provider Selection

Internal Due Diligence

Monitoring, Testing, and Updating

External Due Diligence

Contract Negotiations

Third-Party Audits and Attestations

Electronic Discovery
Possession, Custody, and Control

Relevant Cloud Applications and Environment

Searchability and E-Discovery Tools

Preservation

Data Retention Laws and Recordkeeping Obligations

Data Collection

Forensics

Reasonable Integrity

Direct Access

Native Production

Authentication

Cooperation Between Provider and Client in E-Discovery

Response to a Subpoena or Search Warrant

Chapter Review

Questions

Answers

Chapter 4 Compliance and Audit Management

Compliance Backgrounder

Impact of the Cloud on Contracts

How the Cloud Changes Compliance

Compliance Inheritance

Continuous Compliance

Audit Backgrounder

Audit Management in the Cloud

SOC Reports and ISO Certifications Backgrounder

SOC Backgrounder

ISO Backgrounder

How the Cloud Changes Audits

Right to Audit

Audit Scope

Auditor Requirements

Chapter Review

Questions

Answers

Chapter 5 Information Governance

Cloud Information Governance Domains

Information Classification Backgrounder

Information Management Backgrounder

The Data Security Lifecycle

Locations and Entitlements

Functions, Actors, and Controls

Chapter Review

Questions

Answers

Chapter 6 Management Plane and Business Continuity

Management Plane

Application Programming Interface Backgrounder

Accessing the Management Plane

Securing the Management Plane

Business Continuity and Disaster Recovery in the Cloud

BCP/DR Backgrounder

Architecting for Failure

Business Continuity Within the Cloud Provider

Chaos Engineering

Business Continuity for Loss of the Cloud Provider

Continuity for Private Cloud and Providers

Chapter Review
Questions

Answers

Chapter 7 Infrastructure Security

Cloud Network Virtualization

OSI Reference Model Backgrounder

VLANs

VXLAN

Networking Planes Backgrounder

Software Defined Networking

Network Functions Virtualization

How Security Changes with Cloud Networking

Challenges of Virtual Appliances

Benefits of SDN Security

Microsegmentation and the Software Defined Perimeter

Additional Considerations for CSPs or Private Clouds

Hybrid Cloud Considerations

Cloud Compute and Workload Security

Compute Abstraction Technologies

How the Cloud Changes Workload Security

Immutable Workloads Enable Security

The Impact of the Cloud on Standard Workload Security

Controls

Changes to Workload Security Monitoring and Logging

Changes to Vulnerability Assessment

Chapter Review

Questions

Answers

Chapter 8 Virtualization and Containers

Major Virtualization Categories Relevant to Cloud Computing

Compute Virtualization

Network Virtualization

Storage Virtualization

Containers

Container Definitions Backgrounder

Container Security Recommendations

Chapter Review

Questions

Answers
Chapter 9 Incident Response

Incident Response Lifecycle

Incident and Event Backgrounder

Preparation Phase

Detection and Analysis Phase

Containment, Eradication, and Recovery Phase

Post-Incident Activity Phase

How the Cloud Impacts Incident Response

Preparation

Detection and Analysis

Containment, Eradication, and Recovery

Post-Incident Activity

Chapter Review

Questions

Answers

Chapter 10 Application Security

The SSDLC and Cloud Computing

Secure Design and Development

Training
Define

Design

Develop

Test

Secure Deployment

Cloud Impacts on Vulnerability Assessments

Cloud Impact on Penetration Testing

Deployment Pipeline Security

Impact of IaC and Immutable Workloads

Secure Operations

How the Cloud Impacts Application Design and Architectures

Microservices Backgrounder

The Rise and Role of DevOps

DevOps Backgrounder

Security Implications and Advantages of DevOps

Chapter Review

Questions

Answers

Chapter 11 Data Security and Encryption

Data Security Controls

Cloud Data Storage Types

Managing Data Migrations to the Cloud

CASB Backgrounder

Securing Cloud Data Transfers

Securing Data in the Cloud

Cloud Data Access Controls

Storage (at Rest) Encryption and Tokenization

Key Management (Including Customer-Managed Keys)

Data Security Architecture

Monitoring, Auditing, and Alerting

Additional Data Security Controls

Cloud Platform/Provider-Specific Controls

Data Loss Prevention

Enterprise Rights Management

Data Masking and Test Data Generation

Enforcing Lifecycle Management Security

Chapter Review

Questions
Answers

Chapter 12 Identity, Entitlement, and Access Management

How IAM Works in the Cloud

IAM Terms

IAM Standards

Federation Backgrounder

Managing Users and Identities for Cloud Computing

Authentication and Credentials

Entitlements and Access Management

Privileged User Management

Chapter Review

Questions

Answers

Chapter 13 Security as a Service

Potential Benefits and Concerns of SecaaS

Major Categories of SaaS Offerings

Identity, Entitlement, and Access Management Services

Cloud Access Security Broker

Web Security Gateway

Another random document with
no related content on Scribd:
across the clouds like spears of fire threatening revenge. The stone
has remained to the present day, and is known by the name of
“Koreno kardjo (dog) gambi” (stone).

PLATE XXXIV

The “Tjilbakuta” of the great emu ceremony, Arunndta tribe.

 “The moment the sacred object is completed, the Illiyakuta delegates
one of his group to act as its attendant or guardian.”

The snake is an important character in the mythology of practically

every tribe of Australia; in fact most of the permanent water-holes
are supposed to be inhabited by great serpents which guard the
supplies, destroy unlawful consumers or polluters thereof, and
frequently communicate with those spirit ancestors of the tribes who
are descended from the original snake-man still living in the sky. In
many cases the mythic snakes can be recognized in some
characteristic features of the landscape. Take, for instance, the great
artesian spring near Coward Springs Station which is known as
Blanche Cup. This is looked upon as the mouth of a snake, while the
hill immediately at the back of it (Mt. Hamilton) is its head. In
consequence the formation is called “Worma-Kadiabba” (snake’s
head) by the local Arrabonna tribe. The natives have a dread of
these imaginary snake-monsters and prefer not to visit a water-hole
at night; in fact, at any time, day or night, they feel safer in the
company of a man who is “related” to the snake, because he can
protect them and give them the right of approach. The snake is
possessed of evil and will molest any but its totemic “relatives.”
The fundamental conception of the kobong (or totem), so far as
the Australian aboriginal is concerned, is of a religious nature. In the
beginning of all things, the Aluridja say a number of exalted
creatures of human form came out of the earth and were gracious to
their tribes-people. Then appeared a menace in the shape of a
gigantic dog which chased the good people from one place to
another, until they decided to adopt the forms of various animals and
plants, and thereby became either too fleet for the dog or were not
recognized by it. Other good people now descended from the hills
and drove the dog back to its hiding place in a cave where the evil
spirit dwells. The newcomers kindled a fire at the mouth of the cave
and kept the evil beings in captivity whilst the original Deities re-
assumed the human form. Ever after, however, these good creatures
were able to alter their appearance from human to animal at will; but
each individual in his choice adhered to the particular animal or plant
which had saved him from the ravages of the great evil dog.
Eventually they formed themselves into flat slabs of stone or wood,
upon the surfaces of which they scratched the emblems of their
animal representation and the traditions of their long wanderings on
earth. The spirits of these Deities now live in the sky but can return
at any time to re-enter the slab generally known as the “tjuringa.”
Among the Minning at Eucla the larger of these objects are known as
“wagal-wagal,” the smaller as “bobi,” whilst further west, in the
Laverton district, “kaidi” is the prevailing word. It is true, the tjuringa
is not known to all tribes; in which case the Deities are supposed to
have entered such natural objects as rocks, hills, and conspicuous
trees.
The Roper River natives believe that their deified forbears were
molested not by a dog, but by a hideous old woman or witch, who,
by the influence of evil, entrapped them and subsequently ate them.
On one occasion, however, a party of warriors were successful in
decoying her away from her haunts and slaying her. The jubilant
victors decided to cut out the old woman’s tongue as a trophy, but as
they were thus engaged, the tongue flew out of the mouth and spun
round in the atmosphere above them, making a terrible noise as it
did so. The men chased the tongue, but it flew towards a beefwood
tree and embedded itself deeply in the butt; in vain they looked for it
and tried to cut it out; it had become part of the tree. Before
returning, however, the men took a piece of wood out of the tree,
shaped like the woman’s tongue, which they tied to a piece of human
hair-string and swung round their heads with joy. Behold their mixed
feelings of delight and fear when the piece of wood began to howl
with a voice like that of the slain witch! The tribe retained that piece
of wood as a sacred memento of their victory, and they gave to it the
name the witch was known by, namely “Kunapippi.” Nowadays this
object is the equivalent of the central Australian tjuringa.
All tribes recognize the existence of deified ancestors, now real or
spiritual, whom they regard as sacred and worship accordingly. All
ancestors stand in a definite, intricate, and intimate relationship to
some animal, plant, water-hole, or other natural object which they
have at some time or other represented; some indeed in the first
place appeared as animals and later took the human form. They are
now looked upon as being those powers who by virtue of sacred
ceremonial can produce the species they have at some time
incarnated, in plenty or allow it to proliferate. As a matter of fact,
some of the sorcerers of the tribes often declare that they can see
the inside of a sacred rock or tjuringa teeming with young, ready to
be produced.
The Arunndta refer to their “Knaninja” (i.e. “totem” Deities) as
“Altjerrajara,” meaning the Supreme Number; the Aluridja as
“Tukurata” or “Tukutita”; and the Dieri as “Muramura.”
Just as the “totem” ancestor is connected with an animal, plant, or
other natural object, and is embodied in the sacred form of the
tjuringa, so the individual who traces his descent from such ancestor
recognizes a close and mysterious affinity between himself and the
tjuringa which has become his by heredity; henceforth it becomes his
sacred talisman which protects him from evil and procures for him
the means of maintaining his existence.
The emblematic representation of the deified ancestor, based
upon the form of an animal or plant living to-day and in some way
“connected” with the individual, is the “kobong” of the north-western
tribes first referred to by Sir George Grey.
The “totem” is very dear and sacred to the native, and is religiously
protected by him. I well remember on one occasion on the Alberga
River I discovered a small black and yellow banded snake which I
killed. An Aluridja man who was attached to the party at the time was
greatly shocked at this, and, with genuine sorrow, told me that I had
killed his “brother.” Turning to an Arunndta he lamented aloud:
“Kornye! Nanni kallye nuka kalla illum,” which literally translated
means: “Oh dear! This brother of mine is dead.”
One thing is always essential and that is that a native performs
frequent, prolonged, and reverential ceremonies, remote from the
women and children, and in the presence of his tjuringa. Under these
conditions the tjuringa is believed to have powers similar to those of
the Deity it embodies.
 When not in use, the tjuringas are stored in caves, the entrances
to which are small and not easily discernible; the ground is
proclaimed taboo to any but initiated tjuringa holders and is strictly
regarded as a sanctum sanctorum. Although the sticks and stones
are the individual property of the tribesmen, the objects are generally
kept together, and only brought out during a religious ceremony. The
old men are the authorized custodians of the sacred collection. The
female tjuringas are included, because even though a woman may
possess one, she must never see it; if she does, accidentally or
otherwise, she is in imminent danger of being killed. No unauthorized
hunter is allowed near the prohibited area under any pretext at all;
even if an animal he has wounded should by accident make for the
sacred ground to breathe its last, the hunter is required by tribal law
and usage to sacrifice it to the divine factors incorporated in the
tjuringa, by leaving it on the spot.
 PLATE XXXV

Flashlight photograph of “Illiya Tjuringa” or great emu ceremony, Arunndta

tribe.

“The chief emu man is distinguished by an extra large head-dress called the
‘Illiya Altjerra Kuta.’...”
 When on the warpath, a warrior always craves to carry his tjuringa
with him, even though this is not always possible. He firmly believes
that with the talisman kept on his person, or at any rate knowing that
it is nearby, no deadly missile thrown by an enemy will penetrate his
body. The mere knowledge of the fact that his opponent has a
tjuringa with him, and he not, is sufficient to make a coward of the
bravest fighter. Should he be wounded or take ill, one of his “totem-
brothers” endeavours to produce a tjuringa, from which, if the
medicine man considers it necessary, a little powder is scraped and
handed to the patient to swallow with water.
With regard to “totem” animals which form the objects of hunting
expeditions, a man is allowed to kill and eat thereof with some
restriction. He must kill only one animal at a time, and only in
accordance with the method prescribed by the tribal fathers and
handed down to them by tradition. This is usually a straightforward
hunting method, with as little loss of blood as possible. If much blood
should flow, the hunter is obliged to cover it without delay with sand.
If possible, other men should cut up the carcase, and only certain
portions be handed to the “brother” of the slain animal.
Each tribe has an endless variety of objects (animal, vegetable,
terrestrial, meteoric, mythic, and so forth), which may figure as a
“totem.” Any one of these may be the primary motive of a separate
cult or sacred ceremony, but here again the variety is usually
reduced to the number corresponding to the most sanctimonious and
most useful creations affecting the affairs of the particular tribe.
The ceremonies take the form of either a direct worship or a
prayer for increased productivity of a certain plant or animal, either
being offered to the Knaninja or “totem” ancestors living as spirits in
the sky. Usually the two ideas are embodied in one grand ceremony,
and the method of procedure is governed by tradition. Such
ceremonies have been particularly elaborated by the Arunndta tribe,
who refer to them by the same name as that of the sacred object,
namely “Tjuringa”; less frequently they call them “Intitjuma,” the latter
name being applied more to ceremonies without worship.
 The Tjuringa ceremonies are divided into grades according to their
importance and sacredness. The water ceremony is ordinarily called
“Kwatje Tjuringa,” but if the “totem” spirit ancestor is invoked to
attend, it goes by the name of “Kwatje Tjuringa Knaninja”; if the
principal spirit ancestor is assumed to be present, the title becomes
“Kwatje Tjuringa Knaninja Knurrendora”; and finally the most sacred
water ceremony of all is the “Kwatje Tjuringa Altjerra Knaninja
Knurrendora.”
As a typical illustration we shall discuss the “Illiya Tjuringa” or
Great Emu Ceremony of the eastern Arunndta groups. The date of
the performance is decided by the senior emu “brother” of the tribe,
the oldest member who claims to be related to the Illiya Knaninja.
Somewhat extensive preparations are made beginning a few days
prior to the opening event. Only fully initiated men take part, but the
women are allowed to witness certain of the most awe-inspiring
stages from a distance. Whilst the younger men are out collecting
leaves, out of which they make the down later to adorn the bodies of
the performers, the older men prepare the sacred ground. Others
slay a number of brown hawks, off which they pull the feathers and
then pluck the down. A suitable site having been selected, the old
men clear it by removing all grass and bush from the surface and
smoothing the sand with their feet. The “brothers” who claim
relationship alike to the great Emu-Man, the Emu-Knaninja, and the
emu itself, thereupon proceed to anoint the sacred ground with their
blood, for which purpose they puncture the median basilic vein of the
forearm with a quartzite chip and allow the fluid of kinship to sprinkle
upon the sand. It is surprising to see the amount of blood sacrificed
by the men on occasions like this; and time after time, when such is
required, the process is repeated. By examining the forearms of an
old stager, one can usually count a number of small scars along the
course of a vein indicating places where a perforation has at different
times been made. A venesection is made after much the same
manner among the various tribes.
The following Arunndta method will serve as an example. A
ligature of hair-string is in the first place tied tightly round the upper
arm, a little above the biceps muscle, after the style of a tourniquet to
check the flow of blood in the veins and thereby distend the vessels.
The man then makes a small longitudinal cut through the skin and
punctures the vein beneath it lengthwise; the blood spurts forth
immediately and is collected in the handle-pit of a shield. When the
flow is to be stopped, the native removes the ligature, and this in
most cases is all that is needed. Should, however, the blood
continue to come, he places a small amount of down over the
incision and presses it against the vein, or winds three or four
strands of fur-string around it. The little pad of down is usually left on
the arm until it dries and falls off. None of the women are allowed to
witness this operation, which is called “Ilgarukna.” The blood, when it
is to be used as an adhesive for the down-decoration, is applied with
a small brush (“ipinja”) made of twigs tied together with fur-string.
Vide Plate XXXIII.
The principal among the emu group is called “Illiyakuta,” and it is
he who directs the performance. He takes his followers to a secluded
place, such as a clump of timber or down a creek-bed, and there the
wooden tjuringas belonging to the ceremony are produced and
painted afresh with red ochre and emu fat.
Down is made out of the white, felty leaves and twigs of Kochia
bush, which the Arunndta call “kemba.” Small quantities of these are
placed upon a flat slab of stone and pounded with a pebble. The
fluffy material which results is next mixed and rubbed by hand with
powdered kaolin or ochre according to the colour required, the white
being known as “wadua,” the red as “wanjerra.”
A sacred object is now constructed which encloses the painted
tjuringas and is called the “Tjilbakuta.” It is about three feet high and
is made in the following way. The tjuringas are laid one on top of the
other and bound together with many lengths of human hair-string,
which completely obscure the shape of the separate pieces. A thick
layer of the stalks of the kangaroo grass (Anthistiria) is laid around
the parcel and kept in position with a few lengths of twine, and then
the whole structure is covered with great masses of human hair-
string wound spirally from top to bottom. A cylinder results which is
decorated with alternate vertical bands of red and white vegetable
down. Into the top of this Tjilbakuta one bundle of emu feathers and
one of black cockatoo tail-feathers are stuck; and often additional
plumes are hung beneath them. The moment the sacred object is
completed, the Illiyakuta delegates one of his group to act as its
attendant or guardian. For the time being his body is decorated with
symmetrically placed, curved ochre bands upon the chest and
vertical bands down the arms; at a later stage he ornaments his
body more elaborately, prior to taking part in the principal
performance; but all the time he remains in his place of hiding beside
the Tjilbakuta. Vide Plate XXXIV.
At the sanctified place close by the other men have been stacking
firewood at different points to illuminate the proceedings during the
evening. Occasionally, too, the Illiyakuta group of men cover a
portion of the ground with a coloured emblem of the traditional emu.
Early in the afternoon of the festive day the men who will take part
in the ceremony at night begin to prepare themselves. Many of the
non-performers help them.
Large quantities of down, both vegetable and birds’, are used to
decorate the bodies. The design is shaped much like a cobbler’s
apron, extending from the neck down the front to the level of the
knees. The greater part of this surface is red, but it is lined with white
and split along the centre by two parallel lines of white. The back is
not decorated at all. The entire surface of the face, including the eye-
lids and beard, is thickly covered with down which is white, except
for an oval red patch around the mouth.
The principal attraction, however, of the sacred emu ceremony is
the head-dress, which is both elaborate and imposing. To prepare it,
the attendant combs back the actor’s hair with his fingers, and
interlaces it with stalks of grass and small twigs in such a way that a
tall conical structure results right on top of the head. This is made
secure and of a uniform exterior by winding much human hair-string
around it, at the same time taking in a plume of emu feathers at the
apex of the cone. The headgear is completely enveloped in red and
white down, extending upwards from the head as alternate vertical
bands. The chief emu-man is distinguished by an extra large
headdress called the “Illiya Altjerra Kuta”; this measures a good
three feet in length, and it embodies, between the apex and the emu
plume, deeply enshrouded with hair-string and down, the sacred
“Illiya Tjuringa.” Other members who are of the same rank as the
“Tjilbakuta” guardian, wear their insignia beneath the emu feathers in
the form of a sickle-shaped rod, which carries at each of its points a
tuft of white cockatoo feathers. All performers cover their person with
a dog-tail appendage which hangs from a thin waistband of human
hair-string. And lastly, they all tie bundles of eucalyptus twigs, with
the leaves attached, to their legs just above the ankles. If possible,
old or half-dried leaves are selected in order that a more pronounced
rustling is produced when the men move about; the noise is made to
imitate the rustle of the wiry feathers of an emu. Vide Plate XXXV.
At nightfall the Tjilbakuta is removed from the hiding place and
planted on the edge of the ensanguined patch. The guardian is thus
given an opportunity to slip away and to attend to his ceremonial
toilet, which is similar to that of the rest of the Tjilbakuta group. When
he returns, the performance is about to begin, and all except he
leave the ground.
The stacks of wood are set fire to by invisible hands, and, so soon
as the flames flare upwards, the silence is broken by the booming
note of a bull-roarer, which is produced some distance off in the
bush.
The Tjilbakuta guardian sits beside the object like a statue, with
his eyes rivetted to the ground immediately in front of him. From
behind him the thud of stamping feet and the rustle of dry leaves
announce the coming of the official performers, while from the other
side the non-performing members step from the darkness and take
up their position by squatting between two fires. When the decorated
men come into view, the latter start beating their boomerangs
together in perfect time to the stamping of the feet of the advancing
actors. They come as a body of five or six rows, one behind the
other, each man holding his hands locked behind his back and
uttering a deep guttural note resembling a pig’s grunt. The folded
hands held over the stern represent the tail, the guttural noise the
call of the emu.
 The Illiyakuta, wearing the tall Illiya Altjerra Kuta, is in the front
row, and he is attended on either side by a Tjilbakuta man. The chief
now starts a chant: “Immara janki darrai,” and all the others,
including the sitting men, join in; the same is repeated several times.
When the two parties are opposite each other, the performers
quicken the pace of their stamping and extend their arms sideways,
thereby widening their ranks. After this they retreat to behind the
Tjilbakuta and one hears a shrill chirping note resembling the cry of a
young emu.
The interpretation of this act needs no special elucidation. The
decorated performers are those of the tribe’s manhood who, in all
matters pertaining to the emu, have a right to communicate, through
the Tjilbakuta, with the astral emu ancestor living in the great
celestial domain of the ancestral spirits, which is known as
“Altjerringa.” They are invoking the benign Knaninja or originator of
their particular “totem” species to increase the numbers of emu on
earth for the exclusive benefit of their tribe. It is the Illiyakuta who
imagines that he receives the favourable response from above, and,
when it comes, it is he who imitates the cry of a young emu. It often
happens, however, that the chief persuades himself to believe that
the Great Spirit had not heeded the appeal, in which case the last-
mentioned cry is wanting. The ceremony is repeated time after time.
Altjerringa, it will be observed, is a compound word consisting of
“Altjerra,” the Supreme Spirit, and “inga,” a foot or trail. The implied
idea is that Altjerringa is the “walk-about” of the spirit ancestors,
where they walk, and have always walked, and where the spirits of
all tribes-people eventually hope to find their way.
After this act, the performance becomes less restrained and takes
more the form of a corrobboree. Some of the men seize firebrands
from the burning stacks and hurl them in the direction of the
women’s camp. From the moment of the sounding of the bull-roarer
at the beginning of the ceremony until now the women sat huddled
together, with their faces buried in their hands, thoroughly cowed by
the portentous happenings. When the firebrands come whizzing
through the air and crash into the branches of the trees around them,
sending sparks flying in all directions, they are almost beyond
themselves with fear. But just at this juncture the men call upon them
to look towards the festive ground and behold them dancing. In
obedience to the order, the women’s fears are dispelled and soon
superseded by a noticeable enravishment. They feast their eyes
upon the array of manhood in gala dress, and it is not long ere they
pick up the rhythm of a dance by beating time to the step. Provided
the Tjilbakuta has been removed to a place of secrecy, well out of
reach of accidental discovery, the men entreat the women to come
up and join in the song. Thus the sublime is eventually reduced to
commonplace, and the remainder of the night passes in joviality.
To refer briefly to a vegetable ceremony, we shall select the yam
or “Ladjia Tjuringa Knaninja.” The preparations are much the same
as those of the emu ceremony. An enclosure is first made in a
secluded spot with branches, in the centre of which the “totem” or
Knaninja “stick” is erected. Several men immediately set about to
decorate it with vegetable down as previously described. The design
in this case consists of vertical rows of red circles upon a yellow
ochre background. In addition, a large plume of split eagle-hawk
feathers is stuck into the top of the stick. All ordinary performers
wear conical head-gears or “tdela” made of Cassia twigs, into the
apices of which tightly bound bundles of grass stalks (“gortara”) are
fixed carrying plumes of emu feathers (“mangalingala”) (Plate
XXXVI, 1). Other men have squat, cylindrical bark structures called
“elbola” placed over their heads, which are elaborately decorated
with vertical coils of human hair-string and coloured down.
One of the principal actors represents the “Kuta Knaninja.” His
head-gear consists of two long kutturu, tied together with hair-string
and completely covered with gum leaves, the whole being
subsequently besmeared with blood and decorated with coloured
down. As the assistants are dressing this character, they keep up a
chant sounding like “Winni kutcherai.” Vide Plate XXXVI, 2.
The leading figure is the “Ingada Ladjia Knaninja,” who wears a tall
vertical head-piece which contains the tjuringa of the Ladjia
Knaninja. The tjuringa is, however, not visible, but is covered with
pieces of bark, securely tied over it with hair-string, the whole being
richly decorated with vertical bands of red and white down.
 The Great Spirit of the Yam, called “Knaninja Tjilba Ladjia,” when
he leaves Altjerringa, takes up his abode in a cave near Mount
Conway, where the tjuringas are kept, but at night, before the fires
are lit, he is supposed to come to the ceremonial ground and occupy
the decorated “totem” stick described above. During the performance
he is surrounded by all the ordinary performers, who are known as
“Tjilba Ingarrega,” and are directly under the guidance of the Ingada
and Kuta Knaninja.
A group of men who are not decorated sit near one of the fires and
sing while the performers are thus encircling the Ladjia stick:

“Imbanai yinga
Wi ma bana Ladji di bana
Yammana wi ma bana
Jai ra ja ja
Jai ja ja na
Wi ba na na
De a re a ja betja,”

the voices finally fading away to an almost inaudible whisper.

If the Great Spirit, Ladjia Altjerra Knaninja, is gracious, the tap-root
of the yam will be sent deep down into the earth near the Jay River
and from there spread its laterals all over the country to supply the
needs of the tribe.
When some of the most sacred ceremonies are performed, the
oldest “relatives” of the presiding Knaninja often construct a coloured
drawing upon the consecrated ground, whose purpose is similar to
that of the “totem” stick above described. The drawing is executed in
coloured down, both vegetable and bird. A space of suitable size,
often measuring many feet in length, is cleared of grass and stones,
and sprinkled with water, when it is ready to receive the down. In the
case of, say, the “Ladjia Tjuringa,” the design takes the form of a
number of concentric circles alternately red and white, from the
outermost of which six equally spaced groups of red and white lines
stand out radially. The enclosing border of the design consists
entirely of white down. Vide Plate XXXVII.
 Once constructed, this drawing, which is known as “Etominja,” is
zealously guarded by one of the old men. If, peradventure, an
unauthorized person happens upon the sanctified place, he is killed
and buried immediately beneath the spot occupied by the design;
thereupon the ground is smoothed again and the Etominja re-
constructed. Nobody in camp ever hears what became of the
person, and should any relative track him in the direction of the area
known to be tabooed, he is horror-stricken and runs away.
While the old men are re-constructing the Etominja, they sing to
the Knaninja as follows:

“Yedimidimi
Dakarai pa ma taka,
Pa mitu min jai, jin tarai,
Ja ra nai malgada, ja ranai.”

The next, and probably the most important, group of religious

ceremonies is that dealing with Sex-Worship. For years past
peculiarly shaped stones have been found in caves and among the
possessions of the Australian aborigines whose shape was strikingly
suggestive of a phallus, but hitherto no actual phallic ceremonies
have been observed. It was my good fortune to witness such among
the Aluridja, Arunndta, Dieri, and Cambridge Gulf tribes. From
enquiries made of the old men, it appears that in former days this
form of worship was practised considerably more than it is
nowadays. New stone phallus are rarely made by the present tribes;
those in their possession have generally been inherited from
previous generations. The old men have the phallus in their keeping,
and they are very loth to either produce or part with them.
The natives of the King Sound district in the north-west believe the
origin of the phallus to be as follows: In the early times a scourge
was raging among their forefathers, from the effects of which many
were daily dying, when a hairy man and his mate, a woman of
ordinary human form, came to earth from above. The evil was due to
the exhalation of poisonous breath from the gaping jaws of a green
monster resembling a crocodile. The stranger relieved the sufferers
from the awful curse by showing them how to perform an operation
upon their person which taught them to endure pain and protected
them against future ravages of the pestilence. This great and
benevolent stranger then took his departure, but left his name to
designate the surgical operation which to the present day is
performed upon the male members of the tribe; the name, strange
though it may seem, is “Elaija”; and it is known, at any rate, as far
east as Port George IV. But the tribe had become so weak through
the terrible havoc the disease had wrought that the old men called
him back and entreated him to stay. Elaija, however, took from a
dillybag his female companion was carrying, a stone carved after the
shape of a mutilated member, which he gave the name of
“Kadabba.” When the old men gazed upon this object, they took
fright and appealed to Elaija, but the good fellow had vanished. The
stone has remained with the tribe ever since, and through the divine
property Elaija endowed it with, their threatened extinction was
eluded. Moreover, they continued to practise the operation on all
young men because it made their members like the Kadabba of
Elaija, which they knew had the power of multiplying their kind. And
so the Kadabba became a sacred object whose procreative power
they have learned to worship, thinking that by such observance they
would augment their own capacities of sex. Vide Fig. 7.
 Fig. 7. Stone phallus, Northern Kimberleys, Western Australia (× 1/2).

One often reads, and I was under the same impression myself
until I became better acquainted with the tribes, that the Australian
natives do not connect the knowledge of conception with any
intercourse which might have taken place between the sexes. This I
find is not altogether correct, although usually the younger people
are kept in complete ignorance on the subject. No doubt strangers
are treated similarly when they put any pertinent questions to the old
men on matters of sex. The old men believe in the duality of human
creation, the spiritual and the material; sexuality is regarded as the
stimulus of corporeal reproduction, but the spirit quantity is derived
through mystic and abstract influences controlled by a “totem”-spirit
or Knaninja. Under these circumstances, it is not surprising to note
that the ceremonies of the phallus are transacted principally by the
old men of the tribe who aim at the rejuvenation of their waning
powers.
It is interesting to see the old men preparing for a ceremony which
is to be dedicated to a Knaninja or Spirit of Sex, because they all
endeavour to conceal the white hairs of their beards by rubbing
powdered charcoal into them. The bark of the cork tree (Hakea) is
used for the purpose; pieces of it are charred, crushed between the
palms, and applied where needed. It is astounding what a difference
this process makes to the appearance, and some of the old grey-
beards really look as though they had been made twenty years
younger by magic.
In the eastern MacDonnell Ranges stands a cylindro-conical
monolith whose origin is believed to be as follows: Many generations
ago, the paternal ancestors of the Arunndta walked from a district
situated, as near as one can gather, somewhere in the
neighbourhood of Ediowie; they were known as the “Kukadja,” and
were characterized by the enormous dimensions of their organs.
These old men or Tjilba of the tribe migrated northwards to beyond
Tennant’s Creek and settled in the productive “Allaia” country which
surrounds the Victoria River. In that same district one finds, even at
the present day, cave drawings of human beings with the anatomical
peculiarities referred to (Fig. 8). At a later time, the head-man of the
Kukadja, named “Knurriga Tjilba,” returned southwards to the
Macdonnell Ranges. While roaming the hills, he espied two young
women sitting on the side of a quartzite cliff, and without deliberation
began to approach them. He was in the act of making lewd overtures
when the guardian of the girls, a crow ancestor, caught sight of him
and hurled a boomerang at him. The missile struck the great man
and cut off the prominent portion of his body, which in falling stuck
erect in the ground. The force of the impact was so great that the
man bounced off the earth and fell somewhere near Barrow’s Creek.
He bled so profusely that a clay-pan soon filled with his blood. Thus
his followers found him, and overcome with sorrow they opened the
veins of their arms to mix their blood with his. Then all the members
of the party jumped into the pool and disappeared for ever.
 Fig. 8. Ochre drawing of “Kukadja” men, north of Wickham River, Northern
Territory (× 1/3).

The severed portion of the old man’s body, however, remained just
where it fell and turned to stone. It has long been known as “Knurriga
Tjilba Purra.”
The two young women can also still be detected in the cliff as
prominent rock formations.
The stone has been protected by the tribe as long as the old men
can remember, because they realize that it contains an inexhaustible
number of unborn tribes-people. These mythic, foetal elements are
generally recognized to exist in certain objects of phallic significance,
and are called “rattappa.” The medicine men maintain that they can
at times see the dormant living matter in the stone. It is on that
account that it is regarded as sacred, and every now and then very
secret and worshipful ceremonies are transacted near its base, the
main objects of which are to multiply the future membership of the
tribe and to preserve the sexual powers of the old men.
 The Tjilba Purra naturally figures prominently in some of their
ceremonies. In fact, it is reproduced and worn upon the head of the
leading man during the functions. The sacred effigy consists of an
upright column, about two feet high, composed of a stout bundle of
grass stalks, in the centre of which the tjuringa is contained. It is
decorated with alternating bands of red and white down throughout
its length. This upright column represents the “Tjilba” or revered
ancestor whose spirit is invoked to “sit” in the tjuringa; at the top of it
a plume of wiry emu feathers, well powdered with charcoal (“unjia”)
to give it a youthful appearance, takes the place of the forbear’s hair
and beard. Standing at an angle with the central column, a similar
though slightly smaller structure is intended for the “Purra” or
phallus; it carries a plume of white cockatoo feathers at its end to
represent the glans. Vide Plate XXXVIII, 2.
A landmark, of similar significance as the Tjilba Purra of the
Arunndta, exists on the Roper River in the Northern Territory; it is a
pillar of sandstone known as “Waraka.” Waraka is also the name of
the great Spirit Father of the tribe. In very early times this man came
to earth in a semi-human form, and made the country abound in
game, animals, birds, and fish. Then he found a woman on the
shores of Carpentaria Gulf who remained with him as his wife. Many
children came of the union; and Waraka’s mate has since been
looked upon as the mother of the tribe. The woman’s name was
“Imboromba,” and to this day the tribe takes its name after her.
Warraka had an enormous sex characteristic which was so
ponderous that he was obliged to carry it over one of his shoulders.
Eventually the organ became so huge that Warraka collapsed and
sank into the earth. His burden remained, but turned to stone, and is
now looked upon by the local natives as the great symbol of Nature’s
generative power which first produced their game supplies and then
the original children of the tribe; it is revered accordingly.
The Kukata have a somewhat similar legend of the origin of a
stone of phallic significance, the name of the possessor of the large
organ being “Kalunuinti.”
In the extreme north-western corner of Australia, in the Glenelg
River district, the natural stone is replaced by an artificially