Security Introduction
A high level overview of the topic and the briefing.
Security and Privacy
- Data Protection
- Identity management
- Physical and Personnel
- Availability
- Application Security
- Privacy
Lower Layer Security
Cloud Security Alliance (CSA)
Security Guidance for Critical Areas of Focus in Cloud Computing
- Cloud Architecture
- Domain 1: Cloud Computing Architectural Framework Governing in the Cloud
- Domain 2: Governance and Enterprise Risk Management
- Domain 3: Legal and Electronic Discovery
- Domain 4: Compliance and Audit
- Domain 5: Information Lifecycle Management
- Domain 6: Portability and Interoperability Operating in the Cloud
- Domain 7: Traditional Security, Business Continuity, and Disaster Recovery
- Domain 8: Data Center Operations
- Domain 9: Incident Response, Notification, and Remediation
- Domain 10: Application Security
- Domain 11: Encryption and Key Management
- Domain 12: Identity and Access Management
- Domain 13: Virtualization Cloud Controls Matrix
- Compliance
- Data Governance
- Facility Security
- Human Resources Security
- Information Security
- Legal
- Operations Management
- Risk Management
- Release Management
- Resiliency
- Security Architecture
- Logs and Audit Trails
- Unique Industry Compliance Requirements
- CloudAudit and Automated Audit, Assertion, Assessment, and Assurance API (A6)
Top Threats to Cloud Computing
- Threat #1: Abuse and Nefarious Use of Cloud Computing
- Threat #2: Insecure Interfaces and APIs
- Threat #3: Malicious Insiders
- Threat #4: Shared Technology Issues
- Threat #5: Data Loss or Leakage
- Threat #6: Account or Service Hijacking
- Threat #7: Unknown Risk Profile
Legal and Contractual Issues
- Public Record
- Disclosure
- FOIA / Open Records Laws
Security Review and Summary
A review of the briefing topics and summary of the program.