The Inner Circle

Expand all | Collapse all

Cloud Security Assessment Checklist

  • 1.  Cloud Security Assessment Checklist

    Posted 9 days ago
    Edited by ANIL KUMAR K 8 days ago
    Hi All.

    Looking for sample operational security assessment checklist. The CCM is huge and I am looking something simple one.

    Thanks


  • 2.  RE: Cloud Security Assessment Checklist

    Posted 5 days ago
    Hi Anil,

    Is there a particular service model(IaaS, PaaS, SaaS), deployment model, or domain you are trying to access? The cloud universe has a wild breadth and depth, so it's key to understand your assessment intent.

    Best,

    Brian

    ------------------------------
    Brian Peister
    Cyber TPRM Officer
    BNYM
    ------------------------------



  • 3.  RE: Cloud Security Assessment Checklist

    Posted 5 days ago
    Thanks Brian,

    Well to scope it further we can have either one of the service model (saas/paas/iaas) and can contain infra & data security assessment.

    Thanks
    Anil

    ------------------------------
    ANIL KUMAR K
    CONSULTANT
    WIPRO
    ------------------------------



  • 4.  RE: Cloud Security Assessment Checklist

    CSA Instructor
    Posted 5 days ago
    Hi Anil,
    CAIQ got a lite version, maybe this can help you out.
    https://cloudsecurityalliance.org/star/caiq-lite/



    ------------------------------
    Moshe Ferber
    ------------------------------



  • 5.  RE: Cloud Security Assessment Checklist

    CSA Instructor
    Posted 4 days ago
    Depending on your scope, you can also look at some of the CIS benchmarks that are specific to cloud providers.
    In general, however, you would first need some basic threat model. This will allow you to validate if you have enough controls.
    If there are no threats, you don't need controls :-)

    ------------------------------
    Peter HJ van Eijk
    CCSK & CCAK trainer
    https://www.clubcloudcomputing.com/
    ------------------------------



  • 6.  RE: Cloud Security Assessment Checklist

    CSA Instructor
    Posted 3 days ago
    You can also use CSA's Top Threat publications. Look at the controls and recommendations listed in there and use them as a general checklist. If you're missing too many of these controls, your deployment is probably vulnerable.


    The Top Threat publications can be downloaded here : https://cloudsecurityalliance.org/research/working-groups/top-threats/ .

    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------