The Inner Circle

 View Only
  • 1.  Cloud Security Assessment Checklist

    Posted Jun 04, 2021 03:53:00 AM
    Edited by ANIL KUMAR K Jun 04, 2021 06:48:43 AM
    Hi All.

    Looking for sample operational security assessment checklist. The CCM is huge and I am looking something simple one.

    Thanks


  • 2.  RE: Cloud Security Assessment Checklist

    Posted Jun 07, 2021 07:50:00 AM
    Hi Anil,

    Is there a particular service model(IaaS, PaaS, SaaS), deployment model, or domain you are trying to access? The cloud universe has a wild breadth and depth, so it's key to understand your assessment intent. 

    Best,

    Brian

    ------------------------------
    Brian Peister
    Cyber TPRM Officer
    BNYM
    ------------------------------



  • 3.  RE: Cloud Security Assessment Checklist

    Posted Jun 07, 2021 08:48:00 AM
    Thanks Brian,

    Well to scope it further we can have either one of the service model (saas/paas/iaas) and can contain infra & data security assessment.

    Thanks
    Anil

    ------------------------------
    ANIL KUMAR K
    CONSULTANT
    WIPRO
    ------------------------------



  • 4.  RE: Cloud Security Assessment Checklist

    CSA Instructor
    Posted Jun 08, 2021 02:05:00 AM
    Hi Anil,
    CAIQ got a lite version, maybe this can help you out.
    https://cloudsecurityalliance.org/star/caiq-lite/



    ------------------------------
    Moshe Ferber
    ------------------------------



  • 5.  RE: Cloud Security Assessment Checklist

    CSA Instructor
    Posted Jun 08, 2021 12:36:00 PM
    Depending on your scope, you can also look at some of the CIS benchmarks that are specific to cloud providers.
    In general, however, you would first need some basic threat model. This will allow you to validate if you have enough controls.
    If there are no threats, you don't need controls :-)

    ------------------------------
    Peter HJ van Eijk
    CCSK & CCAK trainer
    https://www.clubcloudcomputing.com/
    ------------------------------



  • 6.  RE: Cloud Security Assessment Checklist

    CSA Instructor
    Posted Jun 09, 2021 08:31:00 AM
    You can also use CSA's Top Threat publications. Look at the controls and recommendations listed in there and use them as a general checklist. If you're missing too many of these controls, your deployment is probably vulnerable.


    The Top Threat publications can be downloaded here : https://cloudsecurityalliance.org/research/working-groups/top-threats/ .

    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------