Computer Science class

  1. With different types of cloud service delivery, what are the different licensing requirements that an owner must be aware of when moving to the cloud.

  2. Discuss Shared technology vulnerabilities in the cloud,

  3. How does a customer know what software versions cloud providers are using? Without that knowledge how can they do a proper risk assessment?

  4. What policies should be in place for users to help reduce cloud based threats.

  5. How can a consumer evaluate the physical security of their cloud provider? What standards should apply. What external and internal barriers should be in place? What access controls? What sort of surveillance should be provided, power redundancy, and fire suppression? Is a service contract sufficient? Should physical inspection be available? What about physical location? Are their volcanoes, tornadoes, earthquakes or other natural disasters common? Is the site near political unrest? Access to water? Outside temperature? Is there a physical buffer? Should the walls be made of ballistic material to withstand explosions? Staffing

  6. Discuss the four tiers of Uptime Institutes functional recommendations for physical security for data centers.

  7. What is a hypervisor? Differentiate between type I and type II. What are the security vulnerabilities of each?

  8. Which is better for security server virtualization or application isolation? Why?

  9. What are desktop virtualization, storage virtualization, memory virtualization, network virtualization? What are the security issues and benefits for each

  10. Global boundaries and the cloud – separating politics from security

  11. The relationship of net neutrality and cloud security

  12. Ensuring Proper Access Control in the Cloud?

  13. Cloud security risks from misconfiguration

  14. Cloud service interruptions from DDOS

  15. Preventive controls for Internal (non-routable) security threats

  16. Detective Controls for routable and non-routable addresses

  17. How security zones, groups or domains have replaced traditional zones and tiers

  18. On being a cloud broker -tasks and challenges

  19. Trust boundaries and division of responsibilities

  20. Elasticity effect on threat surface

  21. How to insure that your cloud provider has appropriate detective and preventive controls in place

  22. How to secure virtualization layer

  23. Threats to the hypervisor

  24. What hardening means

  25. Top ten recommendations for securing virtual servers

  26. Vulnerabilities resulting from web programming frameworks

  27. Preventing attacks on web applications

  28. The relationship between DOS attacks and your cloud invoice

  29. Good browser hygiene and cloud security

  30. Compartmentalization and isolation in virtual multi-tenant environments

  31. Security standards in PaaS API design

  32. FIPS

  33. Data Protection techniques under the The Data Accountability and Trust Act

  34. Comparing block symmetric algorthms with streaming symmetric algorthms

  35. Message authentication codes and hash functions.

  36. Externalizing authentication: Trust Boundaries and IAM

  37. Sustaining IAM with rapid turnover and job changes

  38. IAM Compliance Management

  39. Identity Federation Management

  40. OAUTH

  41. ITIL

  42. ISO 27001/27002

  43. Vulnerability and Risk assessment

  44. Incident response

  45. What can we learn from CCID (Cloud Computing Incidents Database

  46. Cloud Health monitoring (internal and 3rd party)

  47. Reading a Cloud Security Provider agreement

  48. Discussing the data life cycle in the context of cloud computing

  49. Facebook’s new privacy initiative

  50. Cloud Security and the Federal Rules of Civil Procedure

Powered by WordPress