Computer Science class
-
With different types of cloud service delivery, what are the different licensing requirements that an owner must be aware of when moving to the cloud.
-
Discuss Shared technology vulnerabilities in the cloud,
-
How does a customer know what software versions cloud providers are using? Without that knowledge how can they do a proper risk assessment?
-
What policies should be in place for users to help reduce cloud based threats.
-
How can a consumer evaluate the physical security of their cloud provider? What standards should apply. What external and internal barriers should be in place? What access controls? What sort of surveillance should be provided, power redundancy, and fire suppression? Is a service contract sufficient? Should physical inspection be available? What about physical location? Are their volcanoes, tornadoes, earthquakes or other natural disasters common? Is the site near political unrest? Access to water? Outside temperature? Is there a physical buffer? Should the walls be made of ballistic material to withstand explosions? Staffing
-
Discuss the four tiers of Uptime Institutes functional recommendations for physical security for data centers.
-
What is a hypervisor? Differentiate between type I and type II. What are the security vulnerabilities of each?
-
Which is better for security server virtualization or application isolation? Why?
-
What are desktop virtualization, storage virtualization, memory virtualization, network virtualization? What are the security issues and benefits for each
-
Global boundaries and the cloud – separating politics from security
-
The relationship of net neutrality and cloud security
-
Ensuring Proper Access Control in the Cloud?
-
Cloud security risks from misconfiguration
-
Cloud service interruptions from DDOS
-
Preventive controls for Internal (non-routable) security threats
-
Detective Controls for routable and non-routable addresses
-
How security zones, groups or domains have replaced traditional zones and tiers
-
On being a cloud broker -tasks and challenges
-
Trust boundaries and division of responsibilities
-
Elasticity effect on threat surface
-
How to insure that your cloud provider has appropriate detective and preventive controls in place
-
How to secure virtualization layer
-
Threats to the hypervisor
-
What hardening means
-
Top ten recommendations for securing virtual servers
-
Vulnerabilities resulting from web programming frameworks
-
Preventing attacks on web applications
-
The relationship between DOS attacks and your cloud invoice
-
Good browser hygiene and cloud security
-
Compartmentalization and isolation in virtual multi-tenant environments
-
Security standards in PaaS API design
-
FIPS
-
Data Protection techniques under the The Data Accountability and Trust Act
-
Comparing block symmetric algorthms with streaming symmetric algorthms
-
Message authentication codes and hash functions.
-
Externalizing authentication: Trust Boundaries and IAM
-
Sustaining IAM with rapid turnover and job changes
-
IAM Compliance Management
-
Identity Federation Management
-
OAUTH
-
ITIL
-
ISO 27001/27002
-
Vulnerability and Risk assessment
-
Incident response
-
What can we learn from CCID (Cloud Computing Incidents Database
-
Cloud Health monitoring (internal and 3rd party)
-
Reading a Cloud Security Provider agreement
-
Discussing the data life cycle in the context of cloud computing
-
Facebook’s new privacy initiative
-
Cloud Security and the Federal Rules of Civil Procedure
SAMPLE ASSIGNMENT
