Generic high level Cloud security risk assessment checklist
I find myself this week with a bit of free time so I want to improve my tools and checklists (for consulting purposes)
I want to create a generic checklist for cloud security, like a list of questions and answers to cross check if the cloud instance followed basic security sanity.
Is there a generic list that you use or a standard that you implement?
I'm also interested in the common mistakes that people make when it comes to cloud security...what kind of things people usually tend to miss? common mistakes/misconfigurations etc?
I know it's a broad question..I'd love to hear from all the cloud gurus, I'm sure you'll have some great tips
Certs: GPEN, GCFA, CISM, CRISC, RHCE
In Progress: MBA