Generic high level Cloud security risk assessment checklist

UnixGuyUnixGuy Mod Posts: 4,564 Mod
I find myself this week with a bit of free time so I want to improve my tools and checklists (for consulting purposes)

I want to create a generic checklist for cloud security, like a list of questions and answers to cross check if the cloud instance followed basic security sanity.

Is there a generic list that you use or a standard that you implement?

I'm also interested in the common mistakes that people make when it comes to cloud security...what kind of things people usually tend to miss? common mistakes/misconfigurations etc?


I know it's a broad question..I'd love to hear from all the cloud gurus, I'm sure you'll have some great tips
Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


Comments

  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Hey Unix Guy, How are you keeping? CSA, on their website as part of the CCSKv4, have a pretty nice checklist mapped to the major standards too regarding cloud deployments. You can obtain a copy from the website for free. In the UK, we have a mapping to NCSC (Gov) cloud security 14 principles which is pretty good too - you can easily find on Google. A number of common mistakes found - for starters lack of understanding of the shared responsibility model!
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    @scasc with the goods as always! Thanks, that's exactly what I'm looking for

    I'm good, just working from home, life goes on


    how you holding up?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Hey - good to hear all is well. Same here, with COVID flying about everyone been asked to work remotely so trying to manage with the kids all around. Hopefully the checklists will help, let me know if there is anything else I can help with. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.