| Leverage CIS Benchmarks for Cloud Security | KirkpatrickPrice

Leverage CIS Benchmarks for Cloud Security

Related Videos

4 Ways to Treat Risk

5 Focus Areas for AWS Compliance

AWS Controls for Implementing a DMZ

AWS Firewall Manager Centralized Logging

AWS Functions to Restrict Database Access

AWS Incident Response Playbook

AWS Incident Response Playbook for Credential compromise

AWS Incident Response Playbook for Ransomware

AWS Incident Response Playbook for S3 Buckets

AWS Password Best Practices

AWS Password Expiration Policies

AWS Password Reuse Policy

AWS Security Needs a Growth Mindset

AWS Tools for Your SDLC

AWS Web Application Firewall Defaults

Access Control Using IAM Instance Roles

Achieve Cloud Security with an Expert Who Cares

Achieving High Availability in AWS

Activate Azure Key Rotation Reminders.mov

Activate Microsoft Defender for Azure SQL Databases

Allow Azure Services Access to Storage Accounts

Antivirus Solutions on EC2 Instances

Assign Access Based on Business Need to Know

Assign Appropriate Contacts to Essential Roles

Assigning Information Security Management Responsibility

Attaching IAM Policies to Groups or Roles

Attributes of Log Data

Audit Trail Review with Kibana, Athena, and GuardDuty

Audit Your Security Groups for Insecure Ports and Protocols

Auditor Insight: The Top 3 Issues with Your Risk Assessment [WEBINAR]

Auditors Who Make Sure You're Secure

Authenticate and Authorize Users with Client Certificates

Autoprovisioning of Microsoft Defender for Containers Components.mov

Avoid Use of the Root Account

Avoid Using Default Service Account When Configuring Instances

Basic Tools for AWS Security

Basics of Role Assumption

Best Practices for Change Management in AWS

Best Practices for Container Security

Best Practices for Password Parameters

Best Practices for Secret Management

Breaking Down AWS Security

Change-Detection Solutions in AWS

Cloud Attacks on the Rise

Cloud Security Posture Management

Cloud Services Are Assets with Risk

CloudTrail and CloudWatch Integration

Communicating Risk Assessment Results

Configure Activity Log Container Access to Private

Configure Shared Access Security Tokens to Expire within an Hour

Configure Storage Accounts to Use Customer Managed Keys

Configuring Network Border Controls

Connect Your AWS Account Using CloudFormation

Connect with AWS Security Experts

Consider an Exclusionary Geographic Access Policy

Consistently Manage User Accounts with OS Login

Create Activity Log Alert for Delete SQL Server Firewall

Create Policies for Usage of Critical Technologies

Create a Minimal Audit Policy for Logging

Create a Review Process for Apps

Create a Review Process of Guest Users

Create an Activity Log Alert for Create or Update Public IP Address

Create an Activity Log Alert for Delete Security Solution

Creating a Data Flow Diagram

Creating a Network Diagram

Defining Business Continuity and Disaster Recovery

Defining Likelihood and Impact

Defining Resources in IAM Policies

Defining Resources in S3 Bucket Policies

Defining Risk, Threat and Vulnerability

Defining Roles and Responsibilities in AWS

Deploying Security Patches on EC2 Instances

Determining Impact to Your Assets

Developing a Process for User Authentication

Disable Caching of Second Factor of Authentication Beyond One Day

Disable Public Access Level for Storage Accounts with Blob Containers

Disabling Insecure Ports and Protocols

Disabling Unused Credentials

Disallow Other Apps to Access Company Data

Do All Keys Have Resources Attached?

Do Not Allow Users to Remember MFA on Devices They Trust

Do Not Enable Serial Ports for VM Instance

Do Not Use API Keys at the Project Level

Do Not Use Project-Wide SSH Keys When Authenticating Instances

Do Not Use RSASHA1 for DNSSEC Key-Signing Keys

Do You Have to Do PCI?

Document Your Configuration Management Practices

Documenting a Systems Inventory in AWS

Does AWS Provide Vendor Defaults?

Don't Face Cloud Security Alone

EC2 Instances in Availability Zones

Enable Access Transparency to Monitor Google Cloud Engineer Access

Enable Alerting for Cloud Storage IAM Permission Changes

Enable Autoprovisioning of Vulnerability Assessment for Machines

Enable Bucket Lock to Protect Sink Destinations from Modification

Enable Cloud Audit Logging Across Your Project

Enable Cloud DNS Logging for VPC Networks

Enable DNSSEC to Protect DNS Protocols

Enable HTTPS Connections on App Engine Applications

Enable Logging of Read, Write, and Delete Requests for Blob Service

Enable Logging of Read, Write, and Delete Requests for Table Service

Enable Maintenance and Backups for RDS

Enable Microsoft Defender for App Services

Enable Microsoft Defender for DNS

Enable Microsoft Defender for IoT

Enable Microsoft Defender for Open Source Relationship Databases

Enable Microsoft Defender for SQL Server on Machines

Enable Microsoft Defender for Servers

Enable Multi-Factor Authentication for Non-Service Accounts

Enable Multifactor Authentication for Administrators

Enable Multifactor Authentication for All Users

Enable Queue Storage Logging for Read Write Access

Enable Role Based Access Control (RBAC) for Azure Key Vault

Enable Shielded VM to Ensure Operating System is Trustworthy

Enable VPC Flow Logs for Every Subnet

Enabling AWS Config in All Regions

Enabling CloudTrail Log File Validation

Enabling CloudTrail in All Regions

Enabling MFA for All IAM Users

Encrypt BigQuery Datasets with Customer Managed Encryption Key (CMEK)

Encrypt Dataproc Cluster Using Customer Managed Encryption Key

Encrypt Infrastructure to Further Protect Your Environment

Encrypt Kubernetes Secrets Using Keys

Encrypt Storage for Critical Data with CMKs

Encrypting Traffic In and Out of AWS

Encryption Decisions for Your Technology Stack

Encryption Opportunities

Encryption for EBS Volumes

Encryption for S3 Buckets

Enforce Multifactor Authentication for All Users

Enforce Separation of Duties When Assigning KMS Related Roles

Enforce Separation of Duties When Assigning Service Account Roles

Enforce Separation with Access Controls

Enforcing Strong Encryption in AWS

Enforcing Strong TLS Ciphers

Ensure ALBs Have WAF ACLs Attached

Ensure Alerts Exist for Project Ownership Changes

Ensure Alerts are Received for VPC Network Changes

Ensure Autoprovisioning of the Log Analytics Agent Is Enabled for Azure VMs

Ensure BigQuery Datasets Are Not Publicly Accessible

Ensure Cloud Storage Buckets Are Not Publicly Accessible

Ensure Container Network Interfaces Support Network Policies

Ensure Corporate Login Credentials are Used

Ensure Diagnostic Setting Captures Appropriate Categories

Ensure GKE Nodes are Configured Properly

Ensure Guest Accounts Are Restricted

Ensure HTTP(S) Access from the Internet Is Reviewed and Restricted

Ensure KMS Cryptokeys Are Not Publicly Accessible

Ensure Kubernetes Idle Timeout Parameter is Appropriately Set

Ensure Log Alert Exists for Create or Update Network Security Group

Ensure Logging for AppServiceHTTPLogs

Ensure Microsoft Defender Is Enabled for Storage Accounts

Ensure Microsoft Defender Is Enabled for the Azure Resource Manager

Ensure Microsoft Defender for Databases Is Enabled

Ensure Microsoft Defender for Key Vaults Is Enabled

Ensure Network Security Group Flow Logs Are Sent to Log Analytics

Ensure No Weak SSL Cipher Suites Are Permitted

Ensure Notifications are Enabled for Password Resets

Ensure Only Administrators Can Create Groups

Ensure Only Authorized Users Can Create Security Groups

Ensure RDS Instances are Only Accessible by Internal IPs

Ensure Secure Transfer

Ensure Service Accounts Can't Access Admin Privileges

Ensure Soft Delete Is Enabled

Ensure That a Diagnostic Setting Is Enabled

Ensure Use of CMKs for Unattached Disks

Ensure an Activity Log Alert Exists for Delete Public IP Address

Ensure that Virtual Hard Disks Are Encrypted

Ensure that an Expiration Date Is Set for All Keys in Non-RBAC Key Vaults

Ensure that an Expiration Date Is Set for All Secrets in Non-RBAC Key Vaults

Ensure the Key Vault Is Recoverable

Ensure the Minimum TLS Version for Storage Accounts Is Set to 1.2

Ensure to Restrict SSH Access from the Internet

Ensuring Role Assumption is Logged

Establish Policy to Disconnect Vendor Sessions When Not in Use

Establish a Log Metric Alert for Configuration Changes in SQL Instances

Evaluate Public IP Addresses Regularly

Evaluate and Restrict UDP Access from the Internet

Evaluating Likelihood and Impact

Events that Drive Key Rotation

Exclusively Use GCP-Managed Service Account Keys

FAQs for Amazon S3 Security

Filters and Alarms in CloudWatch

GKE Authentication and Authorization Best Practices

GKE Cluster Configuration Security Benchmarks

General Policies for Cluster Management

Generate Log Metric Alerts for Custom Role Changes

Getting Started with PCI Compliance

Greg Halpin Audit Tip

GuardDuty Alerts for Control Failures

HIPAA Safe Harbor

HIPAA and Risk Analysis

HITRUST and Risk Assessment

Harden Cloud SQL Database with Logging

Historically View Project Resources in Asset Inventory

House Accounts in CloudTrail

How To Configure Your Cluster Networks

How to Attach IAM Policies to Groups or Roles

How to Check MFA in a Credential Report

How to Check Use of the Root Account

How to Configure Encryption for EBS Volumes on Existing EC2 Instances

How to Configure Encryption for EBS Volumes on New EC2 Instances

How to Configure Encryption for RDS

How to Configure Encryption for S3 Buckets

How to Configure Kubelet Within Your Environment

How to Edit Inbound Traffic Rules for Default Security Groups

How to Find Administrative Privileges in IAM Policies

How to House Multiple Accounts Within an AWS Organization

How to Modify Password Complexity in a Password Policy

How to Modify Permissions to EBS Snapshots

How to Prevent Password Reuse in a Password Policy

How to Restrict Public Access to S3 Buckets

How to Use S3 Bucket Policies

How to Use S3 Versioning and Lifecycle Rules

How to Use Your AWS Report

IAM Policies for Account Authentication

IAM Policies that Address Administrative Privileges

IP Forwarding Should Not Be Enabled for Instances

Identify Unrestricted Access to Ports for Security Groups

Identify Your Assets

Identify and Prioritize Your Cloud Security Risk

Identify if EC2 Instances Are Directly Connected to the Internet

Identifying Assets, Threats, and Vulnerabilities

Identifying Unused Credentials in a Credential Report

Identifying and Ranking Vulnerabilities in AWS

Identity and Access Management Benchmarks in GKE

Ignite, Launch, and Lift-Off

Image Registry and Scanning Best Practices

Implement Procedures to Secure Your Mobile Devices

Industry Best Practices for Configuration Standards

Industry Standards for Risk Assessment

Install Endpoint Protection for All Virtual Machines

Introduction to AWS Network Firewall

Introduction to AWS Security Hub

Introduction to AWS WAF and Shield

Introduction to Amazon CloudWatch

Introduction to Amazon Detective

Introduction to Amazon EKS

Introduction to Amazon Inspector

Introduction to Amazon S3 Access Points

Introduction to IAM Access Analyzer

Introduction to NIST SP 800-30

Introduction to NIST SP 800-39

Introduction to PCI DSS Requirement 1

Introduction to PCI Requirement 2.mp4

Join the KirkpatrickPrice Community

Key Rotation and Management

Learn from an AWS Security Expert

Learn from an Azure Expert

Leverage Confidential Computing to Protect Data

Leverage Google Cloud Engineers by Granting Access Approval

Load Balancers Must Require TLS 1.2

Log and Retain All Relevant Activities

Logging Tools in AWS

Logging Web ACL Data in Amazon Kinesis

MFA for API Calls

Manage Access Securely Using Uniform Bucket-Level Access

Meeting Firewall and Router Configuration Standards

Meeting Your Baseline with Patch Manager

Migrate Away from RSASHA1 for DNSSEC Zone-Signing Keys

Migrate Legacy Networks to VPC Networks

Minimize Public IP Address on Compute Instances

Minimize Root and SA Account Access in Cloud SQL

Monitor Network Traffic with VPC Flow Logs

Monitor Your Environment with Network Watcher

Monitor for "Delete Network Security Groups" Through Log Alerts

Monitoring Changing Risk

Network Segmentation for AWS

Networking Configurations in Kubernetes Environment

New Cloud Security Capabilities for the Online Audit Manager

Node MetaData Recommendations in GKE

Notify Admins of Other Admin Password Resets

Only Allow Administrators to Delete Locked Resources

Only Allow Approved Employees to Invite Guests

Only Allow Trusted Apps to Access Company Data

Only Install Company-Approved Extensions on Your Virtual Machines

Our Security Standards

PCI Compliance One Step at a Time

PCI DSS Requirement 1.1.1 - Implementing a Change Control Program

PCI DSS Requirement 1.1.2 and 1.1.3 - Network Documentation Best Practices

PCI DSS Requirement 1.1.4 - Establishing a Firewall and DMZ

PCI DSS Requirement 1.1.6 Documentation of Business Justification & Approval for use of all Services, Ports and Protocols

PCI DSS Requirement 1.1.7 - Review Firewall and Router Rule Sets

PCI DSS Requirement 1.2 Restrict Connections to Untrusted Networks

PCI DSS Requirement 1.2.1 Restrict Traffic to that which is Necessary

PCI DSS Requirement 1.2.2 Secure and Synchronize Router Configuration Files

PCI DSS Requirement 1.2.3 Install Firewalls Between all Wireless Networks and the CDE

PCI DSS Requirement 1.3 Examine Firewall and Router Configurations

PCI DSS Requirement 1.3.1 - Establishing a DMZ

PCI DSS Requirement 1.3.2 Limit Inbound Internet Traffic

PCI DSS Requirement 1.3.3 - Implement Anti Spoofing Measures

PCI DSS Requirement 1.3.4 - Deny Unauthorized Outbound Traffic

PCI DSS Requirement 1.3.5 - Permit Only Established Connections into the Network

PCI DSS Requirement 1.3.6 Segregate the CDE from the DMZ

PCI DSS Requirement 1.3.7 Do Not Disclose Private IP Addresses

PCI DSS Requirement 1.4 Install Personal Firewall Software

PCI DSS Requirement 1.5 Ensure Security Policies are Known to all Affected Parties

PCI DSS and Risk Assessment

PCI Requirement 2.1 - Always Change Vendor-Supplied Defaults

PCI Requirement 2.1.1 - Change all Wireless Vendor Defaults

PCI Requirement 2.2 - Develop Configuration Standards for all System Components

PCI Requirement 2.2.1 - Implement Only One Primary Function Per Server

PCI Requirement 2.2.2 - Enable Only Necessary Services, Protocols and Daemons

PCI Requirement 2.2.3 - Implement Additional Security Features

PCI Requirement 2.2.4 - Configure System Security Parameters to Prevent Misuse

PCI Requirement 2.2.5 - Remove all Unnecessary Functionality

PCI Requirement 2.3 - Encryption

PCI Requirement 2.4 - Maintain an Inventory of In-Scope System Components

PCI Requirement 2.5 - Ensure Security Policies Are Known to All Affected Parties

PCI Requirement 2.6 - Shared Hosting Providers Must Protect Each Entity’s Hosted Environment

PCI Requirement 6.4 – Follow Change Control Processes & Procedures for Changes to System Components

PCI v3.2.1 vs. PCI 4.0: What's Changed?

PCI v4.0 - 1.1.1: Requirement 1 Policies and Procedures Are In Place

PCI v4.0 - 1.1.2: Requirement 1 Roles and Responsibilities Are In Place

PCI v4.0 - 1.2.1: Configuration Standards for Network Security Controls Are Implemented

PCI v4.0 - 1.2.2: Changes to Network Connections and Security Controls Are Approved

PCI v4.0 - 1.2.3: Maintain an Accurate Network Diagram

PCI v4.0 - 1.2.4: Maintain an Accurate Data-Flow Diagram

PCI v4.0 - 1.2.5: All Services Protocols and Ports Are Identified and Approved

PCI v4.0 - 1.2.6: Security Features Are Implemented on All Services Protocols and Ports

PCI v4.0 - 1.2.7: Network Security Controls Configurations Are Reviewed Regularly

PCI v4.0 - 1.2.8: Keep Configuration Files for Network Security Controls Secure and Consistent

PCI v4.0 - 1.3.1: Inbound Cardholder Data Environment Traffic Is Restricted

PCI v4.0 - 1.3.2: Outbound Traffic from the Cardholder Data Environment Is Restricted

PCI v4.0 - 1.3.3: Implement a Network Security Control Between Wireless Network and Wired CDE Segments

PCI v4.0 - 1.4.1: Network Security Controls Are Installed Between Trusted and Untrusted Networks

PCI v4.0 - 1.4.2: Inbound Traffic From Untrusted to Trusted Networks Is Restricted

PCI v4.0 - 1.4.3: Anti-Spoofing Measures Are In Place

PCI v4.0 - 1.4.4: Ensure Stored Cardholder Data Is Not Accessible from Untrusted Networks

PCI v4.0 - 1.4.5: Internal IP Addresses And Routing Information Is Only Disclosed to Authorized Parties

PCI v4.0 - 1.5.1: Security Controls Are Implemented on Any Computing Devices

PCI v4.0 - 2.1.1: Requirement 2 Policies and Procedures Are In Place

PCI v4.0 - 2.1.2: Requirement 2 Roles and Responsibilities Are In Place

PCI v4.0 - 2.2.1: Configuration Standards Are Developed Implemented and Maintained

PCI v4.0 - 2.2.2: Vendor Default Accounts Are Managed Properly

PCI v4.0 - 2.2.3: Primary Functions Requiring Different Security Levels Are Managed

PCI v4.0 - 2.2.4: Unnecessary Functionalities Are Removed or Disabled

PCI v4.0 - 2.2.5: Insecure Daemons Protocols and Services Have Additional Security Features

PCI v4.0 - 2.2.6: System Security Parameters Are Configured to Prevent Misuse

PCI v4.0 - 2.2.7: Non-Console Administrative Access Is Encrypted

PCI v4.0 - 2.3.1: Wireless Vendor Defaults Are Changed or Confirmed to Be Secure

PCI v4.0 - 2.3.2: Wireless Encryption Keys Are Changed Accordingly

PCI v4.0 - 3.1.1 & 3.1.2: Have Requirement 3 Policies and Procedures Assigned and In Place

PCI v4.0 - 3.2.1: Only Retain the Minimum Account Data Needed

PCI v4.0 - 3.3.1, 3.3.1.1, 3.3.1.2, & 3.3.1.3: Do Not Retain Any Sensitive Authentication Data

PCI v4.0 - 3.3.2: Encrypt Sensitive Authentication Data If Retained for Any Length of TIme

PCI v4.0 - 3.3.3: (Issuers Only) Store Only the Minimum Amount of Sensitive Authentication Data Needed

PCI v4.0 - 3.4.1: Mask Displayed Primary Account Number

PCI v4.0 - 3.4.2: Do Not Allow Primary Account Numbers to Be Copied When Using Remote Access

PCI v4.0 - 3.5.1.1: Ensure All Hashes Are Keyed

PCI v4.0 - 3.5.1.2: Correctly Utilize Disk-Level Encryption of Primary Account Numbers

PCI v4.0 - 3.5.1.3: Ensure Disk-Level Encryption Meets Requirements

PCI v4.0 - 3.5.1: Store Primary Account Numbers Appropriately

PCI v4.0 - 3.6.1.1: (Service Providers) Document and Describe the Cryptographic Architecture

PCI v4.0 - 3.6.1.3 & 3.6.1.4: Use Fewest Possible Custodians and Locations for Cryptographic Keys

PCI v4.0 - 3.6.1: Use Fewest Possible Number of Key Custodians Locations and Forms

PCI v4.0 - 3.7.1: Utilize Procedures to Generate Strong Cryptographic Keys

PCI v4.0 - 3.7.2 & 3.7.3: Implement Policies and Procedures to Safely Distribute and Store Keys

PCI v4.0 - 3.7.4: Define Cryptoperiods in Policies and Procedures for Key Management

PCI v4.0 - 3.7.5: Properly Retire Replace or Destroy Keys When Appropriate

PCI v4.0 - 3.7.6: Use Split Knowledge and Dual Control for Manual Cleartext Key Management

PCI v4.0 - 3.7.7: Do Not Allow Unauthorized Key Substitution

PCI v4.0 - 3.7.8: Require Key Custodians to Acknowledge and Accept Their Responsibilities

PCI v4.0 - 4.1.1 & 4.1.2: Have Requirement 4 Policies and Procedures Assigned and In Place

PCI v4.0 - 4.2.1.1: Maintain Inventory of Trusted Keys and Certificates

PCI v4.0 - 4.2.1.2: Utilize Strong Cryptography When Transmitting Primary Account Numbers on Wireless Networks

PCI v4.0 - 4.2.1: Properly Secure Primary Account Numbers During Transmission

PCI v4.0 - 4.2.2: Secure Primary Account Numbers When Transmitting via End User Messaging

Partner with an Expert on Cloud Security

Penetration Testing in AWS

Perform Your Azure Scan

Pods Security Policies Benchmarks

Preparing for a Risk Assessment

Prevent Bad Passwords in Azure

Preventing Publicly Available S3 Buckets

Protect Against Threats With Extensible Admission Control

Protect Kernel Defaults Through Configuration Settings

Protect Your Data with PCI DSS

Real-world Risk Assessment

Remove Default Networks from All Projects

Restrict API Permissions If Using Default Service Accounts

Restrict RDP Authorized Access from the Internet

Restrict Unnecessary External Access in Cloud SQL

Reviewing Firewall and Router Configurations

SOC 2 Academy: Change Control Processes

SOC 2 Academy: Change Management Best Practices

Specify Customer-Managed Encryption Key (CMEK) as Default in BigQuery Datasets

Step One for Risk Assessment

Systems Manager Maintenance

The Assessment of Fraud for SOC 2

The Importance of Patch Management in Virtual Machines

The Importance of a Gap Analysis

Thinking About Likelihood and Impact

Understanding NIST SP 800-39

Use Customer Supplied Encyryption Keys (CSEK) for Critical VM Disks

Use Identity Aware Proxy (IAP) to Restrict Access to Network

Use TLS to Encrypt All Connections in Cloud SQL

Using Your Risk Assessment Results

Utilize Managed Disks for Virtual Machines

What Are The Steps to Risk Assessment

What Is the Process for Risk Assessment

What Risk Assessment Documentation is Necessary

What Risk Assessment Method is Appropriate

What Should Be Included in Your Risk Assessment

What Threats Should Be Considered

What is an AWS Scan?

What is the Google Kubernetes Shared Responsibility Model

What's the Point of PCI DSS?

Who is Involved in a Risk Assessment

Work with a GCP Expert

Your AWS Accountability Partner

Your PCI Audit Goes Wrong: What Do You Do?