Autoplay
Autocomplete
Previous Lesson
Complete and Continue
PCI DSS Cloud Audit - beta
Introduction to Cloud Computing
Welcome and intro to the program
Example IT supply chain: mobile app (3:55)
What are the essentials of cloud? Domain 1 of CCSK.
CCSKv4 Domain 1 questions
Cloud Service models
Service Model Game
Shared responsibility model
Services of the Major Cloudproviders, and how they map
Courseware for the Major Cloudproviders
Introduction to PCI-DSS
Assumed background
PCI-DSS-v4_0
PCI_SSC_Cloud_Guidelines_v3
Information Supplement: Guidance for Containers and Container Orchestration Tools
Information Supplement: PCI DSS Virtualization Guidelines
Cloud Provider Documentation
2023 - PCI DSS v4.0 - Microsoft Azure Attestation of Compliance
2023 - PCI DSS v4.0 - Microsoft Azure Shared Responsibility Matrix
Azure - Germany - PCI Penetration Test Report redacted (January 2019)
2023 - Google Cloud Platform: PCI DSS v4.0 Shared Responsibility Matrix
PCI Requirement 1: Network
Introduction R1
The elements of scalable infrastructure (15:57)
Demo of AWS and security controls (8:53)
Virtualisation versus cloud (2:41)
SDN (Software Defined Networking) (8:52)
Deployment models, private cloud and AWS isolation (3:48)
An AWS network isolation control example
Labs
Prepare for Labs - required skills
Check your AWS lab access
Check your MS Azure lab access
AWS lab architecture
Requirement 1 example, AWS Security groups - your turn
Requirement 1.2.3, Review the AWS Lab Network Diagram 'in vivo'
CloudWenger: The CLI Swiss Army knife
MSA lab architecture
Requirement 1.2.3, Review the MSA Lab Network Diagram 'in vivo'
AWS Example Architectures
Introduction AWS examples
Architecting for PCI DSS Scoping and Segmentation on AWS
Architecting Amazon EKS (Kubernetes) for PCI DSS Compliance
PCI AWS Cloud Quickstart (wayback)
Audit companion for the AWS PCI DSS Quick Start - AWS Security Blog
AKS Example Architectures
A PCI DSS 3.2.1 example with Azure Kubernetes Service
Where do Technical Security Controls Come From?
New technology brings new risks and new controls
CIS Benchmark AWS Foundations
CIS Benchmark MSA Foundations
CIS Benchmark GCP Foundations
Lab: Getting started with CIS controls
Lab R1 - Your turn, again
Working with the CIS community
Web versus Command line (CLI) versus API
Multiple approaches for checking controls - a network isolation example
PCI Requirement 2: System components
Introduction R2
CIS Benchmark Ubuntu
CIS Benchmark Red Hat Enterprise Linux - draft
PaaS and SaaS architecture (10:51)
Types of PaaS (8:57)
Image provenance
Lab R2 - your turn
PCI Requirement 3: Data Protection
Introduction R3
The Data Security Lifecycle
Data Protection Principles
Encryption Architectures explained with Deployment Diagrams (5:35)
Lab R3 Demo
Lab R3 - your turn
PCI Requirement 4: Open networks
Introduction R4
Lab R4 - your turn
PCI Requirement 5: Workload Antivirus
Introduction R5
Control Frameworks and Mappings
Introduction to the CCM and CAIQ
PCI Requirement 6: Software and Supply Chain
Introduction R6
Continuous Delivery from Code to Production (3:52)
Demo of Continuous Delivery Pipeline (4:16)
Containers - intro (11:32)
Containers - risk intro (11:37)
WAF as a Service
Infrastructure Hardening - Terraform Exercise
Lab R6 - your turn
PCI Requirement 7 & 8: Identity
Introduction R7-8
Federated Identity Management
Identity and Entitlements
Lab R7/8- your turn
PCI Requirement 9: Physical
Introduction R9
Lab R9
PCI Requirement 10: Logging and Monitoring
Introduction R10
Excerpt from Cloud Security Lab a Week
Cloud Monitoring Overview
Review of AWS GuardDuty
Event Driven Security and Serverless
Lab R10 - demo
Lab R10 - your turn
PCI Requirement 11: Pentesting and scanning
Introduction R11
Lab R11 - demo
Lab R11 - your turn
PCI Requirement 12: Scope and Policy
Introduction R12
Bonus section
Pentesting labs
Quiz: your progress
Docker, Kubernetes and Automation
Docker, Kubernetes and ArgoCD (13:58)
Containers and Container Security
NSA Kubernetes Hardening Guidance
Kubernetes Auditing and Pentesting
Teach online with
Requirement 1.2.3, Review the MSA Lab Network Diagram 'in vivo'
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock