Cloud security

Pathway: STEM

Prerequisite: Teaching speacial needs

#Security

1. Analyze cloud shared-responsibility models and threat landscapes across AWS, Azure, and GCP to prioritize controls using STRIDE and MITRE ATT&CK for Cloud aligned with NIST SP 800-53 and CIS Benchmarks.

Learning Targets:

1. Compare provider-specific shared-responsibility matrices for IaaS, PaaS, and SaaS, delineating customer versus provider control ownership for at least three control families.

2. Perform threat modeling on a given cloud workload using STRIDE, identifying assets, trust boundaries, threats, and mitigations with explicit assumptions.

3. Map identified threats to relevant MITRE ATT&CK for Cloud techniques and propose specific detections and preventive controls for each technique.

4. Prioritize risk treatments using a quantitative or semi-quantitative scoring method and align proposed controls to NIST SP 800-53 and CIS Benchmarks.

5. Document risk acceptance, transfer, and mitigation decisions with rationale, residual risk, and required monitoring artifacts.

Modules

Subscribe To See More

2. Implement least-privilege and Zero Trust identity and access management using AWS IAM, Microsoft Entra ID/Azure RBAC, and GCP IAM with MFA, conditional access, and federation via OAuth 2.0/OIDC/SAML.

Learning Targets:

1. Create role- and attribute-based access policies in IAM services enforcing least privilege; validate with AWS IAM Access Analyzer/Policy Simulator, Azure PIM/Access Reviews, or GCP Policy Analyzer.

2. Configure SSO federation between an identity provider (e.g., Entra ID) and AWS/GCP using OIDC/SAML; verify role assumption and scoped session duration with audit logs.

3. Enforce MFA and conditional access for privileged roles; test break-glass accounts and document recovery procedures.

4. Rotate and manage credentials and secrets using AWS Secrets Manager or Azure Key Vault or HashiCorp Vault; implement audit trails and alert on anomalous secret access.

Cloud security

Pathway: STEM

Prerequisite: Teaching speacial needs

#Security

1. Analyze cloud shared-responsibility models and threat landscapes across AWS, Azure, and GCP to prioritize controls using STRIDE and MITRE ATT&CK for Cloud aligned with NIST SP 800-53 and CIS Benchmarks.

Learning Targets:

1. Compare provider-specific shared-responsibility matrices for IaaS, PaaS, and SaaS, delineating customer versus provider control ownership for at least three control families.

2. Perform threat modeling on a given cloud workload using STRIDE, identifying assets, trust boundaries, threats, and mitigations with explicit assumptions.

3. Map identified threats to relevant MITRE ATT&CK for Cloud techniques and propose specific detections and preventive controls for each technique.

4. Prioritize risk treatments using a quantitative or semi-quantitative scoring method and align proposed controls to NIST SP 800-53 and CIS Benchmarks.

5. Document risk acceptance, transfer, and mitigation decisions with rationale, residual risk, and required monitoring artifacts.

Modules

Subscribe To See More

2. Implement least-privilege and Zero Trust identity and access management using AWS IAM, Microsoft Entra ID/Azure RBAC, and GCP IAM with MFA, conditional access, and federation via OAuth 2.0/OIDC/SAML.

Learning Targets:

2. Configure SSO federation between an identity provider (e.g., Entra ID) and AWS/GCP using OIDC/SAML; verify role assumption and scoped session duration with audit logs.

3. Enforce MFA and conditional access for privileged roles; test break-glass accounts and document recovery procedures.

4. Rotate and manage credentials and secrets using AWS Secrets Manager or Azure Key Vault or HashiCorp Vault; implement audit trails and alert on anomalous secret access.

learn with eve

Cloud security

Pathway: STEM

Prerequisite: Teaching speacial needs

1. Analyze cloud shared-responsibility models and threat landscapes across AWS, Azure, and GCP to prioritize controls using STRIDE and MITRE ATT&CK for Cloud aligned with NIST SP 800-53 and CIS Benchmarks.

Learning Targets:

Modules

2. Implement least-privilege and Zero Trust identity and access management using AWS IAM, Microsoft Entra ID/Azure RBAC, and GCP IAM with MFA, conditional access, and federation via OAuth 2.0/OIDC/SAML.

Learning Targets:

Cloud security

Pathway: STEM

Prerequisite: Teaching speacial needs

1. Analyze cloud shared-responsibility models and threat landscapes across AWS, Azure, and GCP to prioritize controls using STRIDE and MITRE ATT&CK for Cloud aligned with NIST SP 800-53 and CIS Benchmarks.

Learning Targets:

Modules

2. Implement least-privilege and Zero Trust identity and access management using AWS IAM, Microsoft Entra ID/Azure RBAC, and GCP IAM with MFA, conditional access, and federation via OAuth 2.0/OIDC/SAML.

Learning Targets:

Modules

3. Design and harden secure cloud network architectures using VPC/VNet, security groups/NSGs, private endpoints, WAF/DDOS controls, and Kubernetes network policies with service mesh mTLS.

Learning Targets:

Modules

4. Architect data protection controls implementing encryption in transit and at rest with TLS 1.2+, KMS/Key Vault/Cloud KMS, envelope encryption, CMEK, and data classification/DLP policies.

Learning Targets:

Modules

5. Harden cloud workloads across VMs, containers, and serverless using CIS Benchmarks, admission controls (OPA/Gatekeeper or Kyverno), vulnerability management, and CSPM/WP capabilities.

Learning Targets:

Modules

6. Integrate security into DevOps by automating IaC validation, dependency and code scanning, artifact signing/SBOM, and release gating using Terraform, Checkov/tfsec, Semgrep/ZAP, and Sigstore Cosign.

Learning Targets:

Modules

7. Establish cloud security monitoring, detection, and incident response by centralizing logs, authoring detections mapped to ATT&CK, orchestrating SOAR playbooks, and producing compliance evidence.

Learning Targets:

Modules