GCP_Security_Professional_Script/ACG_Security_Script.txt at master · jasonawsid/GCP_Security_Professional_Script · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
The “ACG Script” is the planned “General Security” script for the non-certification course planned for ACG by Jason Lutz.

------Development Notes (Not Script)------
Use CIS to drive this.
Use CSA CCM to check for gaps.
Develop a ISO 27001 program.
*Need to add server security.

------End Development Notes-----

-----Table of Contents-----

PART ONE (General Security)
1. Benefits of using the cloud.
	All the benefits.
	Definitions.
2. Security concerns using the cloud.
	Responsiblity model

3. Introduction to GCP/Review.
4. Security Best Practices in Cloud.
5. Security Best Practice. in GCP.
PART TWO (CIS)
1. Demonstration of CIS GCP documentation.
2. Discussion of the CIS domains and resolutions.
	IAM
	Logging and Monitoring
	Networking

3. Hands on Item #1
4. Testing for compliance within GCP.
5. Testing for compliance third party.

PART THREE (Security at the Host Level)
1. Discussion of server security (methods and tools).
2. Discussion of network security (methods and tools).
3. Discussion of other security items (methods and tools).
4. Other security concerns (methods and tools).

PART FOUR (Application security).
1. Application security (methods and tools).
2. GCP Application security (methods and tools).
3. Other applicaiton security (method and tools).

PART THREE (CSA)

PART FOUR (ISO)

PART FIVE (Closure)

----End Table of Contents-----