- Comprehend Cloud Infrastructure Components
- Physical Environment
- Network and Communications
- Compute
- Virtualization
- Storage
- Management Plane
- Design a Secure Data Center
- Logical Design (e.g., tenant partitioning, access control)
- Physical Design (e.g. location, buy or build)
- Environmental Design (e.g., Heating, Ventilation and Air Conditioning (HVAC), multi-vendor pathway connectivity)
- Analyze Risks Associated with Cloud Infrastructure
- Risk Assessment and Analysis
- Cloud Vulnerabilities, Threats and Attacks
- Virtualization Risks
- Counter-measure Strategies
- Design and Plan Security Controls
- Physical and Environmental Protection (e.g., on-premise)
- System and Communication Protection
- Virtualization Systems Protection
- Identification, Authentication and Authorization in Cloud Infrastructure
- Audit Mechanisms (e.g., log collection, packet capture)
- Plan Disaster Recovery (DR) and Business Continuity (BC)
- Risks Related to the Cloud Environment
- Business Requirements (e.g., Recovery Time Objective (RTO), Recovery Point Objective (RPO), Recovery Service Level (RSL))
- Business Continuity/Disaster Recovery Strategy
- Creation, Implementation and Testing of Plan
