• Explore cloud computing architecture: cloud computing definition, essential characteristics, service models, deployment models, cloud foundational elements/enablers • Investigate and critically assess the concept of Multi-tenancy • Analyse and assess the levels of Security Control for SPI Model • Evaluate the security benefits of cloud computing

• Investigate the Security Fundamentals (i.e. CIA Security Triad, Defence in Depth, AAAs of Security, Non-repudiation, Least Privilege, Separation of Duties, Due Diligence, etc.) • Identify and investigate Top Security Risks (i.e. Loss of Governance, Lock-In, Isolation Failure, Compliance Risks, Management Interface Compromise, Data Protection, Insecure or Incomplete Data Deletion, Malicious insider, etc.) • Explore various security architectures (i.e. TOGAF, SSE-CMM, etc.) and reference models (i.e. CSA TCI, Cloud Cube Model, etc.) • Compare and contrast various threat models (i.e. STRIDE, DREAD, etc.) • Investigate security assurance (i.e. CSA STAR initiative, ENISA Information Assurance Framework, etc.)

• Assess IaaS Security Concerns • Explore the concept of Virtualisation • Analyse and assess Hypervisor architecture concerns • Assess the challenges associated with protecting data in IaaS (i.e. Information Architectures for IaaS, IaaS Encryption) • Investigate portability and interoperability in IaaS (i.e. Lock-In) • Appraise security in cloud environments with multi-tenancy at an Infrastructure level and testing in IaaS • Assess the challenges associated with protecting applications in IaaS • Explore how applications can be monitored in IaaS

• Assess the challenges associated with protecting data in PaaS (i.e. Information Architectures for PaaS, PaaS Encryption) • Investigate portability and Interoperability in PaaS (i.e. Lock-in) • Appraise security in cloud environments with multi-tenancy at a platform level and testing in PaaS • Assess the challenges associated with protecting applications in PaaS • Explore how applications can be monitored in PaaS

• Assess the challenges associated with protecting data in SaaS (i.e. Information Architectures for PaaS, PaaS Encryption) • Investigate portability and Interoperability in SaaS • Appraise security in cloud environments with multi-tenancy at a software level and testing in SaaS • Assess the challenges associated with protecting applications in SaaS • Explore how applications can be monitored in SaaS • Investigate and assess the impact of client-side vulnerabilities and mobile devices on cloud application security (XSS and CSRF) • Secure coding principles

• Assess identity federation and claims-based security services with respect to cloud based systems (e.g., SAML, OpenID and OAuth) • Evaluation of IAM provider types (e.g., Silo-based Identity Providers, Replicated Identity Providers) • Investigate risk-based authentication strategies for cloud applications (e.g., authentication based on geo-location, device identifier etc.)

• Assess the challenges associated with establishing security perimeters within cloud computing environments (e.g. the impact of mobile devices on extending the attack surface of cloud based systems) • Investigate and assess a range of attack vectors that may be encountered on cloud based environments (e.g. Cryptanalysis, Impersonation, Social Engineering, DNS Mis-directions, DDoS, Brute Force) • Assess the challenges associated with monitoring and logging within cloud computing systems • Determine how to identify security breaches, detect intrusions (e.g. honey pots) and recommend responses to such incidents (e.g. containment)

• Analyse and assess data dispersion in cloud environments • Compare and contrast the Data Security Lifecycle and Information Lifecycle Management • Analyse and assess information security governance processes • Assess the challenges associated with protecting data in a cloud (i.e. Detecting and Preventing Data Migrations to the Cloud, Protecting Data Moving To and within the Cloud, Content Discovery, Data Loss Prevention, Database and File Activity Monitoring, Privacy Preserving Storage, Digital Rights Management)

• Evaluate and assess means of cryptographic protection of data in storage, data in transmission and data in an application environment • Appraise data security in multi-tenancy environments • Compare and contrast symmetric and asymmetric cryptosystems and analyse how these cryptosystems can be implemented to provide data security in the cloud • Evaluate and recommend strategies for implementing key management infrastructure solutions. • Investigate network encryption techniques

• Assess Cloud Service Provider capabilities and responsibilities with respect to business continuity and disaster recovery • Investigation of the opportunities afforded by cloud storage for backup and disaster recovery • Devise strategies for testing disaster recovery and business continuity processes and activities within cloud based environments

• Cloud Governance, Risk and Compliance • Analyse and assess information security governance processes • Evaluate pertinent control frameworks and standards (e.g., ISO/IEC 27001-2) • Investigate and analyse Risk Assessment and Threat Models • Assess Information Assurance Frameworks in relation to meeting requirements for implementing secure cloud based computing environments • Analyse and recommend enterprise risk management approaches and techniques • Investigate the impact and importance of Service Level Agreements (SLAs) with respect to implementing cloud solutions

Legal and regulatory requirements and challenges unique to cloud environment • Cloud Outsourcing • Analyse the legal and compliance challenges of migration, outsourcing management and exit strategies

• Cloud Crime • Cloud Forensics dimensions and technical challenges • Cloud forensics tools and process • Analyse cloud forensics challenges and opportunities