project proposal

 Propose a topic for your final project. Use one of the topics from the list in this folder. Write  400 words or more explaining why this topic is important for your peers to understand. Be focused and specific. Look into the general topic to find something new and interesting to write about.  
below are the topics – pick one..

With      different types of cloud service delivery, what are the different      licensing requirements that an owner must be aware of when moving to the      cloud.
Discuss      Shared technology vulnerabilities in the cloud, 
How does a      customer know what software versions cloud providers are using? Without      that knowledge how can they do a proper risk assessment? 
What      policies should be in place for users to help reduce cloud based threats.
How can a      consumer evaluate the physical security of their cloud provider? What      standards should apply. What external and internal barriers should be in      place? What access controls? What sort of surveillance should be provided,      power redundancy, and fire suppression? Is a service contract sufficient?      Should physical inspection be available? What about physical location? Are      their volcanoes, tornadoes, earthquakes or other natural disasters common?      Is the site near political unrest? Access to water? Outside temperature?      Is there a physical buffer? Should the walls be made of ballistic material      to withstand explosions? Staffing
Discuss the      four tiers of Uptime Institutes functional recommendations for physical      security for data centers. 
What is a      hypervisor? Differentiate between type I and type II. What are the      security vulnerabilities of each? 
Which is      better for security server virtualization or application isolation? Why?
What are      desktop virtualization, storage virtualization, memory virtualization,      network virtualization? What are the security issues and benefits for each
Global      boundaries and the cloud – separating politics from security
The      relationship of net neutrality and cloud security
Ensuring      Proper Access Control in the Cloud?
Cloud      security risks from misconfiguration
Cloud service      interruptions from DDOS
Preventive      controls for Internal (non-routable) security threats
Detective      Controls for routable and non-routable addresses
How security      zones, groups or domains have      replaced traditional zones and      tiers
On being a      cloud broker -tasks and challenges
Trust      boundaries and division of responsibilities
Elasticity      effect on threat surface
How to      insure that your cloud provider has appropriate detective and preventive      controls in place
How to      secure virtualization layer
Threats to the      hypervisor
What      hardening means
Top ten      recommendations for securing virtual servers
Vulnerabilities      resulting from web programming frameworks
Preventing      attacks on web applications
The      relationship between DOS attacks and your cloud invoice
Good browser      hygiene and cloud security
Compartmentalization      and isolation in virtual multi-tenant environments
Security      standards in PaaS API design
FIPS
Data      Protection techniques under the The Data Accountability and Trust Act
Comparing      block symmetric algorthms with streaming symmetric algorthms
Message      authentication codes and hash functions.
Externalizing      authentication: Trust Boundaries and IAM
Sustaining      IAM with rapid turnover and job changes
IAM      Compliance Management
Identity      Federation Management
OAUTH
ITIL
ISO      27001/27002
Vulnerability      and Risk assessment
Incident      response
What can we      learn from CCID (Cloud Computing Incidents Database
Cloud Health      monitoring (internal and 3rd party)
Reading a Cloud Security Provider      agreement
Discussing      the data life cycle in the context of cloud computing
Facebook’s new privacy initiative
Cloud Security and the Federal Rules of      Civil Procedure
With      different types of cloud service delivery, what are the different      licensing requirements that an owner must be aware of when moving to the      cloud.
Discuss      Shared technology vulnerabilities in the cloud, 
How does a      customer know what software versions cloud providers are using? Without      that knowledge how can they do a proper risk assessment? 
What      policies should be in place for users to help reduce cloud based threats.
How can a      consumer evaluate the physical security of their cloud provider? What      standards should apply. What external and internal barriers should be in      place? What access controls? What sort of surveillance should be provided,      power redundancy, and fire suppression? Is a service contract sufficient?      Should physical inspection be available? What about physical location? Are      their volcanoes, tornadoes, earthquakes or other natural disasters common?      Is the site near political unrest? Access to water? Outside temperature?      Is there a physical buffer? Should the walls be made of ballistic material      to withstand explosions? Staffing
Discuss the      four tiers of Uptime Institutes functional recommendations for physical      security for data centers. 
What is a      hypervisor? Differentiate between type I and type II. What are the      security vulnerabilities of each? 
Which is      better for security server virtualization or application isolation? Why?
What are      desktop virtualization, storage virtualization, memory virtualization,      network virtualization? What are the security issues and benefits for each
Global      boundaries and the cloud – separating politics from security
The      relationship of net neutrality and cloud security
Ensuring      Proper Access Control in the Cloud?
Cloud      security risks from misconfiguration
Cloud service      interruptions from DDOS
Preventive      controls for Internal (non-routable) security threats
Detective      Controls for routable and non-routable addresses
How security      zones, groups or domains have      replaced traditional zones and      tiers
On being a      cloud broker -tasks and challenges
Trust      boundaries and division of responsibilities
Elasticity      effect on threat surface
How to      insure that your cloud provider has appropriate detective and preventive      controls in place
How to      secure virtualization layer
Threats to the      hypervisor
What      hardening means
Top ten      recommendations for securing virtual servers
Vulnerabilities      resulting from web programming frameworks
Preventing      attacks on web applications
The      relationship between DOS attacks and your cloud invoice
Good browser      hygiene and cloud security
Compartmentalization      and isolation in virtual multi-tenant environments
Security      standards in PaaS API design
FIPS
Data      Protection techniques under the The Data Accountability and Trust Act
Comparing      block symmetric algorthms with streaming symmetric algorthms
Message      authentication codes and hash functions.
Externalizing      authentication: Trust Boundaries and IAM
Sustaining      IAM with rapid turnover and job changes
IAM      Compliance Management
Identity      Federation Management
OAUTH
ITIL
ISO      27001/27002
Vulnerability      and Risk assessment
Incident      response
What can we      learn from CCID (Cloud Computing Incidents Database
Cloud Health      monitoring (internal and 3rd party)
Reading a Cloud Security Provider      agreement
Discussing      the data life cycle in the context of cloud computing
Facebook’s new privacy initiative
Cloud Security and the Federal Rules of      Civil Procedure  
With      different types of cloud service delivery, what are the different      licensing requirements that an owner must be aware of when moving to the      cloud.
Discuss      Shared technology vulnerabilities in the cloud, 
How does a      customer know what software versions cloud providers are using? Without      that knowledge how can they do a proper risk assessment? 
What      policies should be in place for users to help reduce cloud based threats.
How can a      consumer evaluate the physical security of their cloud provider? What      standards should apply. What external and internal barriers should be in      place? What access controls? What sort of surveillance should be provided,      power redundancy, and fire suppression? Is a service contract sufficient?      Should physical inspection be available? What about physical location? Are      their volcanoes, tornadoes, earthquakes or other natural disasters common?      Is the site near political unrest? Access to water? Outside temperature?      Is there a physical buffer? Should the walls be made of ballistic material      to withstand explosions? Staffing
Discuss the      four tiers of Uptime Institutes functional recommendations for physical      security for data centers. 
What is a      hypervisor? Differentiate between type I and type II. What are the      security vulnerabilities of each? 
Which is      better for security server virtualization or application isolation? Why?
What are      desktop virtualization, storage virtualization, memory virtualization,      network virtualization? What are the security issues and benefits for each
Global      boundaries and the cloud – separating politics from security
The      relationship of net neutrality and cloud security
Ensuring      Proper Access Control in the Cloud?
Cloud      security risks from misconfiguration
Cloud service      interruptions from DDOS
Preventive      controls for Internal (non-routable) security threats
Detective      Controls for routable and non-routable addresses
How security      zones, groups or domains have      replaced traditional zones and      tiers
On being a      cloud broker -tasks and challenges
Trust      boundaries and division of responsibilities
Elasticity      effect on threat surface
How to      insure that your cloud provider has appropriate detective and preventive      controls in place
How to      secure virtualization layer
Threats to the      hypervisor
What      hardening means
Top ten      recommendations for securing virtual servers
Vulnerabilities      resulting from web programming frameworks
Preventing      attacks on web applications
The      relationship between DOS attacks and your cloud invoice
Good browser      hygiene and cloud security
Compartmentalization      and isolation in virtual multi-tenant environments
Security      standards in PaaS API design
FIPS
Data      Protection techniques under the The Data Accountability and Trust Act
Comparing      block symmetric algorthms with streaming symmetric algorthms
Message      authentication codes and hash functions.
Externalizing      authentication: Trust Boundaries and IAM
Sustaining      IAM with rapid turnover and job changes
IAM      Compliance Management
Identity      Federation Management
OAUTH
ITIL
ISO      27001/27002
Vulnerability      and Risk assessment
Incident      response
What can we      learn from CCID (Cloud Computing Incidents Database
Cloud Health      monitoring (internal and 3rd party)
Reading a Cloud Security Provider      agreement
Discussing      the data life cycle in the context of cloud computing
Facebook’s new privacy initiative
Cloud Security and the Federal Rules of      Civil Procedure