I posted a draft of our Cloud Security Frame at Shaping Software . This frame is especially important because we’re using it to help us map out the Cloud security space for our patterns & practices Cloud Security Guidance project. It’s helps us scope our project. The frame is basically a set of Hot Spots. We use the Hot Spots to find, organize, and share principles, patterns, and practices. We also use the Hot Spots to find pain points and opportunity or to organize key engineering decisions. Here is our current set of Hot Spots: Auditing and Logging Authentication Authorization Communication Configuration Management Cryptography Exception Management Sensitive Data Session Management Validation In this case, since it’s a security frame, we’re using the Hot Spots to organize threats, attacks, vulnerabilities and countermeasures. This helps make the information more actionable and relevant. We’re sharing this early and often so that you can give feedback and help us shape it as we go.
Go here to read the rest:
Cloud Security Frame