Treacherous 12 Overview
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> There's no better place to
00:00
start than with the treacherous 12.
00:00
In this lesson, we're going to talk about
00:00
the origins of the treacherous 12.
00:00
Talking about the threats that are contained
00:00
within the treacherous
00:00
12 and the importance of the treacherous 12.
00:00
A little backstory.
00:00
The Cloud Security Alliance,
00:00
an organization that exists to
00:00
create more effective Cloud security standards,
00:00
and also the organizations that partner
00:00
with ISC Squared to create
00:00
the CCSP came out with
00:00
this list of 12 major Cloud security threats.
00:00
They did this by doing a survey of
00:00
industry professionals about what threats
00:00
they are most concerned about.
00:00
This survey started in 2013,
00:00
has been done in 2016,
00:00
and then most recently in 2019.
00:00
With each iteration, the threats have somewhat shifted.
00:00
The original 2013 survey
00:00
only included nine threats, the notorious nine,
00:00
and in 2016, the treacherous 12,
00:00
and in 2019, we're up to the egregious 11.
00:00
Now, why are we focusing on the treacherous 12?
00:00
Well, the CCSP has not been updated yet to reflect
00:00
the shift in the Cloud Security Alliance threats
00:00
to the egregious 11.
00:00
We're going to go through the treacherous 12.
00:00
The treacherous 12 are very focused on
00:00
specific component aspects of
00:00
the risks where the egregious
00:00
11 have moved to
00:00
a more conceptual understanding
00:00
of threats such as inability to
00:00
manage the architecture and strategy of the Cloud on
00:00
a inability to maintain the control plane.
00:00
They're more conceptual,
00:00
but the treacherous 12 are really
00:00
great from a learning perspective for the CCSP
00:00
because you will see
00:00
very specific risks and
00:00
be able to understand their impacts.
00:00
The current treacherous 12 are data breach,
00:00
consequential data loss, account or
00:00
service traffic hijacking, insecurity interfaces,
00:00
APIs, denial-of-service, malicious insiders,
00:00
shared technology vulnerabilities,
00:00
insufficient due diligence,
00:00
insufficient identity, credential
00:00
and access management, system vulnerabilities,
00:00
advanced persistent threats and
00:00
abuse in nefarious use of Cloud services.
00:00
We're going to go through each of these
00:00
and talk about its impact through
00:00
the Cloud environment as well as
00:00
>> the business and many of
00:00
>> the common controls that can be
00:00
implemented to address these threats.
00:00
We're going to talk about how defense in depth is
00:00
really necessary to prevent them and
00:00
how they interrelate to each other. Quiz question.
00:00
Which of the treacherous 12 is most easily addressed?
00:00
Is it advanced persistent threats, 2,
00:00
insufficient due diligence,
00:00
or 3, denial of service?
00:00
Now at this point, we haven't really gone into detail,
00:00
into any of these particular threats.
00:00
But from what we covered so far in the course,
00:00
I want you to use your knowledge
00:00
>> to think about which of
00:00
>> these is actually the most easily addressed.
00:00
If you said insufficient due diligence, you're correct.
00:00
These other threats, advanced
00:00
persistent threats, and denial of service.
00:00
They are typically threat actor
00:00
is perpetrating these against your organization.
00:00
Insufficient due diligence is
00:00
really a self-inflicted injury.
00:00
However, it's one that there's a lot of
00:00
psychological bias with an
00:00
>> organization to move quickly,
00:00
>> to buy a new solution,
00:00
or implement something to meet
00:00
a business objective before
00:00
really vetting its security
00:00
and appropriate configuration.
00:00
That's why it's important to figure out
00:00
slow down, create sufficient processes,
00:00
and make sure your organization is really doing
00:00
a rigorous process of understanding.
00:00
Are there security obligations
00:00
when adapting and using things in the Cloud?
00:00
In summary, we talked about the origins
00:00
of the Cloud security lines is treacherous 12.
00:00
We're talking about the importance of them,
00:00
that they really will give you
00:00
a robust understanding of some of
00:00
the major security risks that
00:00
>> affect Cloud environments,
00:00
>> and we're going to talk through their implications and
00:00
some of the controls about how to defend against them.
00:00
I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
