1. Discuss Shared technology vulnerabilities in the cloud,

2. How does a customer know what software versions cloud providers are using? Without that knowledge how can they do a proper risk assessment?

3. What policies should be in place for users to help reduce cloud based threats.

4. How can a consumer evaluate the physical security of their cloud provider? What standards should apply. What external and internal barriers should be in place? What access controls? What sort of surveillance should be provided, power redundancy, and fire suppression? Is a service contract sufficient? Should physical inspection be available? What about physical location? Are their volcanoes, tornadoes, earthquakes or other natural disasters common? Is the site near political unrest? Access to water? Outside temperature? Is there a physical buffer? Should the walls be made of ballistic material to withstand explosions? Staffing

5. Discuss the four tiers of Uptime Institutes functional recommendations for physical security for data centers.

6. What is a hypervisor? Differentiate between type I and type II. What are the security vulnerabilities of each?

7. Which is better for security server virtualization or application isolation? Why?

8. What are desktop virtualization, storage virtualization, memory virtualization, network virtualization? What are the security issues and benefits for each

9. Global boundaries and the cloud – separating politics from security

10. The relationship of net neutrality and cloud security

11. Ensuring Proper Access Control in the Cloud?

12. Cloud security risks from misconfiguration

13. Cloud service interruptions from DDOS

14. Preventive controls for Internal (non-routable) security threats

15. Detective Controls for routable and non-routable addresses

16. How security zones, groups or domains have replaced traditional zones and tiers

17. On being a cloud broker -tasks and challenges

18. Trust boundaries and division of responsibilities

19. Elasticity effect on threat surface

20. How to insure that your cloud provider has appropriate detective and preventive controls in place

21. How to secure virtualization layer

22. Threats to the hypervisor

23. What hardening means

24. Top ten recommendations for securing virtual servers

25. Vulnerabilities resulting from web programming frameworks

26. Preventing attacks on web applications

27. The relationship between DOS attacks and your cloud invoice

28. Good browser hygiene and cloud security

29. Compartmentalization and isolation in virtual multi-tenant environments

30. Security standards in PaaS API design

31. FIPS

32. Data Protection techniques under the The Data Accountability and Trust Act

33. Comparing block symmetric algorthms with streaming symmetric algorthms

34. Message authentication codes and hash functions.

35. Externalizing authentication: Trust Boundaries and IAM

36. Sustaining IAM with rapid turnover and job changes

37. IAM Compliance Management

38. Identity Federation Management

39. OAUTH

40. ITIL

41. ISO 27001/27002

42. Vulnerability and Risk assessment

43. Incident response

44. What can we learn from CCID (Cloud Computing Incidents Database

45. Cloud Health monitoring (internal and 3rd party)

46. Reading a Cloud Security Provider agreement

47. Discussing the data life cycle in the context of cloud computing

48. Facebook’s new privacy initiative

49. Cloud Security and the Federal Rules of Civil Procedure