Propose a topic for your final project. Use one of the topics from the list in this folder. Write  500 words or more explaining why this topic is important for your peers to understand. Be focused and

1. With different types of cloud service delivery, what are the different licensing requirements that an owner must be aware of when moving to the cloud.

2. Discuss Shared technology vulnerabilities in the cloud,

3. How does a customer know what software versions cloud providers are using? Without that knowledge how can they do a proper risk assessment?

4. What policies should be in place for users to help reduce cloud based threats.

5. How can a consumer evaluate the physical security of their cloud provider? What standards should apply. What external and internal barriers should be in place? What access controls? What sort of surveillance should be provided, power redundancy, and fire suppression? Is a service contract sufficient? Should physical inspection be available? What about physical location? Are their volcanoes, tornadoes, earthquakes or other natural disasters common? Is the site near political unrest? Access to water? Outside temperature? Is there a physical buffer? Should the walls be made of ballistic material to withstand explosions? Staffing

6. Discuss the four tiers of Uptime Institutes functional recommendations for physical security for data centers.

7. What is a hypervisor? Differentiate between type I and type II. What are the security vulnerabilities of each?

8. Which is better for security server virtualization or application isolation? Why?

9. What are desktop virtualization, storage virtualization, memory virtualization, network virtualization? What are the security issues and benefits for each

10. Global boundaries and the cloud - separating politics from security

11. The relationship of net neutrality and cloud security

12. Ensuring Proper Access Control in the Cloud?

13. Cloud security risks from misconfiguration

14. Cloud service interruptions from DDOS

15. Preventive controls for Internal (non-routable) security threats

16. Detective Controls for routable and non-routable addresses

17. How security zones, groups or domains have replaced traditional zones and tiers

18. On being a cloud broker -tasks and challenges

19. Trust boundaries and division of responsibilities

20. Elasticity effect on threat surface

21. How to insure that your cloud provider has appropriate detective and preventive controls in place

22. How to secure virtualization layer

23. Threats to the hypervisor

24. What hardening means

25. Top ten recommendations for securing virtual servers

26. Vulnerabilities resulting from web programming frameworks

27. Preventing attacks on web applications

28. The relationship between DOS attacks and your cloud invoice

29. Good browser hygiene and cloud security

30. Compartmentalization and isolation in virtual multi-tenant environments

31. Security standards in PaaS API design

32. FIPS

33. Data Protection techniques under the The Data Accountability and Trust Act

34. Comparing block symmetric algorthms with streaming symmetric algorthms

35. Message authentication codes and hash functions.

36. Externalizing authentication: Trust Boundaries and IAM

37. Sustaining IAM with rapid turnover and job changes

38. IAM Compliance Management

39. Identity Federation Management

40. OAUTH

41. ITIL

42. ISO 27001/27002

43. Vulnerability and Risk assessment

44. Incident response

45. What can we learn from CCID (Cloud Computing Incidents Database

46. Cloud Health monitoring (internal and 3rd party)

47. Reading a Cloud Security Provider agreement

48. Discussing the data life cycle in the context of cloud computing

49. Facebook’s new privacy initiative

50. Cloud Security and the Federal Rules of Civil Procedure